HIPAA Law-Selecting the Right User Authentication System
The main objective of the HIPAA law is to streamline health insurance system and provide continuous coverage to the people who change or loose their jobs. To do this effectively, special emphasis is laid on complete conversion of patient health records from paper to electronic format. This will make it convenient for the covered health providers and their business associates, to safely manage the voluminous patient health information in a cost-effective manner.
The HIPAA law advocates a very strong security policy, which guarantees the protection of the confidential health information from unauthorized access on the net. Password enabled access, is the most common type of the security system. But such a system is not reliable as the passwords can be easily hacked. Also when there are many passwords to remember, it becomes very cumbersome for the user to remember all of them. The patient or user writes them down on paper and this is an unsafe practice because if it falls in wrong hands it can result in financial losses for patient and the health service provider.
The smart card system provides a better option as it works on combination of the security card and a pin number. But there is a loophole in it. Incase of loss of smart card or if the pin number is cracked open by hacker, the secrecy of patient health information can be severely compromised. Further Smart card based authentication systems are costly and hence it becomes expensive for the small health providers to install.
A strong user authentication, which provides exceptionally strong defense against unauthorized access or intrusion, should be incorporated into the computer networks. Biometric authentication offers the best available solution to health service providers, as it integrates unique characteristics of the patient or the user, like fingerprints, iris scan, voice prints, signatures and keystrokes dynamics with a user password to create a highly secure access system. As this technology uses costly equipments, the health providers need to spend more, compared to other available options.
Under HIPAA law, all the covered entities like hospitals, clinics, clearing houses and other health service providers are responsible and accountable for the safety of the patient health information. Hence it is necessary, to put in place an impenetrable security wall, in form of reliable user authentication, which successfully neutralizes any intrusion. This protects the health organization from non compliance of HIPAA law due to poor network security.
User authentication fortifies the computer network against unauthorized access.
Read more on HIPAA at, www.empowerbpo.com
Labels: HIPAA law