Posted by: RedaChouffani
HIPAA, PHI, PHR, security
The Privacy and Security Tiger Team of the Health IT Policy Committee, and the Privacy and Security Working Group of the Health IT Standards Committee, will host a web hearing on credentialing patients on November 29, 2012 from 12pm to 4pm, Deven McGraw, chair of ONC’s Privacy and Security Tiger team shared on the healthit.gov blog.
This will open a public conversation to help gather feedback from patients and other health care stakeholders on how they are currently accessing and consuming their personal health records, as well as what their input is in terms of digital credentials. Some of the issues that the post is asking for feedback on are:
- Did you have to show up in person at your doctor’s office or were you able to establish the account online?
- If you were able to establish the account online, what steps did you have to go through to prove your identity?
- Once you established the account, what steps do you have to go through to access it?
- Do you believe the process for giving you access to your account will keep your information secure?
- What other approaches would you recommend to provide patients with secure online access to their medical information?
It is fair to say that if the parameters of a digital identity in the health care would follow the same methods that other markets like financial institutes, credit bureaus and some federal branches of government currently utilize, it would provide the adequate minimum requirements and best practices to ensure the patient is who they claim to be.
Individuals of all ages and backgrounds have been successful at electronically accessing their private information, though there have also been many occasions of security concerns and breaches that were caused due to phishing attempts. These have been mostly caused by fake emails which redirect individuals to a website that may have the same look and feel of a legitimate website, and require users to enter their credentials. This information would then be used by the criminal to log in into the real website and steal private information. These phishing attempts pose the highest risk for patients to have their medical information compromised. Patients must be aware of these scams and not trust the validity of every email and contact their health provider when in doubt.