How often do we see Health Insurance Portability and Accountability (HIPAA) violations issued because a regulated entity did not secure the electronic records at the hospital and small clinics? Large-scale security breaches and, sometimes, reports of illegal sales of electronic medical records by various third-party sources are in the news. In Massachusetts and New Hampshire, for example, an e-record vendor recently admitted to large-scale e-record breaches.

The FDA has provided some guidance on what is expected for e-records, but no real guidance on security. That may be one of the reasons that so many of the e-systems I have reviewed meet the minimal requirements but have security vulnerabilities.

 …