An internet television program that explores the intersection of medicine and the law.

Physicians: Risk Management Advice for Maintaining HIPAA confidentiality with EMR Systems

By Craig Brodsky to EMR/EHR


ALL MD attorney Craig Brodsky offers physicians risk management advice for maintaining HIPAA confidentiality in their EMR systems.

Mr. Brodsky is a partner with the firm Goodell, Devries. He has represented attorneys, physicians, psychologists, healthcare organizations, nursing homes, group homes, developers, adoption agencies, and real estate brokers. He has developed a concentration in defending healthcare providers in birth trauma, and cerebral palsy ligation. He frequently presents to healthcare providers and attorneys on current developments in the law in medical issues.

Question 4 of 5

Interview was recorded June 12, 2015


Mike: HIPAA data breaches are one of the emerging large systemic risks for a hospital or a large group practice in the modern healthcare delivery system. What risk management advice would you give physician clients for maintaining HIPAA confidentiality within their EMR system?

Craig: So, I think one of the big issues that we’ve got, in terms of EMR records and HIPAA data breaches, in addition to the obvious, is the system. And is the vendor somebody that’s up to date, in terms of what security is out there, is remote access. People take their laptops home, people use their iPads for records. And I think my biggest concern is that a good, strong policy in place, good strong security measures on tablets and laptops and iPhones, is something that could help a lot. That’s the biggest area of concern that I see. Computers tossed out, or not being locked up securely, are where these types of data breaches could be there.