This comment will analyze the specific requirements and stages that EPs/EHs must comply with in order to receive its Medicare and Medicaid incentives, how EHR technologies are being implemented, how EHR technologies are affecting patients' privacy with regard to hacking a patient‟s PHI, and what EHR technology vendors and EPs/EHs should be doing to improve patient privacy and security to prevent hacking and other breaches.
Part I of this comment will address hacking of PHI. Part II will analyze the security measures that EHR vendors must currently incorporate into EHR technology and how the lack of required security measures impacts patients‟ privacy and security. Part III discusses the security measures EPs/EHs are implementing in order to successfully achieve the three meaningful use requirements and analyzes how patients‟ PHI is being put at risk and Part IV examines the consequences of EP/EHs‟ non-compliance with HIPAA Privacy and Security Rules. Finally, Part V will propose a solution, requiring EHR vendors to incorporate HIPAA compliant security measures into their technology, implementing HIPAA certification programs that EHR technology trainers must obtain prior to training EPs/EHs on EHR technology, and requiring continuing education for EPs/EHs specifically regarding the improvement of patients‟ security.
Samantha Singer, ‘The Greatest Wealth is Health’: Patient Protected Health Information in the Hands of Hackers, 31 J. Marshall J. Info. Tech. & Privacy L. 657 (2015)