Electronic Health Record (EHR) vendors have provided patient portals as part of their offering for the
past decade. However, today healthcare IT is being disrupted by a new technology moving forward into the
marketplace. As Kit Sun, founder and CEO of NavisHealth Solutions, a healthcare information technology
company, explains, the outlook for patient portals is beginning to change.
“Consumers are driving the need for native mobile portal applications on their smart phones to be
utilized on demand no matter where they are located,” Sun explains.
But in the process of delivering those on-demand applications, he cautions that, “This technology needs
to be delivered with secured messaging between the patients and their clinical caregivers which empowers
patients and their families to take charge of their own health.”
And therein lies the challenge.
“Patients are not trained to read the data, so it’s highly unlikely they can accurately interpret what
the data means,” explains Tony Perez, a cyber security expert and the founder and CEO of NetLok, Inc.
Perez understands patients’ desire to have open access to their medical records, including their doctor’s
notes. He recognizes that medical portals are a convenient way for patients to access their records and
become active participants in their own health.
But he’s also well aware of the downside.
“I’m aware that people can take their information from the chart of their medical record and go to the
Internet to understand what the data says or means,” Perez says. “But the problem with that is what’s
written on the Internet is written in such a general way that it may not be specific enough to really
lead people in the right direction.”
Perez is also concerned that when consumers go online to do medical research they are often influenced to
purchase a product that promises to cure their condition. However, there may not be any conclusive
evidence that the product would solve the issue without creating any other problems or side effects.
“Consumers don’t know the consequences of one action versus another,” he says.
Regardless, or perhaps ignorant of the safety issues at hand, consumers in today’s instant gratification
age want information on demand. For physicians willing to provide that access, Perez says it’s critical
that they understand the requirements to meet HIPAA compliance.
“Unfortunately, if there’s a lawsuit against them, ignorance of the law will not help them,” he says.
“And the fines in this area are considerable.”
More than just fines, lawsuits can wipe out your practice. Perez says a dentist whose server was hacked
was sued by his patients for $400,000. The patients won, and the dentist’s reputation and practice were
Too often, Perez says, physicians don’t understand online security. It starts with the failure to
properly investigate the background of the programmer installing the medical records system.
“They purchase the support based on price, not on competence,” Perez says. “And when you buy things on
price and not the real need of competence you’re just opening yourself to all kinds of problems. So what
they have done is set themselves up for what we call ransom ware, and other opportunities for cyber
Perez says the main reason why medical records are becoming the fastest growing area of hacking is
because it results in a personal attack where cyber criminals can extort money from individuals,
“If a hacker gets your credit card and charges things, the banks are all over it,” Perez says. “They will
pay the damage, and you don’t feel it as a person. But if somebody has your medical record and knows
you’re vulnerable, that changes everything, because they can do a personal attack and go after you as a
Problems with Passwords
The first step in the protection process is being HIPAA compliant. The second, Perez suggests, has to do
with passwords, an element that new products from NetLok will eliminate.
“We’re going to be replacing passwords with photos and pictures,” he says. “The beauty of using pictures
and photos is that you have so many 1s and 0s it would take a significant effort by a hacker to try and
break into the system. And since there is so much more low-lying fruit they’re just not going to waste
But the real issue in security, Perez says, is the human element. If a professional hacker is targeting a
high profile medical professional but recognizes that the system he’s trying to break into is too
complex, he’ll hire someone to track that individual and wait for them to make a mistake, like lose their
smart phone or lose their password list.
“So it’s not necessarily that the technology can’t be built to prevent people from getting in, it’s that
people are always the weakest link in this chain of security.”
Article Source: Re-posted from Physician’s Money Digest – June 15, 2015