HIPAA Privacy - Login password or USB Access key?

Phloogy

Starting to get Involved
#1
I have a HIPAA privacy question. I have a medical device that stores very little patient information, just the Patient Name, DOB, and previous treatments.

This medical device currently requires a USB Access key connected to a USB port in order for it to work. Is this sufficient to protect the patient's privacy? If the clinician leaves the Access key connected and patient info is compromised, it's their fault.

However, per HIPAA's addressable actions, they recommend a username/password to login to the system. This can also be compromised if the clinician does not logoff.

Is a login system a must? Are there alternatives? Is the Access key sufficient?

Thanks!
 
Elsmar Forum Sponsor

JJ_FDA

Involved In Discussions
#2
I am not sure if the regulatory authorities care whose fault it is that the USB key is left plugged in.

If using username/password, is it possible for the system to automatically lock or log out the user after some pre-determined amount of idle time (10 minutes?).
 
I

isoalchemist

#3
My quick notes do not call out a requirement for UN/Password only (162.312)

"Assign a unique name and/or number for identifying and tracking user identity."

Also

"Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity."


Everyone appears to address the requirement with UN/Pass, but a card could work if you could log it out after inactivity. Nothing prevents biometrics either if the inactivity can be addressed

The goal is they want to make sure only credential individuals have access. They don't define exactly how, but .....
 

Phloogy

Starting to get Involved
#4
Thanks for the responses! Yes it would be possible to implement a time-out session. That might be the best way to go in conjunction with a username / password.
 
Thread starter Similar threads Forum Replies Date
G Do HIPAA Rules Apply to a 3rd Party Logistics Shipper? Other US Medical Device Regulations 2
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
D HIPAA and GDPR applies? Medical therapy device ISO 13485:2016 - Medical Device Quality Management Systems 0
Ajit Basrur Need help to understand HIPAA requirements ISO 13485:2016 - Medical Device Quality Management Systems 8
GoSpeedRacer ISO 13485:2016 Clause 4.2.5 - Control of Records - HIPAA Requirements ISO 13485:2016 - Medical Device Quality Management Systems 11
K HIPAA - Subcontractors and suppliers Other US Medical Device Regulations 2
E Collecting Patient Information and Patient Identifiers - HIPAA Other US Medical Device Regulations 2
R HIPAA (Health Insurance Portability and Accountability Act) applicability Other US Medical Device Regulations 3
J Software Outsourcing - 21 CFR Part 11 and HIPAA Compliant Applications Career and Occupation Discussions 1
S Procedure on Privacy Policy in the ISO 13485 quality management system ISO 13485:2016 - Medical Device Quality Management Systems 3
M Automatic Data Gathering Requirements and Privacy Implications Medical Information Technology, Medical Software and Health Informatics 0
S Mobile app data privacy - Length of record retention in a software app Medical Information Technology, Medical Software and Health Informatics 1
Marc Privacy Policy - EU GDPR Compliance - 1 December 2018 Elsmar Cove Forum ToS and Forum Policies 0
K GDPR - Is it really necessary for the DPO(s) to be knowledgeable to Data Privacy Law? IEC 27001 - Information Security Management Systems (ISMS) 3
Raffy What is the first step in doing PIA (Privacy Impact Assessment)? IEC 27001 - Information Security Management Systems (ISMS) 3
Q Regulations around Data Privacy 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
Marc Google - New Privacy Info - July 2016 World News 3
Marc Reality Privacy Policy Funny Stuff - Jokes and Humour 0
Marc Facebook and Privacy - Food for Thought After Work and Weekend Discussion Topics 8
Marc Facebook Privacy Settings as of 20100513 After Work and Weekend Discussion Topics 0
Marc Privacy issues? Facebook Aspects to Think About After Work and Weekend Discussion Topics 2
Wes Bucey Privacy of communications - a common myth Career and Occupation Discussions 3
Marc Privacy - Elsmar Cove Privacy Policy and Statement Elsmar Cove Forum ToS and Forum Policies 0
Marc Privacy Policy - Elsmar Cove Privacy (and Cookie) Policy - 090405 Elsmar Cove Forum ToS and Forum Policies 4
Icy Mountain Spyware, (key)loggers, verification, and privacy - Protecting Children After Work and Weekend Discussion Topics 12
Marc Laptops at U.S. border: No privacy rights Travel - Hotels, Motels, Planes and Trains 6
Marc Thinking Privacy and Security? Microsoft's Passport Program After Work and Weekend Discussion Topics 0
Similar threads



























Top Bottom