Advisors Tackle Data Exchange Authentication

The Privacy and Security Tiger Team of the HIT Policy Committee, a federal advisory body, on Nov. 19 will present recommendations to the full committee on how to authenticate that an organization exchanging health information is who it says it is.


The Privacy and Security Tiger Team of the HIT Policy Committee, a federal advisory body, on Nov. 19 will present recommendations to the full committee on how to authenticate that an organization exchanging health information is who it says it is.

"We are evaluating these trust rules at the organizational or entity level, and as such, the scope of this recommendation does not include authentication of individual users of EHR systems," the team states in its presentation. "With respect to individual users, provider entities and organizations must develop and implement policies to identity proof and authenticate their individual users (already required under the HIPAA Security Rule)."

The Tiger Team recommends that entities involved in health data exchange be required to have digital certificates.

Other recommendations cover requirements and processes for issuing digital certificates, characteristics of who can credential/issue certificates, inclusion of EHR certification criteria to support digital certificates and comply with standards, and the types of transactions requiring certificates.

To access the recommendations, click here.

--Joseph Goedert

 

More for you

Loading data for hdm_tax_topic #better-outcomes...