Abstract
This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual’s Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today’s technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.
Similar content being viewed by others
References
BIO-key Healthcare Security. (2015). Biometric authentication for healthcare. Retrieved from http://www.bio-key.com/industries/overview-3/healthcare.
Choi, Y. B., Capitan, K. E., Krause, J. S., and Streeper, M. M., Challenges associated with privacy in health care industry: Implementation of HIPAA Security Rules. J. Med. Syst. (JMS) 30(3):57–64, 2006.
Confidentiality, Integrity and Availability (CIA). (2008). University of Miami, Miller School of Medicine. Retrieved from http://it.med.miami.edu/x904.xml.
Duo Security, Inc. (2015). Duo Authentication for Epic. Protect Access to Healthcare Data with Two-Factor Authentication. Retrieved from https://www.duosecurity.com/product/services/epic
Flight, M., Law, liability, and ethics for medical office professionals, 5th edition. Delmar, Cengage Learning, Clifton Park, NY, 2011.
Grantham, D., Confidentiality alternatives for exchanging electronic medical records take shape. Behav. Healthc. 33(3):37–39, 2013.
Grimes, R. A., All you need to know about the move to SHA-2 encryption. InfoWorld, 2015. Retrieved from http://www.infoworld.com/article/2879073/security/all-you-need-to-know-about-the-move-to-sha-2-encryption.html.
HealthIT.gov. (2013). Electronic Health Records Infographic. [Infographic]. e-Health. Retrieved from http://www.healthit.gov/patients-families/electronic-health-records-infographic.
HealthIT.gov. (2013). What You Can Do to Protect Your Health Information. Protecting Your Privacy & Security. Retrieved from http://www.healthit.gov/patients-families/what-you-can-do-protect-your-health-information.
HealthIT.gov. (n.d.). Health IT: How to Keep Your Health Information Private and Secure. Privacy & Security Consumer Fact Sheet. [PDF]. The Office of the National Coordinator for Health Information Technology. Retrieved from http://www.healthit.gov/sites/default/files/how_to_keep_your_health_information_private_and_secure.pdf
Health records privacy. Va. Code Ann. § 32.1-127.1:03.
Imprivata. (2014). Authentication Management. Retrieved from http://www.imprivata.com/authentication-management
Individual Access to Medical Records: 50 State Comparison. (2012). Health Information & the Law. Robert Wood Johnson Foundation. The George Washington University School of Public Health & Health Services. Retrieved from http://www.healthinfolaw.org/comparative-analysis/individual-access-medical-records-50-state-comparison.
Medical records; ownership; provision of copies. Va. Code Ann. § 54.1-2403.3.
Mir, S. S., HIPAA Privacy rule: Maintaining the confidentiality of medical records, Part 2. J. Health Care Compliance 13(3):35–78, 2011.
Navigating Cancer Now Offers Single Sign-on Functionality for its Patient Engagement Portal. (2015). PRNewswire. Retrieved from http://www.prnewswire.com/news-releases/navigating-cancer-now-offers-single-sign-on-functionality-for-its-patient-engagement-portal-300031335.html.
Patel, V., and Siminerio, E., Consumer Access and use of Online Health Records: It Takes Two to Tango. Health IT Buzz, 2014. Retrieved from http://www.healthit.gov/buzz-blog/consumer/consumer-access-online-health-records/.
Riverside Health System. (2015). myHealth eLink. Retrieved from https://healthelink.riversideonline.com.
Ryoo, J., Choi, Y. B., & Oh, T., Security and privacy in mobile telemedicine. In Xiao Y. & Chen H. (Eds.), Mobile Telemedicine: A Computing and Networking Perspective (pp. 175–193). World Scientific Publishing Co., 2008.
Symantec. (2009). Security and Privacy for Healthcare Providers. [PDF]. White Paper: Best Practices Series for Healthcare. Retrieved from http://eval.symantec.com/mktginfo/enterprise/white_papers/b-security_and_privacy_for_healthcare_WP_20934020.en-us.pdf.
Tipton, S. J., White II, D. J., Sershon, C., and Choi, Y. B., iOS Security and privacy: Authentication methods, permissions, and potential pitfalls with touch ID. Int. J. Comput. Inf. Technol. 3(3), 2014.
What is protected health information (PHI)? (2014). Indiana University Knowledge Base. Retrieved from https://kb.iu.edu/d/ayyz.
Whitman, M., Mattord, H., and Green, A., Principles of Incident Response & Disaster Recovery. Course Technology, Boston, MA, 2014.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Tipton, S.J., Forkey, S. & Choi, Y.B. Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle. J Med Syst 40, 100 (2016). https://doi.org/10.1007/s10916-016-0465-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0465-x