Medical Data Security

Healthcare is increasingly going online: electronic health records, patient portals, e-prescriptions, and so on. Not only are we accessing our medical history online, but all the people and organizations providing care are accessing that information on internal and external networks. Streamlined healthcare is online healthcare, and that means new protections beyond locked file cabinets for paper records. As this has happened, new regulations have been created to ensure the security of medical data.

Our medical records are becoming vulnerable to attacks that have long plagued other industries, and the solutions for those industries need to be brought into the healthcare industry as well.

What does HIPAA require regarding user authentication?

Covered entities (hospitals, doctors, health insurance companies, HMOs, etc.) under the Health Insurance Portability and Accountability Act (HIPAA) must comply with requirements to protect the privacy and security of health information. Business associates (those who help covered entities carry out its health care activities and functions) must also comply with the same requirements.

One of the requirements under HIPAA is for covered entities and business associates to “implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed” (164.312d Technical Safeguards of the Security Standards for the Protection of EPHI, HHS.gov).

One possible risk management strategy specifically cited by the Department of Health and Human Services is to

“implement two-factor authentication for granting remote access to systems that contain EPHI”

(Remote Use, HIPAA Security Guidance, HHS.gov).

How does GreenRADIUS help healthcare agencies become HIPAA compliant?

By implementing GreenRADIUS MFA, hospitals, doctor’s offices, health insurance companies, and all other covered entities and business associates can be compliant with this HIPAA requirement. Multi-factor authentication is a strong method to verify user identity. Not only can GreenRADIUS help covered entities with this requirement, but GreenRADIUS is also easy to deploy, easy to manage, and affordable.