The Privacy and Security Tiger Team of the HIT Policy Committee, a federal advisory body, on Nov. 19 will present recommendations to the full committee on how to authenticate that an organization exchanging health information is who it says it is.

"We are evaluating these trust rules at the organizational or entity level, and as such, the scope of this recommendation does not include authentication of individual users of EHR systems," the team states in its presentation. "With respect to individual users, provider entities and organizations must develop and implement policies to identity proof and authenticate their individual users (already required under the HIPAA Security Rule)."

The Tiger Team recommends that entities involved in health data exchange be required to have digital certificates.

Other recommendations cover requirements and processes for issuing digital certificates, characteristics of who can credential/issue certificates, inclusion of EHR certification criteria to support digital certificates and comply with standards, and the types of transactions requiring certificates.

To access the recommendations, click here.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access