The Security Scrutinizer with Howard Anderson

EHR Incentives: A Waiting Game

Clinic Waits for Vendor to Deliver Before Firming Up Security Plans
EHR Incentives: A Waiting Game

Take the case of Summit Medical Associates in suburban Nashville. The internal medicine practice, which has eight physicians and seven nurse practitioners, has had an EHR system in place for three years now, and it's anxious to apply for HITECH incentives, says Tammy Sawyer, information systems manager (See: EHR Incentives Spur Security Steps).

So what's the problem? The clinic's EHR vendor has yet to deliver its upgraded system that meets the HITECH EHR software certification standards, which require, among other things, a long list of security functions.

We don't know what we're going to have to do. 

So Sawyer, who's a one-person IT department and relies on an outsourcer for help with risk assessments and other tasks, is playing hurry-up-and-wait. She's waiting to test-drive the next-generation EHR's security functions before making a to-do list for security strategies and technology investments. "We don't know what we're going to have to do," she says.


Summit Medical's experience is an example of the pains that are coming with launching the multi-billion dollar federal EHR incentive program in a hurry.

Hopefully EHR vendors will be able to meet demand for software certified for the incentive program so that clinics of all sizes -- and hospitals as well -- can apply for and receive their incentives and then make sure automated records are secure.

Meanwhile, Summit is using the encryption functions in its current EHR system and relying heavily on thin clients to minimize costs as well as security risks, Sawyer says.

But until the next-generation EHR arrives, the information services manager can't complete her security plans. It makes me wonder how many clinics are in the same boat.

Is your EHR vendor ready to deliver a system that's certified for the HITECH incentive program? We'd like to hear from you.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.