By the EHR Association’s Privacy & Security Workgroup
Health care faces several security risks that make a focus on cybersecurity particularly critical. In particular, the industry is challenged by dual threats: highly valuable patient data (worth more on the black market than financial data at this point) and system interdependencies that directly introduce additional risk. A single cyber incident can disrupt hospital operations, delay treatments, and even jeopardize patient safety.
(more…)Posted by EHR Association on October 28, 2025
https://ehrablog.org/2025/10/28/cybersecurity-awareness-month-key-cybersecurity-controls-and-practical-challenges/
By the EHR Association’s Privacy & Security Workgroup
Healthcare cybersecurity risks have surged to unprecedented levels over the 22 years since the HIPAA Security Rule was first implemented—and the 12 years since its last update.
According to the HIPAA Wall of Shame, of the 614 data breaches reported in 2013, 43% (269) affected the healthcare industry. That was the first year since 2005 that the healthcare sector ranked higher than business in terms of the number of data breaches. At 9 million, healthcare also recorded the second-highest number of affected individuals.
(more…)Posted by EHR Association on October 15, 2025
https://ehrablog.org/2025/10/15/cybersecurity-awareness-month-2025-the-state-of-healthcares-cybersecurity/
October is Cybersecurity Awareness Month. The 2025 theme is “Building a Cyber Strong America,” highlighting the need to strengthen the country’s infrastructure against cyber threats and ensure resilience and security. In recognition of healthcare’s rising threat profile and the urgent need to shore up cybersecurity industry-wide, the EHR Association shares the following statement:
Cybersecurity Awareness Month is an ideal opportunity to highlight the healthcare industry’s unique security risks, in particular the dual threat we collectively face from the highly valuable patient data held in our health IT systems, as well as the critical dependencies that directly impact patient care. Health data is a top target for nefarious actors, and a single cyber incident can cause lasting harm by disrupting operations, delaying treatments, and jeopardizing lives. To reduce the industry’s risk profile, the EHR Association advocates for stronger protections and realistic, risk-based implementations of security safeguards that enhance resilience without overwhelming resource-constrained hospitals, health systems, and other provider organizations.
– EHR Association Privacy & Security Workgroup
Posted by EHR Association on October 1, 2025
https://ehrablog.org/2025/10/01/ehra-statement-on-2025-cybersecurity-awareness-month/
By Hans Buitendijk, Chair, EHR Association Privacy & Consent Task Force
The EHR Association has previously written about our belief that smart deregulation, a core policy priority of the current administration, can eliminate outdated or redundant regulatory requirements that are of limited value to patients, providers, and developers. By focusing on policies that drive improvements in standardized interoperability and health data exchange, regulatory agencies will better support the industry’s ability to deliver safe, effective, and innovative technology solutions without slowing forward momentum or devaluing existing investments.
(more…)Posted by EHR Association on September 30, 2025
https://ehrablog.org/2025/09/30/uscdi-bulk-data-exports-ehi-exports-solid-concepts-requiring-standardization-and-maturity/
In recognition of 2025 World Patient Safety Day today (Sept. 17), the theme of which is “safe care for every newborn and every child” in recognition of the vulnerability of this age group to risks and harm caused by unsafe care, the EHR Association’s Patient Safety Workgroup shares the following statements:
“During the important conversations taking place on World Patient Safety Day, it’s important to remember that patient safety is a shared responsibility between the providers using health IT and EHR companies, which play a vital role in that mission. By enabling real-time access to accurate information, supporting clinical decision-making, and identifying potential risks to those using the systems, EHRs play a critical role in ensuring that every patient—including the youngest and most vulnerable—receives the safest care possible. Safety is too important not to address it from the start.”
—Michael Blackman, MD, MBA (Greenway Health),
Chair, EHRA Patient Safety Workgroup
“Trust in healthcare delivery begins with transparency. The 2025 World Patient Safety Day focus on newborns and children reminds us of the critical importance of accurate, accessible, and comprehensive patient information from the very start. Patient portal activation during the newborn period establishes a foundation for patient engagement, eases parental or guardian access to health data, and supports effective communication about the patient from day one, all of which contribute to the safest possible patient interactions. It’s associated with improved adherence to follow-up visits and helps ensure parental and caregiver engagement regarding medication, diagnostics, and immunization, promoting ‘patient safety from the start’.”
—Marijo Carnino (MEDITECH), Vice Chair, EHRA Patient Safety Workgroup
Posted by EHR Association on September 17, 2025
https://ehrablog.org/2025/09/17/ehra-statement-on-2025-world-patient-safety-day/
By the EHR Association Certification Workgroup
When federal agencies, including those under HHS, began exploring opportunities for deregulation and burden reduction pursuant to several of President Trump’s Executive Orders (EO), the EHR Association seized the opportunity to voice our unique perspective and deregulation recommendations in the ASTP/ONC Health IT Certification Program. Since then, we’ve been encouraged by and appreciative of the tangible steps ASTP/ONC has taken towards reducing regulatory burdens, specifically its publication of enforcement discretion for both the Insights and Real World Testing (RWT) Condition and Maintenance of Certification.
(more…)Posted by EHR Association on August 18, 2025
https://ehrablog.org/2025/08/18/reducing-the-regulatory-burden-of-rwt-and-insights/
EHRA Blog 