Ensuring that an EHR software application is secure is a crucial step before you start sending it any confidential information.
There are a few different types of security that you’ll want to be aware of with any software application.
The categories we’ll be covering are
This is not an exhaustive list of security measures that should be followed, but it should give you a good place to start.
We’ll talk about these in 3 blogs, starting with Physical Security.
Whenever you save data in a software application, that data is stored on a physical device until you need to access it again.
In the past it was common for this physical device to be the machine at your desk; however, with the advent of multi-user software applications it is almost certain that your data is being saved to a remote server.
It could be that this server is in a closet in your office or it could be that the server is in a datacenter halfway across the globe.
Either way some basic questions need to be asked.
- Where is the server?
- Who has physical access to the server?
- If the server is behind a locked door, who has a key and is it possible that unauthorized copies of this key have been made?
- What policies are in place to prevent unauthorized access to the server?
- Are there surveillance cameras in place?
- Is a background check required before access to the server is granted?
Physical security is also a concern at any machine where employees access the data.
When an employee goes on break or gets pulled away from their computer and forgets to sign out of the application what is in place to ensure that wandering eyes don’t find themselves onto a vacant computer screen?
Things such as computer monitor privacy filters or an auto-logoff can help to minimize the physical risk at the end-user’s workstation.