BioSig-ID satisfies requirements:
CFR 45, Section 170.314(d)(1) sums it all up—the system must verify against a unique identifier (e.g., username or number) that a person seeking access to EHR is the one claimed and provide the ability to audit access. Certification requires authentication, access control, and authorization.
Additionally, Section 170.314(d)(2-3):
Auditable Events and Tamper-Resistance
The Federal Regulations/Interpretive Guidelines for Hospitals (482.24(c)(1)(i)) require that every entry in the health record should be authenticated and traceable to the author of the entry. Hence, any authentication system must incorporate some method of tracking.
Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.
In 2015 – 2017 EHR Medicare and Medicaid incentive programs from CMS include these objectives:
- Electronic Prescribing: (EPs) Generate and transmit permissible prescriptions electronically (eRx); (Eligible hospitals/CAHs) Generate and transmit permissible discharge prescriptions electronically (eRx)
- Protect Patient Health Information: Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities
Qualifies for Electronic Prescriptions for Controlled Substances (EPCS):
BioSig-ID was independently tested by the Tolly Group to meet CFR 21 1311.116 “Additional Requirements for Biometrics” from the DEA’s Interim Final Rule for Electronic Prescriptions for Controlled Substances published on March 31, 2010. We can confirm that the results put BioSig-ID technology in compliance with 1311.116. The results of the false positive scores were 3x better than the NIST guidelines for biometrics.
BioSig-ID’s ability to provide evidence of all the events surrounding the identity authentication activity not only provides a powerful tool to combat fraud, but also ensures compliance with evolving regulations that continue to mandate ever stricter standards of identity authorization within the healthcare industry.
Epic Healthcare and Ping Identity Management Partners
BSI is an integrated partner providing multi-factor authentication (MFA) for use with Epic’s electronic medical record (EMR) software. BSI is also an approved Ping Identity technology alliance partner offering its patented BioSig-ID™ gesture biometrics into Ping’s popular PingFederate SSO software to enable secure multi-factor authentication.