eHealth+Security+Vulnerabilities

=eHealth Security Vulnerability Resources=

The [|eHealth Vulnerability Reporting Program] is a venture, founded in May 2006, "//to establish approaches and procedures that will help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security//". They have published an [|executive briefing] on some of their findings which include:
 * EHR vulnerabilities can be exploited to gain control of application or access to data for modification or retrieval
 * EHR applications have vulnerabilities consistent with other complex applications
 * Application vulnerabilities have long lives
 * EHR vulnerabilities are not disclosed to customers of these systems
 * Commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices
 * Security software effectively reduced time of exposure
 * No organization could be identified that has responsibility, charter or mission to address security vulnerabilities in eHealth applications

The report stresses that the "sky is not falling" but EHR vendors, healthcare providers and the healthcare industry need to do much more.

Researchers at the [|Children's Hospital of Eastern Ontario (CHIO) Research Institute] have published a paper titled [|An Evaluation of Personal Health Information Remnants in Second-Hand Personal Computer Disk Drives]. They found that 10% of used disk drives contained personal health information that could be recovered using computer forensic tools.