EHR Security

Security Nightmare: Small Practices and Ransomware

by Jerome Carter on December 12, 2016 · 2 comments

For four years, ending in 2004, I was Director of Informatics for the HIV/AIDS clinic at the University of Alabama-Birmingham.   During that time I led a project to create an EHR. Starting with one programmer and myself, over the course of my tenure, the staff grew to include an in-house tech support position, a systems […]


The HIPAA Security Rule…Revisited

by Jerome Carter on May 20, 2013 · 0 comments

In the September 2011 blog post, The Challenges of Meaningful Use in Small, Independent Practices, I reported on a talk given to a group of primary care practitioners and how their questions indicated they were having difficulties understanding MU requirements.   Perhaps the most surprising finding was that many attendees from practices that were already using […]


Is Your EHR Hackable?

by Jerome Carter on February 4, 2013 · 2 comments

Last month the Washington Post ran an article, Health-care Sector Vulnerable to Hackers, Researchers Say, which sounded alarms concerning the security of clinical systems.   Reflecting on the state of HIT security, the article quotes Avi Rubin, a security researcher: I have never seen an industry with more gaping security holes,” said Avi Rubin, a computer […]


Two weeks ago I wrote about the value of EHR timelines and audit trails. Today’s post takes that discussion a little further by demonstrating various ways of keeping track of data accesses and changes in EHR data element values.   Of course, this functionality is useful for any clinical database that might be covered under HIPAA.  […]


Database Shopping

by Jerome Carter on January 21, 2013 · 0 comments

After enduring the usual software development delays, I am moving ahead with the data store evaluations mentioned in the post Databases a la Carte.   There are three immediate goals. The first is obtaining a deeper knowledge of MySQL, which is more or less a practice-makes-perfect situation.  Thus far, I have been getting by on my […]


As EHR use increases, the number of complaints about incoherent paper printouts has grown.  However, it isn’t just clinicians who are having problems.   EHRs Prove a Difficult Witness in Court , an article from the Journal of AHIMA, details the legal headaches that can occur as a result of the inability to reconstruct an accurate […]

{ 1 comment }

Resources Update—Security and Usability

by Jerome Carter on May 9, 2012 · 0 comments

Since the last resources-related post, two additional pages have been added— Usability and Security.   Resource pages offer practical information for those implementing systems and research information for informatics researchers and system designers. Usability The initial version of the usability page focuses on major national policy reports/documents and selected research articles going back to 1999.  The […]