CMA offshoot to offer on-line security system

Prompted by HIPAA regulations

The increasing emphasis on health care privacy has prompted an arm of the California Medical Association (CMA) to offer a system to ensure secure electronic transmission of sensitive medical information.

MEDePass, the CMA’s high-tech branch, recently started offering a solution to on-line security concerns when it issued its first digital certificates, computer files that act as electronic identification cards, or signatures. The certificates enable physicians and others in the health care industry to verify their on-line identities and conduct protected electronic communications via e-mail and the Internet.

As federal Health Insurance Portability and Accountability Act (HIPAA) regulations go into effect over the next few years, physicians, health plans, insurers, e-commerce health care vendors — in fact, all sectors of the medical community — must have technology to protect the confidentiality of medical information. Failure to comply with HIPAA regulations carries federal penalties as high as $250,000 and/or 10 years in jail.

Addressing the fear of theft

In announcing the new technology, MEDePass says it also can address the risk that e-mail and other Internet-based communication is subject to tampering. Anyone with basic technical savvy can spoof an e-mail address to make it appear as if the sender is someone known to the recipient — in effect, stealing the e-mail address holder’s identity, the company says. In the absence of technical safeguards, it is impossible for the person whose identity has been stolen to deny he or she sent the fraudulent e-mail.

Fears about the lack of on-line security have discouraged physicians and other health care providers from using the Internet to transmit patient-identifiable information such as medical bills, colleague-to-colleague consultations, and e-commerce orders, says Jack Lewin, MD, MEDePass chief executive officer and CMA executive vice president. With the proper security tools, however, he says physicians can be assured that every time they e-mail a patient, exchange patient information with a colleague, go on-line to buy regulated medical supplies such as syringes, or bill an HMO, they are communicating with the party they intended to, and the information they transmit is accessible to the intended recipient only.

While the financial community has used similar technology behind these certificates for years (as has the Department of Defense to encrypt military information), MEDePass is the first to secure medical information using what is known as "public key infrastructure." Other entrants in the race to protect medical communications include the American Medical Association and private vendors.

California physicians who wish to preregister for MEDePass digital certificates can do so at