Verizon expands security offerings for EHRs, HIEs, eRx
When it comes to issues of security and credentialing, healthcare is "one of the most heavily-regulated industries," says Tracy Hulver, director of identity marketing in the Security Innovation Group at Verizon Business.
At the same time, however, it can be one where people are "the least technology-savvy, in a lot of cases," he says. Compound that situation with tight budgets for IT and security, and the result is a "a tremendous challenge."
On Thursday, as part of its strategy to help healthcare organizations combat identity theft and help enable secure access to digitized health information, the firm announced a suite of new features for its healthcare identity services. Officials say the enhancements will help providers to transform care delivery, enhance access to care and better manage costs.
[See also: Verizon launches cloud-based HIE.]
Verizon Universal Identity Services-Healthcare, a managed service delivered from the Verizon cloud through its Terremark IT services delivery subsidiary, now supports additional healthcare identity standards for accessing EHRs and health information exchanges, as well as credentials for e-prescribing, including prescriptions for controlled substances.
The enhanced services deliver legally binding digital signature capabilities, enabling healthcare providers to digitally sign patient health information – such as treatment plans, electronic prescriptions, laboratory reports and discharge orders – with strong user authentication and security protections. Other digitally signed documents that can be securely shared include filings to government agencies and official communications with contractors and business partners. With Verizon's new ID Message Center, users can monitor and track their digital signature activities through a mobile application or optional Web-based portal.
The updated package also allows providers to use their smartphones and tablets to authenticate their identity to gain access to these new capabilities. And "because it's a managed service, the organization does not have to manage a lot of costs like infrastructure or administrative overhead," says Hulver. "It's a very economical solution."
"Securely and quickly authenticating the digital identity of healthcare professionals is a key foundational element supporting the electronic exchange of healthcare information," says Peter Tippett, vice president of industry and security solutions, Verizon. "By streamlining and strengthening the issuance of health identities, our newly enhanced universal identity service for healthcare will help boost widespread adoption and act as a catalyst for further transformation of the U.S. healthcare delivery system."
[See also: Top 5 security threats in healthcare.]
The service now supports the code of federal regulations from the U.S. Drug Enforcement Administration and the U.S. Food and Drug Administration. CFR-1311, a set of guidelines from the DEA, regulates the use of e-prescribing for controlled substances. CFR-21 Part 11, from the FDA, provides digital signature guidelines for the submission of electronic records. In June, Verizon announced that the service supports the SAFE-BioPharma standard, the only life science digital standard that offers interoperability with government agencies, such as the FDA and the European Medicines Agency.
In addition, Verizon's healthcare identity platform incorporates the standards established by the Initiative for Open Authentication, an industry group working toward an open, standards-based system to support the issue of multi-factor identity credentials.
Launched in November 2010, Verizon Universal Identity Services-Healthcare, a cloud-based service offered via a SaaS delivery model, provides healthcare organizations with a cost-effective and streamlined means of issuing strongly authenticated identity credentials.
The multi-factored credentials delivered by the service are designed to meet the Level 3 authentication requirements created by the National Institute of Standards and Technology (NIST), the federal agency that works with industry to develop and apply technology, measurements and standards. The credentials also help enable U.S. healthcare professionals to meet federal meaningful use requirements contained in the HITECH Act.
"Ten years ago, before all this information about the cloud, people were certainly apt to outsource applications," says Hulver, "but the security element is something they really wanted to hold on to as long as possible."
Nowadays, with the threat level increasing – and the penalties for breaches doing the same – the situation has changed. But that doesn't mean, of course, that getting more money from the CFO for security is any easier, he adds.
More and more providers are looking for ways to meet these stringent regulations with the budgets they have, says Hulver. "Outsourcing elements of their security is something that people are starting to look at as a valid alternative."