The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality
Improvement

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

What are the risks when our clinicians access our EHR systems from their homes or hospital?

Permitting remote access to the EHR increases the risks of data theft and data tampering in two ways:

1. EXPOSURE TO APPLICATION VULNERABILITIES:
Hackers will exploit vulnerabilities in network perimeter protection (e.g. firewalls), operating systems, and applications. When the application is made available online to remote users, vulnerabilities in the application become especially relevant. Hackers can access the application with automated tools to exploit flaws in the design, logic and coding of the application. When the application is only available to local network users, such attacks are significantly less difficult.

This risk can be substantially reduced by allowing remote access only through a Virtual Private Network (or VPN). After using the VPN to connect to the local network, the remote user accesses the application as if connecting to a segment of the local (physical) network. The approach does not increase the application's 'footprint' on the Internet. With a properly configured firewall, the hacker does not have the ability to send any data or command to the application. The exposure of EHR data to exploits against application vulnerabilities is not significantly increased by the remote access.

For some access environments, especially in rural areas, a VPN may have unacceptable performance. In this case the viable alternative is to access the application using an Internet connection. Any application supporting Internet connectivity must be protected from design flaws and code faults that would expose it to intentional attacks. The security of application software design is the vendor's responsibility. Nonetheless there are certain actions that a customer can perform to reduce this risk:

  • Verify the EHR application was designed to support secure Internet access. The capability to access does not by itself provide security assurance.
  • Verify the vendor regression tests the EHR system against patches of the underlying operation system, web servers, and application server platforms.
  • Verify the vendor has a support person assigned to oversee security of the EHR system, and that you know how to contact this person.
  • Verify the vendor has a procedure for responding to security incidents involving the EHR system.
  • Verify the vendor will research software flaws that may have contributed to the incidents, and will develop a patch to fix the flaw in a timely fashion.

2.   EXPOSURE TO VULNERABILITIES AT THE REMOTE ACCESS LOCATION
Remote access exposes the EHR system and its data to risks associated with a compromised workstation. Home machines are often compromised. Because they are used by multiple family members for both personal and business purposes, they are easily infected by 'malware' that provides opportunity for hackers to gain control of the computer. Easily installed 'keyloggers' allow the hacker to intercept user credentials and data. Other types of software (e.g., Trojan horse) may give the hacker complete control of the home machine and allow the hacker access to all aspects of the remote EHR session. The hacker can masquerade as a legitimate user and have all the same user privileges. These risks are significant because personal computers used for remote access are not subject to organizational control. There is no oversight for the computer's configuration, usage, virus protection, or other basic security measures.  Such computers should be treated as untrusted machines.

3.  REMOTE ACCESS FROM THE HOSPITAL
When an authorized user employs a laptop to plug into another organization's network to remotely access the EHR, different risks are present. Unless there is an ongoing relationship between the two network owners, it is virtually impossible to know how the other network is managed. Consequently, it is best to restrict remote access from unknown networks. If remote access form a hospital or other patient care setting occurs routinely, it is recommended that the two organizations work together to establish secure access methods. One typical method is to employ VPN to secure the channel and install the EHR client software on authorized hospital workstations.

What must we do to protect against the risks of providers accessing the EHR remotely?
Recommendations for reducing remote access risk, in priority order:
Restrict remote access to computers that are owned or at least configured by the practice. This will ensure that the workstation is appropriately configured and security software is installed. Do not provide administrator privileges on remote access computers and enforce such restrictions in the VPN and remote access policies.
 
Implement a remote access solution that requires the VPN session to operate in a 'sandbox'. The sandbox is a 'virtual' environment that isolates the session from other software running on the remote machine.

Configure the VPN or other remote access software to prevent 'split tunneling.' Require concurrent network sessions must occur through an Internet gateway. This extends firewall and network controls to the remote session.

Educate users about safe computing practices applicable to remote access computers. Help the users configure their machines to: routinely scan with anti-virus and spyware software; regularly download and install operating system patches; avoid the use of software downloaded form untrusted sources; properly configure and implement a host (or personal) firewall on the workstation; configure the system to use strong passwords. Products such as Microsoft's Baseline Security Analyzer can be used for these purposes.
 
Resources:

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
About
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed

Register for the HealthIT and Quality Improvement eNewsletter

Comments?
E-mail the HealthIT e-mail box: healthit@hrsa.gov