There are many detailed guidelines regarding HIPAA compliance. Technical safeguards surround areas such as Access Control, Audit Controls, Integrity, Person or Entity Authentication, and Transmission Security. Sections are listed as 164.312(a)(1), 164.213(b), 164.312(c)(1), 164.312(d), and 164.312(e)(1).
1. HIPPA does not specify certain technology solutions. The intent is for those entities to have the flexibility to implement what security solutions that make sense for their institution.
Unique User Identification simply states that a unique user ID should be assigned for each employee that will allow for the ability to track user activity while logged into any part of the IT system(s)
Emergency Access provides the policies and procedures in the event in an emergency to access the Electronic Healthcare Record.
Automatic Logoff covers the need to provide the implementation of log off of the electronic healthcare record after a certain time of in-activity.
Encryption and Decryption needs to be implemented.
Audit controls needs to be provided that will monitor and logs the activities associated with the electronic healthcare record.
Authentication covers a wide range of potential technology solutions. At the most basic is the need to have a process and check for data integrity such as digital signatures. Passwords, pins, tokens, and biometrics could be used.
Transmission Security address how the data will be protected through the entire network communication process.
“In February 2014, NIST released the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) as directed in Executive Order 13636, Improving Critical Infrastructure Cybersecurity. The Cybersecurity Framework provides a voluntary, risk-based approach—based on existing standards, guidelines, and practices—to help organizations in any industry to understand, communicate, and manage cybersecurity risks. In the health care space, entities (covered entities and business associates) regulated by the Health Insurance Portability and Privacy Act (HIPAA) must comply with the HIPAA Security Rule to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) that they create, receive, maintain, or transmit. This crosswalk document identifies “mappings” between the Cybersecurity Framework and the HIPAA Security Rule.” 2.
After considerable discussions and research, it has been found the clinicians log in and log out from 50 to 100 times per day. It also has been understood that sessions simply remain open because either they did not log out, or just became very busy. The management of passwords is also a big challenge for any IT organization.
The now delivered BluStor solution solves a lot of the headaches in logging in and logging out, and delivers the next level of biometric authentication. www.blustor.co Your unique facial biometrics are stored securely on the card acts as your unique identifier. No biometrics are stored in the cloud or on a server. The GateKeeper application is the personal bouncer between you and the enterprise applications. Auto log and auto log out is controlled by the recognition of your facial characteristics from the camera on the laptop or other portable device and compared to that of which is stored on the card. Gone is the need to type in your passwords, biometric authentication absolutely validates that you are who your say you are and that you are authorized, and auto log and auto log out by facial recognition saves huge amount of time. An audit log can be easily be provided as well as validating actual use by location.
1. U. S. Department of Health and Human Services, HIPPA Security Standards: Technical Safeguards.
2. DHHS Office for Civil Rights/HIPPA Security Rule Crosswalk to NIST Cybersecurity Framework