Permitting remote access to the EHR increases the risks of data theft and data tampering in two ways:
1. EXPOSURE TO APPLICATION VULNERABILITIES:
Hackers will exploit vulnerabilities in network perimeter protection (e.g. firewalls), operating systems, and applications. When the application is made available online to remote users, vulnerabilities in the application become especially relevant. Hackers can access the application with automated tools to exploit flaws in the design, logic and coding of the application. When the application is only available to local network users, such attacks are significantly less difficult.
This risk can be substantially reduced by allowing remote access only through a Virtual Private Network (or VPN). After using the VPN to connect to the local network, the remote user accesses the application as if connecting to a segment of the local (physical) network. The approach does not increase the application's 'footprint' on the Internet. With a properly configured firewall, the hacker does not have the ability to send any data or command to the application. The exposure of EHR data to exploits against application vulnerabilities is not significantly increased by the remote access.
For some access environments, especially in rural areas, a VPN may have unacceptable performance. In this case the viable alternative is to access the application using an Internet connection. Any application supporting Internet connectivity must be protected from design flaws and code faults that would expose it to intentional attacks. The security of application software design is the vendor's responsibility. Nonetheless there are certain actions that a customer can perform to reduce this risk:
2. EXPOSURE TO VULNERABILITIES AT THE REMOTE ACCESS LOCATION
Remote access exposes the EHR system and its data to risks associated with a compromised workstation. Home machines are often compromised. Because they are used by multiple family members for both personal and business purposes, they are easily infected by 'malware' that provides opportunity for hackers to gain control of the computer. Easily installed 'keyloggers' allow the hacker to intercept user credentials and data. Other types of software (e.g., Trojan horse) may give the hacker complete control of the home machine and allow the hacker access to all aspects of the remote EHR session. The hacker can masquerade as a legitimate user and have all the same user privileges. These risks are significant because personal computers used for remote access are not subject to organizational control. There is no oversight for the computer's configuration, usage, virus protection, or other basic security measures. Such computers should be treated as untrusted machines.
3. REMOTE ACCESS FROM THE HOSPITAL
When an authorized user employs a laptop to plug into another organization's network to remotely access the EHR, different risks are present. Unless there is an ongoing relationship between the two network owners, it is virtually impossible to know how the other network is managed. Consequently, it is best to restrict remote access from unknown networks. If remote access form a hospital or other patient care setting occurs routinely, it is recommended that the two organizations work together to establish secure access methods. One typical method is to employ VPN to secure the channel and install the EHR client software on authorized hospital workstations.
What must we do to protect against the risks of providers accessing the EHR remotely?
Recommendations for reducing remote access risk, in priority order:
Restrict remote access to computers that are owned or at least configured by the practice. This will ensure that the workstation is appropriately configured and security software is installed. Do not provide administrator privileges on remote access computers and enforce such restrictions in the VPN and remote access policies.
Implement a remote access solution that requires the VPN session to operate in a 'sandbox'. The sandbox is a 'virtual' environment that isolates the session from other software running on the remote machine.
Configure the VPN or other remote access software to prevent 'split tunneling.' Require concurrent network sessions must occur through an Internet gateway. This extends firewall and network controls to the remote session.
Educate users about safe computing practices applicable to remote access computers. Help the users configure their machines to: routinely scan with anti-virus and spyware software; regularly download and install operating system patches; avoid the use of software downloaded form untrusted sources; properly configure and implement a host (or personal) firewall on the workstation; configure the system to use strong passwords. Products such as Microsoft's Baseline Security Analyzer can be used for these purposes.
E-mail the HealthIT e-mail box: firstname.lastname@example.org