Skip to main content

Advertisement

Springer Nature Link
Log in

Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual’s Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today’s technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. BIO-key Healthcare Security. (2015). Biometric authentication for healthcare. Retrieved from http://www.bio-key.com/industries/overview-3/healthcare.

  2. Choi, Y. B., Capitan, K. E., Krause, J. S., and Streeper, M. M., Challenges associated with privacy in health care industry: Implementation of HIPAA Security Rules. J. Med. Syst. (JMS) 30(3):57–64, 2006.

    Article  Google Scholar 

  3. Confidentiality, Integrity and Availability (CIA). (2008). University of Miami, Miller School of Medicine. Retrieved from http://it.med.miami.edu/x904.xml.

  4. Duo Security, Inc. (2015). Duo Authentication for Epic. Protect Access to Healthcare Data with Two-Factor Authentication. Retrieved from https://www.duosecurity.com/product/services/epic

  5. Flight, M., Law, liability, and ethics for medical office professionals, 5th edition. Delmar, Cengage Learning, Clifton Park, NY, 2011.

    Google Scholar 

  6. Grantham, D., Confidentiality alternatives for exchanging electronic medical records take shape. Behav. Healthc. 33(3):37–39, 2013.

    PubMed  Google Scholar 

  7. Grimes, R. A., All you need to know about the move to SHA-2 encryption. InfoWorld, 2015. Retrieved from http://www.infoworld.com/article/2879073/security/all-you-need-to-know-about-the-move-to-sha-2-encryption.html.

  8. HealthIT.gov. (2013). Electronic Health Records Infographic. [Infographic]. e-Health. Retrieved from http://www.healthit.gov/patients-families/electronic-health-records-infographic.

  9. HealthIT.gov. (2013). What You Can Do to Protect Your Health Information. Protecting Your Privacy & Security. Retrieved from http://www.healthit.gov/patients-families/what-you-can-do-protect-your-health-information.

  10. HealthIT.gov. (n.d.). Health IT: How to Keep Your Health Information Private and Secure. Privacy & Security Consumer Fact Sheet. [PDF]. The Office of the National Coordinator for Health Information Technology. Retrieved from http://www.healthit.gov/sites/default/files/how_to_keep_your_health_information_private_and_secure.pdf

  11. Health records privacy. Va. Code Ann. § 32.1-127.1:03.

  12. Imprivata. (2014). Authentication Management. Retrieved from http://www.imprivata.com/authentication-management

  13. Individual Access to Medical Records: 50 State Comparison. (2012). Health Information & the Law. Robert Wood Johnson Foundation. The George Washington University School of Public Health & Health Services. Retrieved from http://www.healthinfolaw.org/comparative-analysis/individual-access-medical-records-50-state-comparison.

  14. Medical records; ownership; provision of copies. Va. Code Ann. § 54.1-2403.3.

  15. Mir, S. S., HIPAA Privacy rule: Maintaining the confidentiality of medical records, Part 2. J. Health Care Compliance 13(3):35–78, 2011.

    Google Scholar 

  16. Navigating Cancer Now Offers Single Sign-on Functionality for its Patient Engagement Portal. (2015). PRNewswire. Retrieved from http://www.prnewswire.com/news-releases/navigating-cancer-now-offers-single-sign-on-functionality-for-its-patient-engagement-portal-300031335.html.

  17. Patel, V., and Siminerio, E., Consumer Access and use of Online Health Records: It Takes Two to Tango. Health IT Buzz, 2014. Retrieved from http://www.healthit.gov/buzz-blog/consumer/consumer-access-online-health-records/.

  18. Riverside Health System. (2015). myHealth eLink. Retrieved from https://healthelink.riversideonline.com.

  19. Ryoo, J., Choi, Y. B., & Oh, T., Security and privacy in mobile telemedicine. In Xiao Y. & Chen H. (Eds.), Mobile Telemedicine: A Computing and Networking Perspective (pp. 175–193). World Scientific Publishing Co., 2008.

  20. Symantec. (2009). Security and Privacy for Healthcare Providers. [PDF]. White Paper: Best Practices Series for Healthcare. Retrieved from http://eval.symantec.com/mktginfo/enterprise/white_papers/b-security_and_privacy_for_healthcare_WP_20934020.en-us.pdf.

  21. Tipton, S. J., White II, D. J., Sershon, C., and Choi, Y. B., iOS Security and privacy: Authentication methods, permissions, and potential pitfalls with touch ID. Int. J. Comput. Inf. Technol. 3(3), 2014.

  22. What is protected health information (PHI)? (2014). Indiana University Knowledge Base. Retrieved from https://kb.iu.edu/d/ayyz.

  23. Whitman, M., Mattord, H., and Green, A., Principles of Incident Response & Disaster Recovery. Course Technology, Boston, MA, 2014.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Arts & Sciences, Regent University, 1000 Regent University Drive, Virginia Beach, VA, 23464, USA

    Stephen J. Tipton, Sara Forkey & Young B. Choi

Authors
  1. Stephen J. Tipton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sara Forkey
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Young B. Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Young B. Choi.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tipton, S.J., Forkey, S. & Choi, Y.B. Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle. J Med Syst 40, 100 (2016). https://doi.org/10.1007/s10916-016-0465-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0465-x

Keywords

Search

Navigation