P
I have a HIPAA privacy question. I have a medical device that stores very little patient information, just the Patient Name, DOB, and previous treatments.
This medical device currently requires a USB Access key connected to a USB port in order for it to work. Is this sufficient to protect the patient's privacy? If the clinician leaves the Access key connected and patient info is compromised, it's their fault.
However, per HIPAA's addressable actions, they recommend a username/password to login to the system. This can also be compromised if the clinician does not logoff.
Is a login system a must? Are there alternatives? Is the Access key sufficient?
Thanks!
This medical device currently requires a USB Access key connected to a USB port in order for it to work. Is this sufficient to protect the patient's privacy? If the clinician leaves the Access key connected and patient info is compromised, it's their fault.
However, per HIPAA's addressable actions, they recommend a username/password to login to the system. This can also be compromised if the clinician does not logoff.
Is a login system a must? Are there alternatives? Is the Access key sufficient?
Thanks!