Comments on Authentication Sought

Tiger Team Seeking Advice on Identity Verification for Organizations
Comments on Authentication Sought
The privacy and security tiger team that's advising regulators about health information exchange issues is seeking comments on how to authenticate organizations exchanging electronic health records.

The team will make a recommendation on how best to verify the identity of a provider organization, such as a hospital or physician practice, seeking access to protected health information through a health information exchange.

Authentication Questions

In a new blog, the tiger team solicits comments, due Oct. 29, on such topics as:

  • What strength of authentication should be used?
  • Which providers should receive digital credentials?
  • What process should be used to issue credentials, and who should issue them?
  • What existing standard, if any, for digital credentials should be used?
  • What type of transactions should be authenticated?
The team eventually will make a long list of recommendations dealing with the privacy and security of health information exchange. They'll be included in a "policy and technology framework for health information exchange," says Deven McGraw, team co-chair and director of the health privacy project at the Center for Democracy & Technology.

Ultimately, the Department of Health and Human Services will determine how to use the recommendations of the tiger team, approved by the HIT Policy Committee, in new rules and regulations.

The HITECH Act called for expanding data exchange at the regional, state and national levels. It provided grants to states to help fund statewide exchanges.

On Oct. 20, the tiger team and the HIT Policy Committee discussed preliminary recommendations for notifying patients that an organization exchanges electronic health records with others.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.