|
integrity,
data (HIPAA)
The integrity standard
of the technical
safeguards addresses "policies and procedures to
protect electronic
protected health information
[PHI] from improper alteration or destruction." (Previously
this was called the data authentication standard.)
The standard has
a single implementation
specification which, oddly enough, is addressable rather
than required: "[I]mplement electronic mechanisms to
corroborate that electronic [PHI] has not been altered or
destroyed in an unauthorized manner."
The covered entity's
risk analysis must address what data should be authenticated,
and to what degree of assurance. DHHS has noted that it believes
"this standard will not prove difficult to implement,
since there are numerous technologies available, such as processes
that employ digital
signature or check sum technology
to accomplish the task." (Final Rule, p.136)
See also:
|
