Ethical security: keeping patient data private
The security of patient information is an ethical and legal mandate for healthcare. This was reiterated over and over at HiMSS 2012 with discussions of new measures for Meaningful Use which include transmission of electronic records to recipients with no organizational affiliation and using a different certified EHR technology vendor than the sender. As EHRs proliferate, more security risks arise.
This increase in exposure has already led to an explosion in information breaches, identity theft, and numerous violations of the HIPAA privacy and security provisions. As threats to the confidentiality of health information increase, additional administrative, technical, and physical safeguards must be put in place to secure the privacy of the protected health information.
Regulations around security have been piling up since HIPAA was first written. The Department of Health & Human Services guidance for entities that must adhere to the HIPAA security regulations in HIPAA Security Guidance for Remote Use of and Access to Electronic Protected Health Information has long stated that two-factor authentication must be implemented in order to provide adequate security to protect remote access. And new guidance was previewed during the HiMSS conference.
Along with the required two-factor authentication, ensuring that you know who the user is on the other side of a transaction increases security and the privacy of sensitive patient information. Establishing the identity of a previously anonymous claimant with a high degree of assurance can be difficult without the right information to match against an online persona and correlate that to a real person.
Equifax owns the patent on knowledge-based authentication (KBA), which is the industry standard for identity verification. KBA enables all types of users to prove their identity in online environments by presenting multiple-choice questions to the applicant that should only be known by that actual user. The identity proofing questions and answers are developed from a variety of comprehensive data sources to maximize the ability to uniquely identify an individual and to prevent fraud.
If you’d like to speak to a specialist about securing your EHR to comply with Meaningful Use requirements, please contact us to learn more about online identity proofing and strong authentication.
Recommended For You
If your organization handles consumer data, it’s time to start working on compliance with the California Consumer Privacy Act (CCPA). […]
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
As consumers become more accustomed to interacting with their service providers via mobile and online channels, security becomes a top concern for telecom, […]
Recently, the Affordable Care Act (ACA) State-Based Healthcare Marketplaces in California, Covered California, and Vermont, Vermont Health Connect, sent ACA […]