On May 2, 2018, a Department of Defense Inspector General audit of the medical record security systems at the Defense Health Agency ("DHA"), Navy, and Air Force revealed that "[o]fficials from the DHA, Navy, and Air Force did not consistently implement security protocols to protect systems that stored, processed, and transmitted [electronic health records] EHRs and [patient health information] PHI at the locations tested." The audit included several recommendations for the respective agencies to implement, including: (i) configuring systems that process patient health information to lock after 15 minutes of inactivity; (ii) implementing higher standards for password length and complexity; and (iii) developing plans and milestones to mitigate known network vulnerabilities.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.