SSL VPNs are Essential for the Adoption of Electronic Health Records

Posted by Sarah Becker Thu, 03 Jul 2014 12:32:00 GMT

In our previous post on the healthcare industry, we discussed the many benefits the healthcare industry would experience from going paperless. In this follow up post, we discuss how SSL VPNs are well-suited for the task of managing electronic health records (EHRs) and are necessary as part of a more comprehensive health care service. 

The Main Priorities of Electronic Health Records

Today, physicians can retrieve patient data or lab results while out of the office - a possibility which was unthinkable a few years ago. Harman et al. states that privacy, confidentiality, security and data availability are the main priorities of electronic health information and these require suitable computer technologies.


1)     Designated User Privileges for Privacy and Confidentiality

The information that is shared as a result of a clinical relationship is considered ”confidential” and therefore must be protected. Patient information should be released to others only with the patient’s permission or as allowed by law.

In order to safeguard confidentiality, it is important to ensure that only authorized individuals have access to information. According to American Health Information Management Association (AHIMA), an essential aspect of medical record security is designating user privileges: all users have access to the information they require to fulfill their roles and responsibilities and must acknowledge that they are accountable for the use or misuse of the information they view and change.  

2)     Clustering for Availability

Timely access to confidential patient information by healthcare professionals is vital to delivering the highest quality care. The hacking and overloading of a system can lead to information becoming unusable. In the case of electronic health record systems, it is especially important to have redundant components to ensure availability. Therefore, in the event that one component fails or is experiencing problems, the system will automatically switch to an alternative back-up component.

3)     Encryption for Security

The security of health information is of growing concern; this arises from the increase of EHRs, increased use of mobile devices, medical identity theft, and the common expected exchange of data between and among organizations, clinicians, federal agencies, and patients.

As cited by Harman et al., 73% of physicians text one another about work. This implies that a secure exchange of information is a key concern. There is no control over what information is being transmitted, whether communications are being intercepted by others, what images are being shared, nor device encryption and security.

Although computer workstations are rarely lost, the same cannot be said about mobile devices, which can be misplaced, damaged, or stolen fairly easily. Therefore it is of the utmost importance that either the mobile devices that are used to transmit confidential information or the data itself be encrypted. Another potential threat is that data can be hacked, manipulated, or destroyed by unauthorized users. 

SSL VPNs Supply Secure Access of Electronic Health Records

The challenges and requirements outlined above can be overcome by implementing remote access technology. Secure Sockets Layer (SSL) VPN technology is rapidly becoming the most prevalent solution for implementing security in fundamental applications being accessed remotely over the Internet. VPNs based on SSL offer several benefits that are especially useful for the healthcare industry. 

The majority of Web browsers have SSL, thus excluding the need to purchase, install, and configure dedicated VPN client software – this translates to savings with respect to time and money. Business partners, billing organizations, insurance companies, and labs can easily and immediately access and update patient medical records, medical documents, and billing information through the internet by solely using a Web browser. 

Data availability is possible via the technique of load balancing, achieved via server clustering. This ensures 24/7 availability of data and higher performance. A high-quality SSL VPN delivers clustering by implementing several servers to act together as secure proxy servers. This avoids the problem of having a single-point-of-failure for the central component. Integrated and comprehensive load balancing allows queries to be distributed over all servers in accordance with defined criteria. This provides each user with a high performance connection for optimal working conditions. 

When a VPN is implemented, user access is based on pre-established role-centered privileges. Following user authentication, user access privileges are restricted as defined by their respective profile. User permissions and policies allow access to particular users, limiting access to only the data and applications required. For instance, in a physician’s practice, the doctors and the receptionist have dissimilar tasks and responsibilities; consequently, they do not have access to the same information. The high level of encryption of the communication through VPNs ensures that eavesdropping is impossible, thereby protecting the confidential information. 


Patient records contain sensitive data that may only be viewed by authorized employees. SSL VPNs are uniquely suited to the needs of the healthcare industry as they ensure privacy, confidentiality, security and availability of highly sensitive patient information. 

Autor: Hazel Farrugia

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment