How is patient information secured when there is an electronic medical record?

On June 18, the National Center for Health Information ( Ministry of Health ) held a workshop on Solutions for implementing electronic medical records in the Southeast region.

Mr. Hoang Van Tien - Deputy Head of the Department of Solutions and Quality Management of the National Center for Health Information - said.

Up to now, the Ministry of Health has issued many guiding documents for hospitals when implementing electronic medical records such as: Circular 13/2025/TT-BYT, instruction document 365/TTYQG-GPQLCL dated June 6 guiding functional requirements, infrastructure conditions, information security... guiding the implementation of electronic medical records.

According to schedule, by the end of September 2025, medical facilities nationwide must complete the implementation of electronic medical records.

Assessing the level of patient information security when implementing electronic medical records, Mr. Tien said this is an issue of great concern.

When transferring medical records to the network environment, the risk of leakage is very high, if we are not vigilant and do not have solutions to ensure information security.

Therefore, it is recommended that medical examination and treatment facilities pay attention to implementing many groups of technological solutions to ensure patient information security such as firewalls, anti-virus software, etc. to prevent external attacks on the unit's information system.

In addition, when developing software, it is necessary to ensure security from the source code to avoid loopholes, otherwise hackers will exploit, illegally access data, and steal patient information.

In addition, human solutions are also very important. It is necessary to update information security knowledge for the IT team to raise awareness and understanding.

"Medical examination and treatment facilities themselves must pay close attention to issuing regulations and technical operations, including regulations on ensuring information security. Thereby, stipulating the responsibilities and roles of each department and individual at the medical examination and treatment facility when operating the system.

"When medical examination and treatment facilities end their contracts with software service providers, they must retrieve data for hospital management," said Mr. Tien.

Mr. Tien also recommends that patients be careful in managing their medical records when using health information management applications on smartphones.

Mr. Do Truong Duy - Director of the National Center for Health Information - said that without a clear database, it will be impossible to successfully implement digital transformation, localities and units need to build an effective data infrastructure.

Mr. Duy also emphasized that cooperation between health agencies and businesses is a key factor for the successful implementation of electronic medical records.

"Therefore, we hope that businesses will share their experiences and commit to supporting medical facilities in meeting new regulations. The goal of digital transformation is completely feasible, but it cannot be successful without support from businesses. Currently, many businesses are proud to have achieved a 100% digital transformation rate," said Mr. Duy.

According to the director of the National Center for Health Information, with the determination of localities, medical units and the support of businesses, the goal of digital transformation in healthcare can be achieved ahead of schedule.