(2) Implementation specification: Mechanism to authenticate electronic protected health information(Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
Tell Me More:
The Integrity standard requires covered entities to implement policies and procedures to protect electronic protected health information (EPHI) from improper alteration or destruction. The focus of integrity is to ensure electronic confidential information is kept consistent with the source information and is not changed inappropriately.
The Mechanism to Authenticate Electronic PHI implementation specification requires covered entities to address implementing electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
It may be reasonable for your entity to implement specific electronic protocols to review ePHI and corroborate that it has not been inappropriately altered. This may involve doing electronic “spot checks” of the ePHI, comparing specific data fields, performing statistical analyses, and so forth. This can be a particularly complex undertaking.
A complete set of HIPAA Security Policies and Procedures may be purchased here.
Questions to consider:
- Has your organization evaluated the need to implement specific electronic procedures to corroborate the integrity of ePHI? If not, this should be accomplished. (e.g., consider digital signatures, check sum technology, PINs, Tokens, magnetic cards)
- If your organization needs to implement specific electronic procedures, has your organization done such? If not, appropriate procedures must be identified and implemented.
- NIST SP 800-12 chapter 5 An Introduction to Computer Security: The NIST Handbook
- NIST SP 800-42 Guideline on Network Security Testing
- NIST SP 800-44 Guidelines on Securing Public Web Servers
- NIST SP 800-53, Revision 3 Recommended Security Controls for Federal Information Systems and Organizations
Latest posts by Michelle Caswell (see all)
- What to Know About OCR Pre-Audit Questionnaires - June 3, 2016
- HIPAA and Firearms. Balancing privacy with public safety. - February 1, 2016
- Cornell Faces Heavy Fines with Latest OCR Resolution Agreement - May 4, 2015