Health IT Pulse

Nov 19 2013   1:30PM GMT

VA turns to open source EHR in wake of student-found vulnerability

Alex Delvecchio Alex Delvecchio Profile: Alex Delvecchio

Tags:
EHR
EHR security
Open source
VA
Vista EHR

A term project by a Georgia Tech graduate student lead to the discovery of a security vulnerability in  the U.S. Department of Veterans Affairs (VA) EHR system. As a result, the VA collaborated with the open source EHR community to improve the security of their vulnerable Veterans Health Information Systems and Technology Architecture (Vista) EHR system. To do so, the VA teamed with Open Source Electronic Health Record Agent (OSEHRA) to create a patch for users.

The goal of the student, John Mackey, was to show the vulnerability of large critical infrastructures. He chose to experiment with Vista because of its increasing use in private facilities, as well as VA hospitals. The flaw Mackey discovered was that certain formatting could allow the sender to perform a number of remote commands without authentication, according to OSEHRA.

“A single interested individual found a vulnerability that impacted the entire community. Every VistA user can use the resulting patch to improve security for their patients,” said Seong Ki Mun, CEO of OSEHRA, in a release announcing the collaboration.

The deployment of open source EHRs has gained traction in other corners of the healthcare field. A study conducted by the National Opinion Research Center at the University of Chicago showed that five out of six participating sites “found a number of advantages in the use of their open source EHR system.” Three of the sites used a version of Vista. The sites that were satisfied with their open source EHR system believed so because it supported patient care and streamlined workflows within their facility.

Intermountain Healthcare has pledged $25 million to an open source telemedicine software project; the results of which will ultimately be turned over to the U.S. healthcare system and telemedicine vendors. Their goal in establishing this project is to increase access to better care for patients and to educate clinicians on how and when to use telemedicine technology.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: