Asking the right questions
You want to make absolutely sure that your EHR is set up to be as secure and confidential as possible. Make sure that you cover these areas:
Data and information security
• Internet technologies are consistent with the latest industry approaches for encryption and authentication
System support login capabilities
• Each user in the practice uses his or her own login account (no sharing of user accounts).
• Smart card, proximity card, or token device
• Other security controls and devices, including biometric options such as fingerprints or retinal scans
• Secure remote access methods (Citrix, dialup, Internet) and extent of functionality (complete, view only)
System functionality
• Can the system accommodate multiple users on a common workstation with easy login/logout capabilities?
• Can the system log off users automatically after a certain amount of inactivity on a device? How is this function managed?
System password capabilities
• Does the user have to change his or her password at set intervals?
• Can IT staff set intervals for password changes to an organization’s specifications?
• Are the passwords for the EHR strong passwords — combination of uppercase and lowercase letters, numbers, special characters?
Role-based access
• Can the system be configured to limit user access to patient records and functionality based on their role in the organization? For example, can access to patient financial, billing, and medical records information ...
Get Electronic Health Records For Dummies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
