Overview:
Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
Action Items:
1) Obtain and review policies and procedures for authenticating EPHI. Evaluate the content relative to the specified criteria to determine that electronic mechanisms are in place to authenticate EPHI. Elements to review include but are not limited to: How to detect if ePHI has not been altered or destroyed; How to detect if ePHI has been altered or destroyed in an unauthorized manner.
2) Obtain and review documentation demonstrating that electronic mechanisms are implemented to authenticate EPHI. Evaluate the implemented mechanisms to determine that the implemented mechanisms would appropriately corroborate that EPHI has not been altered or destroyed in an unauthorized manner.
Related Documents:
1) Policies and procedures for authenticating ePHI.
2) Documentation demonstrating that electronic mechanisms are implemented to authenticate ePHI.
Additional Guidance:
In order to determine which electronic mechanisms to implement to ensure that EPHI is not altered or destroyed in an unauthorized manner, a covered entity must consider the various risks to the integrity of EPHI identified during the risk analysis. Once covered entities have identified risks to the integrity of their data, they must identify security measures that will reduce the risks.
Sample questions for covered entities to consider:
- Do existing information systems have available functions or processes that automatically check for data integrity such as check sum verification or digital signatures?
- Are electronic mechanisms to protect the integrity of EPHI currently used?
Article ID: 482
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-mechanism-to-authenticate-electronic-protected-health-information-164-312-c-2-482.html