Robert Hudock Quoted in Article, “Stakeholders Must Double Up on EHR Security”


Robert Hudock, a Member of the Firm in the Health Care and Life Sciences practice, in the Washington, DC, office, was quoted in an article titled "Stakeholders Must Double Up on EHR Security."

Following is an excerpt:

It's somewhat self-serving that the U.S. Department of Health & Human Services published a notice in the Federal Register this week about its upcoming survey of the 115 covered entities that were audited for HIPAA compliance in 2012 pursuant to the Office for Civil Rights' (OCR) pilot audit program. It sounds all touchy-feely: HHS wants feedback about the program's features, the estimated costs of the audit, the effect on day-to-day operations, and the like. ?...

And providers continue to be lax about securing their patients' electronic records, according to attorney Robert Hudock of Epstein Becker Green in Washington, D.C. Hudock, a certified "ethical hacker" as designated by the International Council of e-Commerce Consultants, told FierceEMR in an exclusive interview that vulnerabilities are not always apparent.

For instance, he said, providers can inadvertently create a security hole in their network perimeter when they scan medical records into their EHRs, since the scanned paper is usually not encrypted. "Scanned paper is readily accessible and easily understood, unlike EHRs themselves," Hudock said, making the data easy fodder for identity theft by cyber criminals.