New Hampshire Health Care Lawyers

New Hampshire Health Care Lawyers

New Hampshire Health Care Lawyers

How many times have you forgotten your password to an on line account and clicked the "Forgot your password?" option? By doing so, you are typically then asked to provide your e-mail address. If that e-mail address matches the one assigned to your account, you then will receive your password in an e-mail or directions on how to change your password. New Hampshire Health Care Lawyers says that, If you are a healthcare provider that allows your patients to access their records electronically, this "Forgot your password?" approach may be inconsistent with HIPPA's Security Rule.

In enacting HIPAA, Congress mandated the establishment of Federal standards for the security of electronic protected health information (e-PHI). The purpose of the Security Rule is to ensure that every covered entity has implemented safeguards to protect e e-PHI. See 45 CFR 164.306. The Security Rule allows for e-PHI to be sent to a patient over an electronic open network as long as it is adequately protected. New Hampshire Health Care Lawyers recently became aware of a complaint by a patient that her on line medical records were accessed by another person without her permission.

Patient had a relationship with a man, who had left his wife for her. While they were living together, the patient became pregnant. The man panicked at the thought of his future paternal responsibilities and went back home to his wife. His wife was not unexpectedly hurt and angry but took him back. Husband and wife then decided to build defenses against the inevitable paternity suit. While living together with patient, husband had access to certain personal information of patient. With this information, wife created an on line account with patient's medical provider to gain access to her records in hopes of mining them for useful information in the paternity suit.

As part of her deception, wife created an e-mail account with Yahoo that closely resembled the user ID in patient's Gmail account. The initial password for the account is chosen by the health provider and mailed to the patient's address as indicated by patient in the on line application. The wife chose to have the initial password mailed to an old address associated with patient. After waiting a period of time, the wife then sought access to the on line account. But she didn't have that initial password assigned by the health provider. Instead, she availed herself of the "forgot password" option and received that initial password in an e-mail sent to the Yahoo account she had set up. The wife then accessed patient's records repeatedly until her conduct was discovered.

The wife's access to patient's records constituted a "security incident." 45 CFR 164.304 defines security incident as the attempted or successful unauthorized access to patient information. HIPAA requires that the provider implement policies and procedures to respond to security incidents. 45 CFR 164.308(a)(6)(i). Disabling the forgot-password" function or taking other steps to insure the password is not released to an improper party may be necessary to insure compliance with the requirement under HIPAA to safeguard the e-PHI and to appropriately respond to a security incident. For legal advises please contact New Hampshire Health Care Lawyers.

POST COMMENT

Prevent Water Borne Diseases with Water Treatment Devices Choose the Right Eyeglasses for Eye Health Great Herbs: The Herb of Courage, Thyme Total Wellness Cleanse Review - Total Wellness Cleanse Free Ebook 8 Benefits of Using a Laser to Treat Gum Disease New Warnings about Heart Disease Medication for Medicare Patients Elevated blood pressure and signs of high bp causes Is Hemorrhoid Miracle A Scam Kidney Diet Secrets Rachelle Gordon Find Out Everything You are Required To Know About Cellulite Organic Beauty Products For a Healthier Skin GP Bold 200 Equipoise Boldenone Undeclynate Use in Bodybuilding GP Bold 200 Equipoise Boldenone Undeclynate Use in Bodybuilding