SPHER is designed to meet specific HIPAA Privacy & Security requirements


Healthcare has Changed

The HITECH Act (Meaningful Use) has rapidly accelerated the adoption of Electronic Health Records across the entire healthcare spectrum, making patient health data readily available to those that need access to it. A core benefit of the EHR, centralization, made it so that clinicians can all view and contribute to a unique record for each patient at any time, from any location.



The Dilemma

Initially believed to represent a massive step forward in terms of security when compared to the paper-based medical record, EHRs simply shifted the attack vectors. What was once a single paper record laid open and exposed on a desk or a nurse’s cart, is now a digital record available to any authorized user, instantly and remotely.

EHR breach stat.PNG

Percentage of breaches caused by users who have authorized access to patient data


The Challenge

HIPAA requires that all healthcare organizations have policies and procedures in place to monitor the daily activity that occurs on the EHR for suspicious user activity. This is done through the regular analysis of EHR audit logs. Should a suspicious event occur, the event must be documented, investigated, and resolved in a consistent manner.


The Solution

To address the above challenge, the Office of Civil Rights (OCR) requires the following HIPAA Security Standards to be in place at all healthcare organizations, regardless of size. Below is a description of each OCR standard and how SPHER meets that standard.

compliance solution mod.png

*Not a single SPHER customer has failed an OCR or CMS audit due to not meeting the HIPAA Security Standards that SPHER addresses.