By the EHR Association Information Blocking Compliance Task Force
This is the second blog in our occasional series on information blocking, the goal of which is to educate our membership and other impacted stakeholders on information blocking requirements and exceptions. The first installment shared the history and description of information blocking. This entry is focused on the Manner Exception, its history, and what it means.
Posted by EHR Association on November 11, 2025
https://ehrablog.org/2025/11/11/a-manner-exception-primer/
By Tammy Coutts (MEDITECH), Chair of the EHR Association Social Determinants of Health & Health Equity Task Force
Ability and disability exist on a spectrum, one that nearly everyone will find themselves on at some point in time. Ways in which limitations show up vary dramatically and can be permanent, temporary or sporadic in duration. That is why, when it comes to inclusive design, health IT software developers should focus more on empowering everyone to succeed and less narrowly on addressing specific disability challenges.
(more…)Posted by EHR Association on October 31, 2025
https://ehrablog.org/2025/10/31/national-disability-employment-awareness-month-putting-accessibility-into-practice/
By the EHR Association’s Privacy & Security Workgroup
Health care faces several security risks that make a focus on cybersecurity particularly critical. In particular, the industry is challenged by dual threats: highly valuable patient data (worth more on the black market than financial data at this point) and system interdependencies that directly introduce additional risk. A single cyber incident can disrupt hospital operations, delay treatments, and even jeopardize patient safety.
(more…)Posted by EHR Association on October 28, 2025
https://ehrablog.org/2025/10/28/cybersecurity-awareness-month-key-cybersecurity-controls-and-practical-challenges/
By the EHR Association’s Privacy & Security Workgroup
Healthcare cybersecurity risks have surged to unprecedented levels over the 22 years since the HIPAA Security Rule was first implemented—and the 12 years since its last update.
According to the HIPAA Wall of Shame, of the 614 data breaches reported in 2013, 43% (269) affected the healthcare industry. That was the first year since 2005 that the healthcare sector ranked higher than business in terms of the number of data breaches. At 9 million, healthcare also recorded the second-highest number of affected individuals.
(more…)Posted by EHR Association on October 15, 2025
https://ehrablog.org/2025/10/15/cybersecurity-awareness-month-2025-the-state-of-healthcares-cybersecurity/
October is Cybersecurity Awareness Month. The 2025 theme is “Building a Cyber Strong America,” highlighting the need to strengthen the country’s infrastructure against cyber threats and ensure resilience and security. In recognition of healthcare’s rising threat profile and the urgent need to shore up cybersecurity industry-wide, the EHR Association shares the following statement:
Cybersecurity Awareness Month is an ideal opportunity to highlight the healthcare industry’s unique security risks, in particular the dual threat we collectively face from the highly valuable patient data held in our health IT systems, as well as the critical dependencies that directly impact patient care. Health data is a top target for nefarious actors, and a single cyber incident can cause lasting harm by disrupting operations, delaying treatments, and jeopardizing lives. To reduce the industry’s risk profile, the EHR Association advocates for stronger protections and realistic, risk-based implementations of security safeguards that enhance resilience without overwhelming resource-constrained hospitals, health systems, and other provider organizations.
– EHR Association Privacy & Security Workgroup
Posted by EHR Association on October 1, 2025
https://ehrablog.org/2025/10/01/ehra-statement-on-2025-cybersecurity-awareness-month/
By Hans Buitendijk, Chair, EHR Association Privacy & Consent Task Force
The EHR Association has previously written about our belief that smart deregulation, a core policy priority of the current administration, can eliminate outdated or redundant regulatory requirements that are of limited value to patients, providers, and developers. By focusing on policies that drive improvements in standardized interoperability and health data exchange, regulatory agencies will better support the industry’s ability to deliver safe, effective, and innovative technology solutions without slowing forward momentum or devaluing existing investments.
(more…)Posted by EHR Association on September 30, 2025
https://ehrablog.org/2025/09/30/uscdi-bulk-data-exports-ehi-exports-solid-concepts-requiring-standardization-and-maturity/
EHRA Blog 