Understanding Security Risks When Exchanging Medical Records Using IHE

Abstract

In today’s digital world, it is common to exchange sensitive data between different parties. As technology continues to advance, electronic health records (EHRs) are just one of several types of information that is being exchanged across multiple channels. The exchange of this information is crucial to provide better patient care across different healthcare providers. However, given the sensitive nature of these documents, it is also important that the manner in which EHRs are exchanged is also secure. In this paper, we investigate the current standards that are being used to support the transfer of EHRs across different parties, as proposed by a standard-setting organization known as Integrating the Healthcare Enterprise (IHE). We give an overview of how each protocol functions, then show potential security risks that might be encountered by using the current standards. These security risks are: vendor dependence, insecure encryption configurations, and the inability to verify third-party exchanges of healthcare information.