Enter Your Email Address to Receive a
Copy of MedicExhange Member Demograhpics

New HIPAA privacy and security enforcement laws favor Smart Card Use in Healthcare

New enforcement laws gave HIPAA privacy and security regulations a big boost under the American Recovery and Reinvestment Act of 2009 (ARRA), and also extended HIPAA regulations to more businesses, attendees learned at the 8th Annual Smart Cards in Government Conference. With the Obama administration and Congress showing they are serious about protecting an individual's healthcare information, identity and authentication solutions based on smart card technology become a much more attractive proposition for healthcare companies charged with protecting the security of personal health records.

There are other significant changes in the new law, including a data breach notification requirement, which requires notifying individuals and media if 500 or more personal health records are compromised. ARRA extends HIPAA requirements to Personal Health Record (PHR) vendors, Gallagher said. There are also clarifications, such as the standards for accounting disclosures. Individuals can request copies of personal health records, called accounting disclosures in the law, and organizations are responsible for providing three years of records back from the date of the request. If the records are stored in electronic format, individuals now have the right to request an electronic copy. The Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) is developing the standards for accounting disclosures. That document draft will be delivered after the first of the year to the HHS Office for Civil Rights, the organization that will do the actual rulemaking. The goal is to have the rules available by June 30, 2010.

With the federal government's new vision of enforcement and compliance, smart card technology for healthcare identity management takes on a new level of importance. Smart cards provide a proven way to uniquely and securely authenticate an individual across the entire national healthcare system, including over the Internet. They protect security and privacy by giving individuals control over access to their personal records. For enterprises, smart cards can be used by employees who need to access healthcare records, providing high levels of security and a non-repudiable record of who accesses information and when, to aid in compliance with healthcare information protection laws.

The Smart Card Alliance Healthcare Council has prepared briefs and white papers that explain how smart card technology can enhance the privacy and security of personal health records, and also provide a solid foundation of identity for healthcare information systems.

Source: The Smart Card Alliance

You can discuss more about Healthcare IT and related topics in our  Healthcare Informatics Group.