Avoid Breach Notification - Experior helps PHI Encryption » Pretty Good Privacy http://www.experiordata.com/blog Encrypt your PHI, and avoid breach notification Tue, 18 May 2010 04:09:33 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Security for Meaningful Use: Part 2 – Electronic Access to Protected Health Information (PHI) http://www.experiordata.com/blog/2009/12/31/security-for-meaningful-use-part-2-electronic-access-to-protected-health-information-phi/ http://www.experiordata.com/blog/2009/12/31/security-for-meaningful-use-part-2-electronic-access-to-protected-health-information-phi/#comments Thu, 31 Dec 2009 17:34:34 +0000 admin http://www.experiordata.com/blog/?p=352 Standards Set for Providing Secure Access to Patient Records


Sample patient record view from VistA Imaging
Image via Wikipedia

According to the Initial Set of Standards for Electronic Health Records patients must be provided with their health information (most certainly protected health information -PHI- under HIPAA) electronically and securely within 96 hours.


“Consistent with the HIT Policy Committee’s recommendations, we propose the following additional clarification of this objective. Electronic copies may be provided through a number of secure electronic methods (for example, personal health record (

PHR), patient portal, CD, USB drive).


Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies) within 96 hours of the information being available to the EP. Also, consistent with the HIT Policy Committee recommendations, we propose the following additional clarification of this objective. Electronic access may be provided by a number of secure electronic methods (for example, PHR, patient portal, CD, USB drive). Timely is defined as within 96 hours of the information being available to the EP either through the receipt of final lab results or a patient interaction that updates the EP’s knowledge of the patient’s health. We judge 96 hours to be a reasonable amount of time to ensure that certified EHR technology is up to date. We welcome comment on if a shorter or longer time is advantageous.”

How to Secure Health Records

USB Vacuum Cleaner, a giveaway from an IBM event
Image via Wikipedia

You may be wondering how can patient information be secured. The best way to secure information is by encrypting the media. However, note that patients must be able to decrypt the information on their own computer equipment. One of the product Experior Data implements is called PGP Portable. For example, the patient provides a USB drive for you to copy the PHI onto it. PGP Portable encrypts the entire USB device after the information is copied to it. The patient must provide a passphrase during the encryption process. When the patient goes home he/she inserts the USB drive into their home computer and is prompted for the passphrase. After the passphrase is entered access to the patient information is provided.

Related articles by Zemanta
Reblog this post [with Zemanta]









]]> http://www.experiordata.com/blog/2009/12/31/security-for-meaningful-use-part-2-electronic-access-to-protected-health-information-phi/feed/ 0