Meaningful Use Stage 3 may require multifactor authentication

The healthcare industry is getting a peak at what Stage 3 of Meaningful Use may look like. The Office of the National Coordinator for Health IT's HIT Policy Committee voted Sept. 6 to accept the Privacy and Security Tiger Team's recommendation to require multifactor authentication in certain cases involving remote access to patient protected health information, Healthcare Info Security reports.

The situations that would require such multifactor authentication, according to the Tiger Team, include:

  • Access from outside of an organization's/entity's private network
  • Access from an IP address not recognized as part of the organization/entity or that is outside of the organization/entity's compliance environment
  • Access across a network any part of which is or could be unsecure (such as across the open Internet or using an unsecure wireless connection).

The multifactor authentication would need to meet National Institute of Standards and Technology Level of Assurance 3, NIST 800-63-1, according to the article.

The Meaningful Use Workgroup of ONC's Health IT Policy Committee reported in its Aug. 1 meeting that it will revisit workgroup recommendations in October.

Some of the other proposed recommendations for Stage 3 include the capability of an EHR to receive and review a patient's immunization history supplied by a registry, and the capability of a longitudinal history across multiple settings over a patients' lifetime.

The Federal Advisory Committees on Meaningful Use, the HIT Policy Committee and the HIT Standards Committee, all were created by the American Recovery and Reinvestment Act--the same law that created the incentive program--to assist and advise ONC on health IT.

ONC had expected to present draft recommendations for Stage 3 of Meaningful Use by August, and reconcile them in September/October with the Stage 2 final rule.

To learn more:
- read the Healthcare Info Security article
- here is the information from the Tiger Team
- learn more about the Policy Committee's meeting