Healthcare information security


October 12, 2016 by Aroosa Ashraf

Although they seem similar, there are some significant differences between the two terms electronic medical record (EMR) and electronic health record (HER). The term EMR came first; the word “medical” relates mostly to treatment or diagnosis by physicians. On the other hand, the word “health” refers to the general status of the body. In short, “health” covers more territory than “medical.”

Electronic Medical Record (EMR)

The EMR concerns everything related to the medical history of the patient, including diagnoses, immunization dates, allergies, and medications. EMR is therefore limited to the territory of medical practitioners. It may sometimes be necessary to print and send it to another health provider to evaluate previous medical history.

Electronic Health Record (EHR)

The EHR is a digital version of health information that contains more than patient medical information. It may include diagnoses, progress notes, medications, immunization dates, past medical history, vital signs, allergies, imaging reports, and lab data. Additionally, an EHR can have other relevant patient information, such as demographic and insurance data, as well as information taken from personal wellness instruments.

EHR not only helps in storing the data but also in sharing the information among authorized providers (various health organizations) with ease. This helps immensely in coordinating and making the right clinical decisions.

EHR also aids in improved patient care by supporting the Medicaid and Medicare programs. This helps in avoiding penalties during reimbursements of Medicaid and Medicare program to the eligible providers, as EHR makes health information accessible instantly.

EHR can be regarded as the future of healthcare because the records provide critical patient information, thus helping with clinical decisions as well as coordinating care between different healthcare providers.

Main Differences between EMR and EHR

An electronic medical record is simply the digitized version of the earlier paper charts used in the physician’s office. Itcontains the patient’s treatment and medical history. The advantages of EMR over paper records are:

  • Easily track patient information over time.
  • Identify patients requiring checkups or preventive screenings with ease.
  • Readily check patient outcomes and how they are doing on against certain parameters (vaccinations or readings of blood pressure).
  • Monitor the overall care quality within the practice for improvement

The problem with EMR is that it does not travel well outside during the sharing of health information among providers. The records often have to be printed in order to send to different physicians and specialists. Thus, in this regard, EMR can be treated much as paper records.

Electronic health records do all the same things and some more. The focus of an EHR is on the patient’s total health, reaching beyond collecting standard clinical data on the patients in the clinician’s office. It includes a broader perspective of patient care. EHR is built to share clinical data of patients across different health care providers, including various specialists and laboratories. Therefore, EHR contains information from all the physicians involved in the care of the patient. An EHR can be made, consulted, and managed by authorized physicians and health workers across different healthcare organizations.

The information usually travels to the physicians from the patients along with the healthcare organizations (hospitals, nursing homes) present, even across different countries. EHR makes the sharing of medical information across different stakeholders easy. It is designed to be viewed even by the patients themselves.

EHR makes a difference, as information becomes more powerful when shared securely. Healthcare does not depend only on individual efforts. Rather, it is a team endeavor that requires sharing of key patient information. Effective communication and sharing of patient information among different clinicians helps in achieving the desired result in health care. After all, the ability to engage the various parties in interactive communication with shared information is the key to success in healthcare.

Therefore, while “medical records” implies mainly clinical data derived from diagnosis and treatment of patients, “health records” can be regarded as a broader term that relates to the overall health condition of the patient.

The Advantages and Disadvantages of Using EHR and EMR

EHR or EMR records are advantageous over paper-based record systems in many ways. Digitized information can have information management tools to aid health workers in providing better patient care through more efficiently interpreting, organizing, and reacting to patient records.

EHR software can give alerts for clinical reminders, connect specialists regarding critical health care decisions, and analyze health records for future research as well as for care management.

The interactive EHR systems prompt providers for additional information that helps to get more information and enhances data completeness.

With its provision of critical data that help care coordination between health providers and informs clinical decisions, EHR systems are the future of healthcare. The focus of EHR systems is on the overall patient’s health and it is designed to extend beyond the reach of healthcare organizations originally collecting and compiling patient health data. EHR is developed to share patient data with different health care providers, including specialists and clinical laboratories. The intent is to have all the patient information from different clinicians involved in the care of the patient.

The patient data moves along across the healthcare organization, the patient, the specialist, even the next state or outside the country. All the people involved in the patient care can access the EHR system, including the patients themselves for better care delivery to the patients.

The Disadvantages

However, the EHR and EMR systems for managing patient information have some disadvantages. Maintaining such software systems is relatively expensive initially because are investments are required for proper hardware, installation, training of the health workers, and managing support from IT organizations. The software also comes with a cost (free versions are available, though with less functionality). There are chances of malfunction and loss of all patient data if the software is not built properly.

Security of electronic patient information from the cybercriminals is also a serious concern, as the handling of cases involving data breaches is very expensive.

