A major functional flaw in the Veterans Health Information Systems and Technology Architecture electronic health records system has been identified and fixed by an enterprising graduate student and a community of open-source EHR developers.
Doug Mackey, a graduate student at the Georgia Institute of Technology in Atlanta, was working on his masters' thesis on the potential vulnerabilities of open-source EHR software, using VistA as an example. He soon discovered a real vulnerability that could allow for remote commands without authorization, a design flaw with potentially catastrophic consequences for the EHR system and the 6 million patients it serves, according to a report in NetworkWorld.
When attempts to contact government and VA officials proved fruitless, Mr. Mackey turned to the online forum of the Open Source Electronic Health Record Corporation, a group of independent developers that had helped with the development of VistA. An emergency patch was quickly developed and made available to all VistA users, according to the report.
The incident exposed both the benefits and drawbacks of open-source software, Mr. Mackey told NetworkWorld. "On the one hand it can spur innovation and allow interested independent researchers to contribute… However, on the other hand, it allows potential hostile actors access to details of your system's operation," he said.
More Articles on Open-Source Health IT:
New Version of Government's Open-Source CONNECT HIE Software Released
8 Benefits, Drawbacks of Open-Source EHRs for Safety-Net Hospitals
ONC, Health 2.0 Challenge Developers to Create App With popHealth Tool