Patient portals pose new security issues

[InfoSec News <alerts () infosecnews org>]

http://www.healthcareitnews.com/news/patient-portals-pose-new-security-issues

By Gus Venditto
Healthcare IT News
October 29, 2013

As healthcare facilities launch their own patient portals, technology is 
only the first step. Administrators are learning that decisions need to be 
made on everything from patient login protocols to support for patient 
record revisions.

HIPAA regulations, always a primary concern when patient records are 
involved, are far from clear cut and that means administrators need to 
carefully consider the choices, says Adam Greene, a lawyer and consultant 
on HIPAA-related issues with his firm Davis Wright Tremaine LLP. He spoke 
at the AHIMA annual conference in Atlanta on October 28.

Even the question of how to provide account logins requires serious 
attention, Greene said. Patient records must secure, but complex password 
requirements may create the impression that a provider is in the position 
of denying a patient access to his records. Greene advised against 
requiring high-security protocols for passwords that require multiple 
character sets: “You need to have password security that is not so strong 
that users can’t get in.”

Healthcare providers need to take reasonable care with logins and other 
security measures to guard against unauthorized intruders into their 
record systems. But once reasonable care is taken, the organization has 
met its responsibility. For example, if account login information is 
provided to patients, and the patient does not properly protect the 
document, a provider is not at fault as long as reasonable care was taken 
when the information was in the care of staff.  “If they lose their data, 
that’s not your fault,” Greene told the audience of about 200.

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/