Back

Create a Stronger Password to Better Protect Your Medical Information

September 2nd, 2014 - By PrognoCIS Marketing

Many hospitals and physicians are not meeting general password strength criteria set forth by The Office of Inspector General of the Department of Health and Human Services.

Data Security

The Office of Inspector General of the Department of Health and Human Services (OIG HHS) recently found weaknesses in the current EHR certification criteria, leaving systems susceptible to hackers. Because hospitals and physicians rely on these criteria to ensure that their system is secure and patient data isn’t compromised, this is a significant issue.

Passwords serve as an authentication barrier. Though they may not prevent hackers from breaching the system, they can certainly keep them at bay temporarily. It’s critical that users select more difficult and complex passwords for their systems. Using common phrases, short words, or personal information for simplicity and memory’s sake won’t suffice. According to HealthIT.gov, passwords should include at least eight characters and consist of a combination of upper and lower case letters, numbers, and special characters.

ONC is responsible for determining which criteria must be evaluated for certification. Authorized Testing and Certified Bodies (ATCBs) are approved by the ONC to certify EHRs in the following seven areas of information technology:

  • Access control
  • Emergency access
  • Automatic logoff
  • Audit log
  • Integrity
  • Authentication
  • General encryption

The ONC has stated that the new 2014 criteria are stronger, but the OIG is still not satisfied. Statistics on the HHS website show that the medical records of 32 million Americans have been breached since 2009 and the majority is due to weak passwords and security problems. More and more hackings have been occurring on a large-scale recently. Medical records, in particular, are a target because of the amount of information a hacker can aggregate from them.

According to the National Center for Health Statistics (NCHS), 78.4% of office-based physicians were using an EHR system in 2013, which his an all-time high. This adoption rate can likely be attributed to the financial incentives offered by Medicare for those providers who attest to the stages of meaningful use with their certified EHR systems (and penalties for those who do not). The system is also helpful in understanding the ICD-10 classification codes, which could be complicated for providers to use on their own.

Overall, it seems that government guidance is critical to the protection of healthcare information technology. The OIG holds that the ONC needs to take great steps to improve its certification process, or the hacking trend may only continue.

Author: Apoorva Anupindi


Interested in seeing more?

PrognoCIS is an extremely adaptable and easily configurable EHR system.- Simple enough to make even the most complex tasks easy and efficient. We will be delighted to show you how it works, the available options, and how Prognocis can save time and frustration.

We offer extensive library of templates easily customized as per your requirements

We have designed a robust, secure, and efficient EHR for you and welcome the opportunity to have you as our valued customer.

Please fill your details with the best contact email and phone number.
We look forward to talking with you.

PrognoCIS Demo

We would like to invite you to take a demonstration of PrognoCIS EHR to fully appreciate the depth of content, features and simplicity of use.

Please choose your preferred method of contact.