A complete EHR will contain not only personal health information; it will offer financial and identifying information as well. This information is valuable to a medical practice for identification, authorization, and billing. However, it can also be extremely valuable to identity thieves who can use it maliciously. Medical practices implementing EHR software will have to ensure their system will comply with standards for securing both personal health and financial information.
On August 17th the Federal Trade Commission finalized a rule about personal health records to be part of the economic stimulus law (ARRA). The rule states that online personal health record (PHR) vendors must notify consumers about security breaches of their health information. Continue reading: PHR Breach Rule Finalized by FTC