Comments on Authentication SoughtTiger Team Seeking Advice on Identity Verification for Organizations
The team will make a recommendation on how best to verify the identity of a provider organization, such as a hospital or physician practice, seeking access to protected health information through a health information exchange.
Authentication QuestionsIn a new blog, the tiger team solicits comments, due Oct. 29, on such topics as:
- What strength of authentication should be used?
- Which providers should receive digital credentials?
- What process should be used to issue credentials, and who should issue them?
- What existing standard, if any, for digital credentials should be used?
- What type of transactions should be authenticated?
Ultimately, the Department of Health and Human Services will determine how to use the recommendations of the tiger team, approved by the HIT Policy Committee, in new rules and regulations.
The HITECH Act called for expanding data exchange at the regional, state and national levels. It provided grants to states to help fund statewide exchanges.
On Oct. 20, the tiger team and the HIT Policy Committee discussed preliminary recommendations for notifying patients that an organization exchanges electronic health records with others.