13.5 IMPLEMENTING INTEGRITY CONTROL MECHANISMS ( 164.312(C)(1))


13.5 IMPLEMENTING INTEGRITY CONTROL MECHANISMS ( § 164.312(C)(1) )

(c)(1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

(2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

This HIPPA technique offers the flexibility for the CE to determine its specific needs for Integrity Control. Examples of mechanisms that are available at a hardware level would be disk redundancy solutions. Redundant Arrays of Inexpensive Disks (RAID) offers cost effective measures to ensure data integrity is maintained . Error correcting (ECC) memory is available for servers to prevent data corruption as it is accessed from the network.

File integrity has some intrinsic integrity checks such as checksums that will perform mathematical calculations on a file to derive a file integrity identifier. When a file is accessed, its checksum is calculated at the destination and verified with the source checksum. Furthermore, checksums can also be used in conjunction with a Host Intrusion Detection System, which can catalogue all file checksums and monitor the system if they change. For example, if a malicious rootkit (Trojan software) is installed on a system, the checksum will not match with the catalogued checksum and an alert and/or preventive measure will be issued.

Digital signatures may be implemented to 'stamp' the data or documents with a very difficult algorithm. This ensures that when data is exchanged, only the source and destination parties are able to view the information. For example, if EPHI is exchanged between a healthcare provider and healthcare insurance company, a digital signature could be applied to ensure the integrity for the information exchange.




HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net