The Benefits of EHR over EMR

In short, an EHR system manages the following attributes in a healthcare organization, helping in critical clinical decisions and has advantages over EMR:

  • EHR holds all the healthcare information and data, including lists of problems, test results, a list of medications and ICD-10.
  • Helps in results management by allowing electronic storage of various lab result sand X-ray images, and ensures that there is no duplication of tests.
  • Automated order entry via secured e-prescribing technology.
  • Easy access to various clinicians and specialists, offering exclusive decision support. The EHR system can even warn clinicians about possible drug interactions, help in the diagnosis process, and provide evidence-based guidelines during evaluation of treatment options.
  • EHR allows electronic connectivity and communication facility where the physicians or medical assistants in a different places even can securely talk to the patients in cyberspace.
  • EHR makes it possible to share educational material with the patients through home monitoring devices and online questionnaires.
  • The administrative processes take less time when using an EHR, thus minimizing delays in treatment. Scheduling of appointments can be done by the patients themselves. They can also check for insurance eligibility.
  • EHR also prides a searchable database that allows the user to have important information regarding patient demographics, the types of disease that are predominating, and so on (for example, the number of diabetic patients treated in 2015).

The Security of EMR and EHR

With coordinated and improved care, EHR also brings additional security concerns. Previously, it was difficult to steal healthcare data stored on paper because it is bulky. The electronic system now makes it easier for hackers to steal this valuable information (as they are stored in smaller devices such as USB drives) and sell at a good price. So, with EHR come concerns about the security and privacy of patient information. Does using EHR compromise patient data safety? What are the safety measures that should be employed to ensure patient data safety?

Health information of patients is protected by the Health Insurance Portability and Accountability Act (HIPAA), which accounts for the privacy and security of the health information. Although, with EHR the health providers can use patient information more effectively, thereby improving the efficiency and quality of care, it does not change the existing obligations of the health care providers to keep patient health data private and secure.

The Security Rule of HIPAA requires that healthcare organizations set up specific security measures to safeguard patient information stored in the EHR. These security measures include physical, technical, and administrative protection of the health information stored in an EHR system. The safety measures to be built into EHR system are:

  • Implementing access controls by introducing PIN numbers and passwords. This will limit access to patient health information to authorized personnel only.
  • Encryption of stored information to ensure that these data cannot be read or understood by unauthorized users. Encrypted data can be read only after its correct decryption, using a special key available to authorized users only. Encrypted data have often been safe even after getting lost or stolen.
  • Audit trail of stored information to record who is accessing the information, as well as what and when changes are made to them.

As per HIPAA Privacy Rule, patients have the rights over their own health data, irrespective of its form (in paper or electronic). The patients have the right:

  • To see and receive a copy of their medical record.
  • To request that any mistakes be corrected.
  • To receive a notice whenever health information of patients is shared, stolen or used.
  • To state where and how the patient wants to be contacted by the health care provider.
  • To file a complaint whenever the patient feels that the above rights are not recognized.

In cases where the patient information falls to someone who should not have it or see it, federal law requires the respective healthcare organizations or providers notify the patient about the breach and the providers will be accountable (often the resultant fines are costly to the healthcare providers).

Table: Reviews and ratings of the leading electronic medical record (EMR) and electronic health record (EHR) systems. 

Company User Ratings Price Ratings Supported Platforms Deployment Business Size Advisor Recommendations
DrChronoEHR **** $$ Mac/Windows/Linux Cloud Small/Medium/Large 280
iSALUSEHR **** $ Windows Cloud Small/Medium 264
AdvancedMD *** $$ Mac/Windows/Linux Cloud/


Small/Medium 252
MediTouchEHRSoftware ***** $ Mac/Windows/Linux Cloud/Desktop Small/Medium/Large 241
athenahealthHER *** $$ Mac/Windows Cloud Small/Medium/Large 168
NueMD ***** $ Mac/Windows/Linux Cloud Small/Medium 165
ChartLogicEHRSuite **** $$ Mac/Windows/Linux Cloud/Desktop Small/Medium/Large 125
PrognoCISBizmatics **** $ Mac/Windows/Linux Cloud/Desktop Small/Medium/Large 89
WRSHealth ***** $$$ Mac/Windows/Linux Cloud Small/Medium 83

Get free EMR cost information, product demos and more.







Posted: October 12, 2016
Aroosa Ashraf
View Profile

Aroosa Ashraf is a trained and registered pharmacist from the Government College University of Faisalabad (GCUF). She completed her graduation in 2013. She is an experienced researcher and technical writer and for the last 4 years, she is working as a writer on different platforms. Currently, she is writing many technical and non-technical articles for her national and international clients.