By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Liveblogging from HIMSS 13: Managing Privacy and Security Challenges of Patient EHR Portals
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > Liveblogging from HIMSS 13: Managing Privacy and Security Challenges of Patient EHR Portals
Medical Records

Liveblogging from HIMSS 13: Managing Privacy and Security Challenges of Patient EHR Portals

onlinetech
onlinetech
Share
6 Min Read
HIMSS 13 Security Challenges of Patient EHR Portals
SHARE

Online Tech is exhibiting our HIPAA hosting solutions for the healthcare industry at HIMSS 13 in New Orleans this year! Tune into our Twitter and follow our blog for updates on the latest HIMSS 13 news.

Online Tech is exhibiting our HIPAA hosting solutions for the healthcare industry at HIMSS 13 in New Orleans this year! Tune into our Twitter and follow our blog for updates on the latest HIMSS 13 news.

If you’re at HIMSS 13, visit booth #1369 to say hi or schedule a free one-on-one consultationwith a panel of health IT experts.

Managing Privacy and Security Challenges of Patient EHR Portals

More Read

patient communities
Top Digital Health Innovations That Will Transform Healthcare
Understanding The Threat Posed By Healthcare Data Hackers
Specialty EMR Company Lands $14M to Take on New Markets
Prioritizing Patient Privacy in Online Healthcare Communications
Lessons from the Anthem Breach
HIMSS 13 Security Challenges of Patient EHR Portals
HIMSS 13 Security Challenges of Patient EHR Portals

Adam Greene, JD, MPH Davis Wright Termaine and Jackie Monson, JD, CHC Mayo Clinic discussed some of the real life privacy and security challenging facing patient EFR portals at HIMSS 13.

One aspect that challenges patient portals is handling permissions of patient representatives for minors or those who have a medical decision maker appointed.

Mayo clinic found that they had more patient requests for amendments to their patient records. It’s easy to request an amendment, but this has proven overwhelming to the security and privacy office so far. They have seen a 100% increase in patient requests for medical record amendments. This ranges from simple changes such as “Right” to “Left” for correcting an amputation record to asking for their entire medical record to be rewritten.

Many patients are reading notes from physicians for the first time, and correcting inaccuracies or objecting to aspects they disagree with.

Make sure to include the patient portal within the scope of the risk assessment to evaluate risks including:

  • interception during transmission,
  • unauthorized access,
  • internet-facing interface,
  • EHR portal software problems (has it been independently tested)

Authentication issues
Does there need to be in-person authentication? Will you require seeing a driver’s license for example? What do you do for patients who cannot easily come in person, but want remove access to their information.

How about strong passwords? Will they impact patient usability?

How are the servers protected? Are their physical safeguards protecting against theft? Is encryption being used? What happens of the patient contributes to a security failure with a weak password, sharing credentials, or loses their mobile device. What can you do to limit risk of any single point of faliure?

Jacki Monson, JD, CHC has been struggling with security issues at Mayo clinic. Now they have an outside vendor performing monthly testing and make sure that their audit logs are turned on so they can get to the bottom of troubleshooting issues. For example, their patient portal was changing a number

Mayo allows their patients to choose if they want in-person validation or not. Some patients want to make sure that their spouses can’t authenticate even if they know answers to personal information such as what was the first car they drove or where they lived 15 years ago.

Make sure that audit logging is in place to a level of detail that will be helpful to find out what went wrong when it goes wrong.

PHR vs. EHR

  • PHR = Personal Health Record is a patient controlled record
  • EHR portal is a window into a patient’s own electronic health record – it is not their patient-controlled PHR.

PHR and EHR can work together so that patient gets to see their information through the EHR portal, the EHR portal feeds into the PHR, and/or facilitating patients adding information through the PHR and deciding if they want it shared with the EHR.

Is PHR considered PHI (protected health information) belonging to the covered entity? Is it on the covered entity’s servers or their business associates? Just because the patient controls their PHI in the PHR, if the patient information is on the CE or BA servers, then it must be protected.

Will the portal include sensitive information subject to state law restrictions such as HIV/STD tests, dental health information, genetic test results, alcohol or substance abuse treatment information?

Mayo spans many states, and follows the most restrictive state law that applies to information in the portal. Currently, clinical information that triggers a strict state law are not being released on the portal, for example, information for an emancipated minor.

Mayo has had to meet mobility security challenges with their new mobile health applications for iPhones and iPads which helps Mayo Clinic meet MU requirements. These include authentication, encryption, password, privacy challenges such as appointment reminder popups and portal messages to patients.

What does the future hold? Stage 2 Meaningful Use pushes strongly for the use of patient portals. It also strongly promotes inclusion of patient amendments. When an HIE maintains the EHR record, will an HIE provide a patient portal view for patients?

The post Liveblogging from HIMSS 13: Managing Privacy and Security Challenges of Patient EHR Portals appeared first on Managed Data Center News.

TAGGED:EHRsHealth ITHIMSS13Privacy
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

dental care
Importance of Good Dental Care for Health and Confidence
Dental health Specialties
October 2, 2025
AI in Healthcare
AI in Healthcare: Technology is Transforming the Global Landscape
Global Healthcare Policy & Law Technology
October 1, 2025
Choosing the Right Swimwear for Health and Safety
News
September 30, 2025
sports concussions
Concussion In Sports: How Common They Are And What You Need To Know
Infographics
September 28, 2025

You Might also Like

Will Accountable Care be the Final Straw for US Economy and Healthcare system?

February 14, 2012

Tips from Real Users on How to Succeed with Electronic Medical Records

February 20, 2012
patient engagement
BusinesseHealthHospital AdministrationMobile HealthTechnology

An Open Discussion Around Patient Engagement

March 5, 2014
Healthcare marketing report
DiagnosticseHealthMedical DevicesMedical InnovationsMedical RecordsMobile HealthSocial Media

2014 Healthcare Marketing Report

May 2, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?