PRINCETON JUNCTION, NJ – The Smart Card Alliance is urging the Office of the National Coordinator to require strong, multi-factor authentication in Stage 2 of Meaningful Use. The alliance contends it's the best way to adequately protect identities, networks and information systems.

The proliferation of electronic health records and the sharing of sensitive information through health information exchanges means that increasing amounts of private medical information will be stored online, and an ever-growing array of individuals and organizations will be granted access, according to the alliance.

Strong authentication combined with appropriate access and audit controls will be critical to maintain a secure, private and trusted health information system. This will require a solid identity management infrastructure for healthcare.

[See also: Smart Card Alliance calls for two-factor authentication.]

The Smart Card Alliance, a group whose members include payers, providers and technologists, promotes the adoption of smart cards in U.S. healthcare organizations. The alliance submitted its comment to the ONC Feb. 24 in response to the government's request for comment on Stage 2 definition of meaningful use of EHRs.

In its comments the alliance stated that with the weak username and password authentication that is in place today, personal health information would be at serious risk; for example, tabloids could gain access to a celebrity's health information, or a political candidate's health information could be used against them by the competing party. High profile citizens aren't the only ones at risk, the alliance asserts. The average person's employment, insurance eligibility, and community status could be affected if their health information is compromised. Once information is disclosed, it cannot be made private again.

[See also: Experts discuss approaches to controlling access to healthcare records.]

With the nation's health IT infrastructure is in a fledgling state, the ONC should require multi-factor authentication solutions based on smart card technology that have been proven to thwart hackers and provide very high confidence that the person requesting access to a network or an individual health record is who he or she claims to be. Issuing patients and providers secure identity credentials based on smart card technology will reduce medical identity theft, the alliance contends, and bring numerous efficiencies to existing healthcare administration systems, and is in line with the National Strategy for Trusted Identities in Cyberspace (NSTIC) for access to electronic health records.

"Multi-factor authentication based on smart card technology provides an ideal foundation for improving the security and privacy of health information systems and electronic health records," said Randy Vanderhoof, executive director of the Smart Card Alliance.