How can we securely allow a provider to access an electronic health record (EHR) through a Web interface? Can we use third-party servers?
HIPAA Weekly Advisor, February 5, 2007
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Before allowing access to an EHR via Web interface, you should reasonably ensure that the interface is secure and uses at least 128-bit encryption (256-bit is preferable).
You may employ a third-party server, but be sure to establish, monitor, and enforce the appropriate security and privacy requirements regarding server access, administration, data transmission, etc. If an entity on contract with you manages the third-party server, execute the appropriate business associate contract prior to allowing any Web-based access to the EHR.
Access to an EHR via Web interface, virtual private network, or any other secure connection requires the owner of the EHR to establish appropriate policies and procedures related to
- authentication
- authorization
- access management
- role-based access control
- audits
Editor's note: Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Joint Commission Center announces handoff communication solutions
- Inside best practice: Reduce patient falls with a stoplight
- Identify modifiable risk factors to prevent patient falls
- Searched