reBlog from experiordata.com: Electronic access to patient info required within 96 hours | Avoid Breach Notification - Experior helps PHI Encryption
Click on a quote to select it...
According to the Initial Set of Standards for Electronic Health Records patients must be provided with their health information (most certainly protected health information -PHI- under HIPAA) electronically and securely within 96 hours.
“Consistent with the HIT Policy Committee’s recommendations, we propose the following additional clarification of this objective. Electronic copies may be provided through a number of secure electronic methods (for example, personal health record (
PHR), patient portal, CD, USB drive).
Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies) within 96 hours of the information being available to the EP. Also, consistent with the HIT Policy Committee recommendations, we propose the following additional clarification of this objective. Electronic access may be provided by a number of secure electronic methods (for example, PHR, patient portal, CD, USB drive). Timely is defined as within 96 hours of the information being available to the EP either through the receipt of final lab results or a patient interaction that updates the EP’s knowledge of the patient’s health. We judge 96 hours to be a reasonable amount of time to ensure that certified EHR technology is up to date. We welcome comment on if a shorter or longer time is advantageous.”
How to Secure Health RecordsYou may be wondering how can patient information be secured. The best way to secure information is by encrypting the media. However, note that patients must be able to decrypt the information on their own computer equipment. One of the product Experior Data implements is called PGP Portable. For example, the patient provides a USB drive for you to copy the PHI onto it. PGP Portable encrypts the entire USB device after the information is copied to it. The patient must provide a passphrase during the encryption process. When the patient goes home he/she inserts the USB drive into their home computer and is prompted for the passphrase. After the passphrase is entered access to the patient information is provided.
Tags: Add new tag, encryption, Health Insurance Portability and Accountability Act, PHI, Pretty Good Privacy
This entry was posted on Thursday, December 31st, 2009 at 1:34 pm and is filed under Encyption, PGP, Rulings. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
experiordata.com, Electronic access to patient info required within 96 hours | Avoid Breach Notification - Experior helps PHI Encryption, Dec 2009