In a March 12 op-ed for STAT, Dr. Huang, chief quality data officer of Duke Health in Durham, N.C., and Dr. Perakslis, a Rubenstein fellow at Duke University, highlighted the weaknesses surrounding EHRs during pandemics as well as how to address these challenges and implement solutions.
As of 9:35 a.m., March 12, the U.S. has 1,323 confirmed cases of COVID-19 and 38 deaths. While the coronavirus continues to spread, COVID-19 cyber threats aimed at individuals and health systems are gaining traction.
“We aren’t crying wolf here,” the co-authors wrote. “Disaster planning experts know all too well that preexisting weaknesses become worse during crises… Outdated infrastructure containing components with long-understood vulnerabilities are a hacker’s paradise.”
EHRs lack efficient functionality and usability because the systems are designed for tracking and billing procedures, rather than delivering optimal patient care. The software also needs rapid updates to deal with COVID-19 cyber threats. However, due to the complex nature of EHRs, upgrades and changes are often slow and expensive, the co-authors wrote.
Sharing data across platforms and with patients “is essential, especially during a disease outbreak,” Drs. Huang and Perakslis wrote. If HHS’ final interoperability rules, which were released this week, were already in place across all EHRs in the U.S, “the ability for health systems to securely and appropriately share information in public health emergencies would be vastly improved,” the co-authors added.
Five tips to manage EHR vulnerabilities, according to Drs. Huang and Perakslis:
1. All healthcare institutions with business continuity plans should review them and ensure there is a “clear hierarchy” of technology, data and business priorities.
2. Oversight and diligence on computer system administration must be increased. Prioritize administrative patches for EHRs and other systems and IT administrations should decide whether nonessential projects should be stopped.
3. Increase cybersecurity awareness, preparedness and activities. Healthcare institutions should apply security patches as soon as possible to avoid the possibility of a ransomware outage during an epidemic.
4. Use specialized mobile applications to supplement new or evolving EHR clinical workflows.
5. Use scribes to help clinicians document patient encounters; staff who typically focus on analytics and data tasks may also help with COVID-19 reporting.
More articles on EHRs:
UCFS transitions to $1.8M Epic EHR: 4 notes
7 key dates to know about HHS’ final interoperability rules
Epic, Google & 8 more health IT stakeholders react to HHS’ final interoperability rules
