FacebookTwitterLinkedInEmailPrint
This entry is part 41 of 59 in the series Complete Guide to HIPAA Security Final Rule

(2) Implementation specification: Mechanism to authenticate electronic protected health information(Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

Tell Me More:

The Integrity standard requires covered entities to implement policies and procedures to protect electronic protected health information (EPHI)  from improper alteration or destruction.  The focus of integrity is to ensure electronic confidential information is kept consistent with the source information and is not changed inappropriately.

The Mechanism to Authenticate Electronic PHI implementation specification requires covered entities to address implementing electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

It may be reasonable for your entity to implement specific electronic protocols to review ePHI and corroborate that it has not been inappropriately altered. This may involve doing electronic “spot checks” of the ePHI, comparing specific data fields, performing statistical analyses, and so forth. This can be a particularly complex undertaking.

complete set of HIPAA Security Policies and Procedures may be purchased here.

 

Questions to consider:

  • Has your organization evaluated the need to implement specific electronic procedures to corroborate the integrity of ePHI? If not, this should be accomplished. (e.g., consider digital signatures, check sum technology, PINs, Tokens, magnetic cards)
  • If your organization needs to implement specific electronic procedures, has your organization done such? If not, appropriate procedures must be identified and implemented.

 

References:

Series Navigation<< 164.308(a)(7)(ii)(E) Standard: Contingency plan – Applications and data criticality analysis164.312(a)(2)(ii) Standard: Access control – Emergency access procedure >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.
 
FacebookTwitterLinkedInEmailPrint