Report: Majority of EHR Vendors Score in “D” Range for Security

July 1, 2014
More than half of electronic health record (EHR) vendors—58 percent— scored in the "D" grade range for their culture of security, according to a report from Corl Technologies, an Atlanta-based security risk management solution provider.

More than half of electronic health record (EHR) vendors—58 percent— scored in the "D" grade range for their culture of security, according to a report from Corl Technologies, an Atlanta-based security risk management solution provider.

The report reveals that the majority of healthcare vendors lack minimum security, and also highlights that healthcare organizations are failing to hold vendors accountable for meeting minimum acceptable standards or otherwise mitigate vendor-related security weaknesses.

The Vendor Intelligence Report is based on the analysis of security related practices for a sample of more than 150 vendors providing services to leading healthcare organizations from June 2013 to June 2014. According to the report, 8 percent of vendors scored in the “F” grade range, meaning there is a lack of confidence based on demonstrated weaknesses with their culture of security. In fact, only 4 percent of vendors scored in the “A” high confidence grade range; 16 percent scored in the “B” moderate confidence grade range; and 14 percent scored in the “C” indeterminate confidence grade range. Additionally, just 32 percent of vendors have security certifications such as FedRAMP, HITRUST, ISO 27001 and SSAE-16, the report found.

These new findings are critical to addressing the growing number of security incidents at companies attributed to partners and vendors—which increased from 20 percent in 2010 to 28 percent in 2012, according to a PricewaterhouseCoopers (PWC) report in November 2013. And a 2014 PWC report found that business partners fly under the security radar: only “44 percent of organizations have a process for evaluating third parties before launch of business operations” and only “31 percent include security provisions in contracts with external vendors and suppliers.”

“The average hospital’s data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services,” Cliff Baker, CEO, Corl Technologies, said in a statement. “When healthcare and industry organizations don’t hold vendors accountable for minimum levels of security, these vendors establish an unlocked backdoor to sensitive healthcare data.”

Read the source article at Press Release Services

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self-Service for MEDITECH Hospitals

Today’s consumers expect access to digital self-service capabilities at multiple points during their journey to accessing care. While oftentimes organizations view digital transformatio...

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.