Healthcare Information Security

Cybersecurity News

Do EHR Interoperability Requirements Raise Security Risks?

By Kyle Murphy, PhD

- A nationwide patient advocacy group is of the opinion that EHR interoperability requirements will pave the way for protected health information to be hacked.

CCHF argues that EHR interoperability requirements raise health data security risks

The Citizens’ Council for Health Freedom is calling on Congress to halt moving forward with EHR interoperability requirements following the recent data breach of personal information for as estimated four million current and former federal employees.

“This most recent data breach against federal employees should be a wake-up call to Congress to halt the push for the mass interoperability of Electronic Health Records (EHRs), as well as the Obamacare exchange database of every patient who enrolls in an exchange,” CCHF President and Co-founder Twila Brase said in a public statement.

According to Brase, EHR interoperability adds to the negative effects EHR adoption has on providers and patients. “EHRs are not only dangerous for patients and impose costly and time-consuming requirements on doctors, now the EHR is turning into a national security nightmare,” she added.

CCHF is making the argument that the recent hack of government information is proof that similar attacks could just as easily target and access sensitive health data.

"Hackers and cyber criminals are no longer only after our credit cards to make a few purchases and ruin our finances," Brase maintained. "The intent of government actors is much more sinister, and advancing a national initiative to combine Americans’ private medical records into one unsecured system opens the door not only to standard criminals but also to those who are a potential threat to our national security."

The patient advocacy group points to the health data breach that potentially compromised the personal information of 80 million former and current customers of Anthem, Inc., which occurred in early February 2015 according to

As for federal EHR interoperability requirements, CCHF singles out the work of the Office of the National Coordinator for Health Information Technology and its shared nationwide interoperability roadmap. The federal agency's plan, however, does not include the creation of a single system for advancing interoperability:

In a country as large and heterogeneous as the U.S., it is not realistic to suggest that all health information needs will be met with a single electronic health information sharing approach. However, the health IT ecosystem must evolve to address each of these barriers in a lasting and meaningful way to achieve a learning health system that protects the health of all Americans and provides essential human services to all.

Advancing EHR interoperability will lead to PHI being shared between healthcare organizations and providers, but it does not necessarily come at the expense of health data security and privacy so long as covered entities put the required safeguards in place to keep sensitive patient data secure and private.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...