Protection of electronic health records (EHR): Key trends revealed

2 March 2020 (Last Updated July 2nd, 2020 14:44)

The advancement of health information technology has allowed for the implementation of electronic health records (EHR) in hospitals. While this has the potential to standardise patient data collection, the secure transfer and storage of such sensitive information remains a concern. Despite these challenges, GlobalData forecasts rapid market growth within this industry.

Protection of electronic health records (EHR): Key trends revealed

The advancement of health information technology has allowed for the implementation of electronic health records (EHR) in hospitals. While this has the potential to standardise patient data collection, the secure transfer and storage of such sensitive information remains a concern. Despite these challenges, GlobalData forecasts rapid market growth within this industry.

Listed below are the top trends impacting the EHR industry, as identified by GlobalData.

Blockchain

Data security is considered the largest barrier for future growth of the global EHR market. Institutions and patients are reluctant because of data security issues. With growing interest in blockchain, medical centers are considering the use of this technology as a way to better secure patient-related data.

Cloud

Large institutions are building private and hybrid clouds, while small-to-medium centres are spending on public cloud services. Both activities could lead to a higher risk of cyber-attack, and could also increase the demand for cloud security and web application security services. The leading cybersecurity companies that specialise in this field are Akamai, Barracuda Networks, Citrix Systems, F5 Networks, , and WhiteHat Security.

Prevention, detection, and response

There has been a shift from a prevention-based approach to cyber-attacks toward active detection and timely responses. The prevention approach is futile unless it is combined with detection and rapid response approaches. Many security executives are investing in technologies such as deception, endpoint detection and response, software-defined segmentation, and behaviour analytics.

Security-as-a-service

Cybersecurity is also shifting from the purchase of one-off software products to security-as-a-service. This is because security products are designed for a specific purpose, while the threat environment is constantly changing. Security-as-a-service replaces the cost of purchasing on-premises equipment with a monthly subscription. It also enables corporations to ensure their IT security is constantly up-to-date without having to manually replace equipment or download the latest security patches. Many security-managed service providers offer security services on the cloud, including Barracuda Networks, Fortinet, and CliQr.

Concerns about data security

Concern about data security is currently the largest barrier to healthcare organisations adopting EHRs. It is estimated that medical institutions have become one of the top targets for cyber criminals. While advances in technology are being initiated, healthcare institutions do not always understand which technology to use.

Concerns about data privacy

Concern about data privacy is the main factor deterring patients from using EHRs. While the fear of cyber-attacks is apparent, patients are concerned that EHR providers will misuse their medical data. Providers have been found to misuse patient data for profit. Recently, there have been lawsuits against a few of these companies. Furthermore, there is a lack of US legislation to limit the collection of patient data that is not necessarily relevant for medical diagnosis.

CISO

Many institutions have recently appointed their first CISO. A CISO’s role is to protect assets from cyber-attacks. The average stay of a CISO is under 1.5 years.

Multi-factor authentication

Multi-factor authentication is widely valued in healthcare settings. Passwords are the most common authentication tools in healthcare, yet they are easy to hack. While multi-factor authentication is not new, its adoption in healthcare is increasing slowly. Securing patient databases and EHRs is crucial for healthcare. By working with security vendors, healthcare organisations can facilitate the implementation of two-factor authentication at low costs.

US regulations

The Health Insurance Portability and Accountability Act (HIPAA) provides guidelines to ensure compliance related to the security and proper management of confidential information. Professionals in the healthcare and cyber security industries must constantly be up-to-date with technological updates and threats that could compromise patient information. Additionally, companies that manufacture medical devices that store or transmit patient information must be HIPAA compliant.

European regulations

In the EU, the General Data Protection Regulation (GDPR) has been put in place to protect personal data across many industries and sectors. It remains one of the most comprehensive sets of regulations. Some of the processes that fall under the GDPR include the creation and destruction of patient information.

Lack of government-regulated EHR Systems

In various countries, there is a lack of government-regulated EHR systems. One example of this is Germany. While this might create a void in EHR oversight and management, it presents a lucrative opportunity for private EHR providers to bring their systems to market and generate substantial revenue.

Data exchange

Recently, the European commission has adopted an exchange format for EHRs that will allow patients to access and exchange their medical records from within any country that is part of the EU. The 22 EU member states will be able to exchange electronic medical records by 2021. Companies that provide EHR services will need to ensure that their systems are compatible with each other throughout the EU.

This is an edited extract from the Protection of Electronic Health Records – Thematic Research report produced by GlobalData Thematic Research.