News Stay informed about the latest enterprise technology news and product updates.

Patient engagement provisions could raise security concerns

The requirements for physicians to offer patients online access to their records are among the most talked-about additions to the stage 2 meaningful use rules. But they could also carry the mother of all unintended consequences – HIPAA violations and their seven-figure average fines – unless doctors figure out how to confirm patients’ identities before releasing information.

The stage 2 meaningful use rules require that physicians allow patients to view, download and transmit information electronically. Doctors must also offer online communication options. But how will doctors know they are actually chatting with their patient and not someone who has simply assumed the identity of one of their patients?

Deven McGraw, director of the health privacy project at the Center for Democracy and Technology and chair of the Office of the National Coordinator for Health IT’s Privacy and Security Tiger Team, recently wrote on the ONC’s Health IT Buzz blog that this question will need to be answered.

Toward that end, the Health IT Policy Committee will host a hearing at the end of the month to discuss patient credentialing. McGraw wrote that this meeting will go over the steps health care professionals should take to make sure the person who is remotely accessing a record is, in fact, the patient they say they are, and how to issue digital credentials.

The patient engagement provisions of the stage 2 rules were widely considered to be a boon to patient empowerment. But it will be interesting to see how empowered patients feel when hackers start exploiting these provisions to make off with personal health information.

It is encouraging that regulators are starting to discuss ways physicians can offer their patients access to data while limiting vulnerabilities. But methods of secure credentialing should be clearly defined before any of the patient engagement provisions go into effect. Otherwise, the situation could place physicians in the sticky situation of complying with rules that create security vulnerabilities, potentially leading to HIPAA compliance problems.

Just about any new regulation — particularly major rules — has the potential to carry unintended consequences. However, in this case, the potential problem is already identified and understood. Now it is up to the regulators to help doctors understand how they can deal with it.

Join the conversation

7 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Patient engagement provisions could raise security concerns http://t.co/rKOywrts
Cancel
Patient engagement provisions could raise security concerns http://t.co/rKOywrts
Cancel
Boon to pt access, or #HIPAA threats abound? MT @EdBurnsTT: Patient engage. provisions could raise security concerns http://t.co/IMY9GxD6
Cancel
Boon to pt access, or #HIPAA threats abound? MT @EdBurnsTT: Patient engage. provisions could raise security concerns http://t.co/IMY9GxD6
Cancel
Another very serious concern. Patient engagement provisions could raise security concerns http://t.co/VvXTeObH
Cancel
Another very serious concern. Patient engagement provisions could raise security concerns http://t.co/VvXTeObH
Cancel
The banking industry doesn't seem to have a problem with this. May-be someone should call them...
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close