Hospitals aren’t the only facilities at risk. Private practices, which typically do not have onsite IT personnel, are vulnerable to ransomware and other attacks by hackers.
Efforts are underway by companies who create EHRs to design and implement health IT systems that produce more targeted and relevant alerts to decrease alert fatigue, while still providing beneficial warnings.
All healthcare related entities should periodically complete a system-wide risk analysis, implement a risk management plan and strengthen internal policies and procedures to mitigate, if not eliminate, the possibility of such an event from occurring. As highlighted by this case, such risk analysis must take into account computers and devices used by employees both in and out of the office or facility.
MLMIC recognizes the “copy and paste” function of EHRs offers convenience and efficiency, but it also poses unique liability risks.