Two-factor authentication, opt-in law help enforce HIE security
In this webcast, Dan Porreca, executive director of HEALTHeLINK, describes two key steps in his organization's overall HIE security policy. HEALTHeLINK serves 2,627 providers in New York, an opt-in state, which means patients treated by one of the HIE's participating facilities must give their approval for their data to be shared amongst the other providers participating in the HIE.
More than 470,000 patients allow the HIE to share their records, with more than 95% of those granting full access. HEALTHeLINK also installed a two-factor authentication system for accessing patient records, which many health IT observers feel is a HIPAA compliance and meaningful use best practice. This system unifies authentication under one portal, particularly for physicians who regularly view data from different care facilities. Physicians only need to know one username and password to access any of HEALTHeLINK's HIE data.
The HIE also runs various weekly and monthly audits to validate that payers and providers are properly accessing data.