Hi all,
Has anyone had to deal with the following HIPAA compliance requirements
within a custom application before:
§164.312(c)(2)
Implement electronic mechanisms to corroborate that electronic protected
health information has not been altered or destroyed in an unauthorized
manner.
Rohit,
You wrote:
Has anyone had to deal with the following HIPAA compliance requirements
within a custom application before:
§164.312(c)(2)
Implement electronic mechanisms to corroborate that electronic
protected health information has not been altered or destroyed in
an unauthorized
On Tue 4/26/2011 11:13 AM, Rohit Sethi wrote:
It sounds like people generally deal with this through techniques
outside of the application logic itself such as checksums and/or
digital signatures on files / database values that contain protected
health information. My initial thought was
Yeah, it really looks like some of these are boiling down to the auditor's
discretion. I realize there are a lot of ways to ensure data integrity
(thanks for a good summary Kevin). I was hoping to learn which specific ways
people have used to pass HIPAA compliance in the past, but it doesn't look
For example, there are HIPPA access control requirements that demand that you
only give doctors access to transmit patient data in a minimal way; only
transmitting data needed for a diagnosis. Good luck coding that. It's also
bad medicine.
Sounds like contextual access control to me -