Top

Published in:

01-04-2016 | Systems-Level Quality Improvement

Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle

Authors: Stephen J. Tipton, Sara Forkey, Young B. Choi

Published in: Journal of Medical Systems | Issue 4/2016

Abstract

This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual’s Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today’s technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

BIO-key Healthcare Security. (2015). Biometric authentication for healthcare. Retrieved from http://www.bio-key.com/industries/overview-3/healthcare.

Choi, Y. B., Capitan, K. E., Krause, J. S., and Streeper, M. M., Challenges associated with privacy in health care industry: Implementation of HIPAA Security Rules. J. Med. Syst. (JMS) 30(3):57–64, 2006.CrossRef

Confidentiality, Integrity and Availability (CIA). (2008). University of Miami, Miller School of Medicine. Retrieved from http://it.med.miami.edu/x904.xml.

Duo Security, Inc. (2015). Duo Authentication for Epic. Protect Access to Healthcare Data with Two-Factor Authentication. Retrieved from https://www.duosecurity.com/product/services/epic

Flight, M., Law, liability, and ethics for medical office professionals, 5th edition. Delmar, Cengage Learning, Clifton Park, NY, 2011.

Grantham, D., Confidentiality alternatives for exchanging electronic medical records take shape. Behav. Healthc. 33(3):37–39, 2013.PubMed

Grimes, R. A., All you need to know about the move to SHA-2 encryption. InfoWorld, 2015. Retrieved from http://www.infoworld.com/article/2879073/security/all-you-need-to-know-about-the-move-to-sha-2-encryption.html.

HealthIT.gov. (2013). Electronic Health Records Infographic. [Infographic]. e-Health. Retrieved from http://www.healthit.gov/patients-families/electronic-health-records-infographic.

HealthIT.gov. (2013). What You Can Do to Protect Your Health Information. Protecting Your Privacy & Security. Retrieved from http://www.healthit.gov/patients-families/what-you-can-do-protect-your-health-information.

10.

HealthIT.gov. (n.d.). Health IT: How to Keep Your Health Information Private and Secure. Privacy & Security Consumer Fact Sheet. [PDF]. The Office of the National Coordinator for Health Information Technology. Retrieved from http://www.healthit.gov/sites/default/files/how_to_keep_your_health_information_private_and_secure.pdf

11.

Health records privacy. Va. Code Ann. § 32.1-127.1:03.

12.

Imprivata. (2014). Authentication Management. Retrieved from http://www.imprivata.com/authentication-management

13.

Individual Access to Medical Records: 50 State Comparison. (2012). Health Information & the Law. Robert Wood Johnson Foundation. The George Washington University School of Public Health & Health Services. Retrieved from http://www.healthinfolaw.org/comparative-analysis/individual-access-medical-records-50-state-comparison.

14.

Medical records; ownership; provision of copies. Va. Code Ann. § 54.1-2403.3.

15.

Mir, S. S., HIPAA Privacy rule: Maintaining the confidentiality of medical records, Part 2. J. Health Care Compliance 13(3):35–78, 2011.

16.

Navigating Cancer Now Offers Single Sign-on Functionality for its Patient Engagement Portal. (2015). PRNewswire. Retrieved from http://www.prnewswire.com/news-releases/navigating-cancer-now-offers-single-sign-on-functionality-for-its-patient-engagement-portal-300031335.html.

17.

Patel, V., and Siminerio, E., Consumer Access and use of Online Health Records: It Takes Two to Tango. Health IT Buzz, 2014. Retrieved from http://www.healthit.gov/buzz-blog/consumer/consumer-access-online-health-records/.

18.

Riverside Health System. (2015). myHealth eLink. Retrieved from https://healthelink.riversideonline.com.

19.

Ryoo, J., Choi, Y. B., & Oh, T., Security and privacy in mobile telemedicine. In Xiao Y. & Chen H. (Eds.), Mobile Telemedicine: A Computing and Networking Perspective (pp. 175–193). World Scientific Publishing Co., 2008.

20.

Symantec. (2009). Security and Privacy for Healthcare Providers. [PDF]. White Paper: Best Practices Series for Healthcare. Retrieved from http://eval.symantec.com/mktginfo/enterprise/white_papers/b-security_and_privacy_for_healthcare_WP_20934020.en-us.pdf.

21.

Tipton, S. J., White II, D. J., Sershon, C., and Choi, Y. B., iOS Security and privacy: Authentication methods, permissions, and potential pitfalls with touch ID. Int. J. Comput. Inf. Technol. 3(3), 2014.

22.

What is protected health information (PHI)? (2014). Indiana University Knowledge Base. Retrieved from https://kb.iu.edu/d/ayyz.

23.

Whitman, M., Mattord, H., and Green, A., Principles of Incident Response & Disaster Recovery. Course Technology, Boston, MA, 2014.

Title: Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle
Authors: Stephen J. Tipton
Sara Forkey
Young B. Choi
Publication date: 01-04-2016
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 4/2016
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-016-0465-x

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle

Abstract

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 4/2016

A New Strategy to Evaluate Technical Efficiency in Hospitals Using Homogeneous Groups of Casemix

Feasibility and Preliminary Outcomes of a Web and Smartphone–Based Medication Self-Management Platform for Chronically Ill Patients

Learning ECOC Code Matrix for Multiclass Classification with Application to Glaucoma Diagnosis

The Effectiveness of SMS Reminders on Appointment Attendance: a Meta-Analysis

Development and Validation of a Near-Infrared Optical System for Tracking Surgical Instruments

A Review of Simulators with Haptic Devices for Medical Training