After more than a year at work, the Health Care Industry Cybersecurity Task Force in June issued its report on what providers must do to better safeguard patient data.
The report from the task force, established by Congress in its Cybersecurity Act of 2015, said “many respondents widely reported that their electronic health records (EHRs) placed little attention on cybersecurity. Providers also report that many device manufacturers treat security as either an afterthought or that the attention is woefully inadequate.”
Rather than accepting that scenario, physicians should see the report as a call to action, said Robert M. Tennant, MA, director of health information technology policy for the Medical Group Management Association.
Physicians should evaluate the safeguards they use to protect their EHRs against hackers, Tennant says. They should also revisit the plans they have in place to protect their data against the more mundane, but very real, threats that can disrupt their practices.
“You have to think more generally about how you, as a physician, are protecting your most important business asset: your practice data,” Tennant says. “This is a growing problem, and practices have to be vigilant and do whatever they have to do to mitigate threats and preserve business continuity.”
He noted that professional organizations and federal agencies offer detailed information for free, thereby sparing physicians for paying the often high-priced consulting fees associated with cybersecurity work.
“Most primary care physicians are in smaller offices, and they don’t have a lot of money to spend on sophisticated cybersecurity technologies. But there’s still a lot they can do and much of it is very simple,”