[ISN] Patient portals pose new security issues

http://www.healthcareitnews.com/news/patient-portals-pose-new-security-issues By Gus Venditto Healthcare IT News October 29, 2013 As healthcare facilities launch their own patient portals, technology is only the first step. Administrators are learning that decisions need to be made on everything from patient login protocols to support for patient record revisions. HIPAA regulations, always a primary concern when patient records are involved, are far from clear cut and that means administrators need to carefully consider the choices, says Adam Greene, a lawyer and consultant on HIPAA-related issues with his firm Davis Wright Tremaine LLP. He spoke at the AHIMA annual conference in Atlanta on October 28. Even the question of how to provide account logins requires serious attention, Greene said. Patient records must secure, but complex password requirements may create the impression that a provider is in the position of denying a patient access to his records. Greene advised against requiring high-security protocols for passwords that require multiple character sets: “You need to have password security that is not so strong that users can’t get in.” Healthcare providers need to take reasonable care with logins and other security measures to guard against unauthorized intruders into their record systems. But once reasonable care is taken, the organization has met its responsibility. For example, if account login information is provided to patients, and the patient does not properly protect the document, a provider is not at fault as long as reasonable care was taken when the information was in the care of staff. “If they lose their data, that’s not your fault,” Greene told the audience of about 200. […]