The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix

Abstract

The healthcare industry has been shifting toward electronic health records to improve operations, reduce overhead expenditure, and provide better healthcare. Electronic health records (EHRs) are supposed to offer the same levels of confidentiality and privacy as paper records, which have been used for decades. However, this is not the case, as the technology used to access, transmit, and store records poses a high risk to patients and healthcare organizations. Employees are a big risk to EHRs, as they use their devices to access information about a patient and discuss such records with other employees. Healthcare professionals also access patients’ records illegally. Such security loopholes have a high impact on EHRs, as people with malicious intent can use the records to access their financial records or blackmail them. External access to EHRs by cyber attackers poses the highest risk to the records and patients, as attackers are primarily driven by financial gain. On the contrary, internal access to data, though unethical, does not pose a grave danger to patients, as the employees mainly discuss the cases within themselves without any financial incentive to access the data. The current research provides a risk analysis of EHRs, the source of security problems, the impact of the risks involved, and risk management best practices that healthcare organizations can use to protect patients’ data.