Security Nightmare: Small Practices and Ransomware

by Jerome Carter on December 12, 2016 · 2 comments

For four years, ending in 2004, I was Director of Informatics for the HIV/AIDS clinic at the University of Alabama-Birmingham.   During that time I led a project to create an EHR. Starting with one programmer and myself, over the course of my tenure, the staff grew to include an in-house tech support position, a systems […]


The HIPAA Security Rule…Revisited

by Jerome Carter on May 20, 2013 · 0 comments

In the September 2011 blog post, The Challenges of Meaningful Use in Small, Independent Practices, I reported on a talk given to a group of primary care practitioners and how their questions indicated they were having difficulties understanding MU requirements.   Perhaps the most surprising finding was that many attendees from practices that were already using […]


Two weeks ago I wrote about the value of EHR timelines and audit trails. Today’s post takes that discussion a little further by demonstrating various ways of keeping track of data accesses and changes in EHR data element values.   Of course, this functionality is useful for any clinical database that might be covered under HIPAA.  […]


As EHR use increases, the number of complaints about incoherent paper printouts has grown.  However, it isn’t just clinicians who are having problems.   EHRs Prove a Difficult Witness in Court , an article from the Journal of AHIMA, details the legal headaches that can occur as a result of the inability to reconstruct an accurate […]

{ 1 comment }

Encryption, an Ounce of Prevention…

by Jerome Carter on April 16, 2012 · 0 comments

Increasingly, data breaches are in the news.  Reports of stolen desktops, lost jump drives, and misplaced laptops seem to show up constantly.   If it seems that you are now hearing more about breaches than in years past, you are correct, and the HITECH Act is probably the major reason. One component of the privacy/security provisions […]


Technical Safeguards in Certified EHRs

by Jerome Carter on February 13, 2012 · 2 comments

As someone starting a new software development project, I have a keen interest in ensuring that my product does not create HIPAA headaches for users.  Complying with the Security Rule’s technical safeguards seemed like a good start, so I decided to review their implementation specifications while developing security requirements. The technical safeguards are covered in sections 164.312(a)-(e).   They […]


HIPAA Requirements for Meaningful Use Objective 15

by Jerome Carter on December 12, 2011 · 0 comments

Each of the three previous posts in this series addressed a different aspect of security: information security principles, HIPAA changes in the HITECH Act, and the components of the HIPAA security rule. The subject of this post is meaningful use objective 15, which states: Objective: Protect electronic health information created or maintained by the certified […]