Patients accessing their medical data through an electronic health record online portal should be required to provide, at a minimum, a user name and password to verify their identity, the Office of the National Coordinator for Health Information Technology’s privacy and security “tiger team” said April 1.
According to the tiger team’s draft recommendations on privacy and security policies for accessing health data, single-factor authentication should be a minimum for patient access to their data in EHRs, and providers may want to offer their patients additional security (such as through additional authentication factors) for particularly sensitive data.
However, in setting ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.