Not that long ago, healthcare worried mostly about the physical loss of personal health information (PHI) by way of a lost thumb drive, a stolen laptop, some misplaced paper files. These were the primary concerns in HIMSS initial security survey, published in 2008. It wasn’t until five years later, in 2013, that the largest healthcare security breaches came from cyberattacks instead of lost or stolen devices.
One requirement of the 2014 Final Rule on Health Information Technology is for pricing transparency and disclosure. Certified electronic health record (EHR) vendors have been required to disclose any “additional types of cost that an EP (eligible provider), EH (eligible hospital) or CAH (critical access hospital) would pay to implement the Complete EHR’s or EHR Module’s capabilities in order to attempt to meet meaningful use objectives and measures.”