TRENDING:

Authentication: Balancing Act for HIEs

Considering Adequate Security and Ease of Use Marianne Kolbasuk McGee (HealthInfoSec) • November 27, 2013     15 Minutes   
Authentication: Balancing Act for HIEs
Ensuring strong authentication of users while maintaining ease of use is a difficult challenge for health information exchanges nationwide, says David Whitlinger of New York's statewide HIE.

"There's utmost need for security in knowing that who you're giving access through the network is who they say they are, and [knowing] what access they should have," says Whitlinger, executive director of the New York eHealth Collaborative, which oversees the Statewide Health Information Network of New York.

However, the trick is figuring out "how hard and how far do you challenge [for identity verification] before you've created too many barriers for doctors, clinicians and other users of the system," he says.

Making it too difficult to access patient data via HIEs, Whitlinger says, could push some busy clinicians into shunning the exchanges and concluding: "This is too hard, I'll just get my information some other way."

Building an ID and access management strategy involves carefully determining when to require the use of two-factor authentication, he notes. And that will require "significant policy work" within each state, Whitlinger says in an interview with Information Security Media Group.

"Where we might likely land is that within a controlled environment, a strong password might be an acceptable level of authentication, but when you're outside of a controlled environment, which has physical control over [a patient's data], two-factor authentication might be necessary," he says.

While the policy is debated, the Statewide Health Information Network of New York is offering member clinicians two authentication options: a strong password or two-factor authentication, featuring a password plus a PIN code that's sent to a mobile device. Those same options will be offered to patients when the exchange's new patient portal goes live early next year, he says.

In the interview, Whitlinger also discusses:

  • The challenges involved with providing mobile users access to HIE data;
  • The role that biometrics technologies could eventually could play for ID and access management.
  • The statewide HIE's ongoing development of its patient portal.

As executive director of the New York eHealth Collaborative, Whitlinger leads its various HIE-related efforts and its work as a regional extension center assisting healthcare providers making the shift to electronic health records. Previously, Whitlinger was director of healthcare device standards and interoperability for Intel in its digital health group. He also led the cross-industry consortium, the Continua Health Alliance, focused on establishing an ecosystem of interoperable, personal telehealth systems.

Previous
Cloud Security: Top 10 Tips
Next
Push for Patent Reform Advances



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.