Under the Personal Health Information Act (PHIA) most electronic medical
record (EMR) users are considered to be “custodians.” Custodian is a term PHIA uses to describe those who have
custody and control of personal health information.
Under PHIA regulations, custodians must implement additional safeguards for personal health information held in an electronic information system maintained by the custodian as outlined:
- Protection of network infrastructure, including physical and wireless networks, to ensure secure access
- Protection of hardware and its supporting operating systems to ensure that the system functions consistently and only those authorized to access the system have access
- Protection of the system’s software, including the way it authenticates a user’s identity before allowing access
In addition, the regulations state a “custodian must create and maintain written policies to support and enforce the implementation of the safeguards.”