• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM

March 9, 2012 American Recovery and Reinvestment Act, Health IT and HITECH, Meaningful Use, Privacy, Security No Comments

On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology:  Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885].  Comments to HHS may be made until 5 PM on May 7, 2012.

The summary of the NPRM is included here:

“Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set of standards, implementation specifications, and certification criteria adopted in an interim final rule published on January 13, 2010, and a subsequent final rule that was published on July 28, 2010, as well as to adopt new standards, implementation specifications, and certification criteria.  The proposed new and revised certification criteria would establish the technical capabilities and specify the related standards and implementation specifications that Certified Electronic Health Record (EHR) Technology would need to include to, at a minimum, support the achievement of meaningful use by eligible professionals [EPs], eligible hospitals, and critical access hospitals [CAHs] under the Medicare and Medicaid EHR Incentive Programs beginning with the EHR reporting periods in fiscal year and calendar year 2014.  This notice of proposed rule making also proposes revisions to the permanent certification program for health information technology, which includes changing the program’s name.” [p. 13832]

The NPRM also provides an Overview of the 2014 Edition EHR Certification Criteria, an excerpt of which is provided here:

“We propose to adopt certification criteria that will support the proposed changes to the EHR Incentive Programs, including the new and revised objectives and measures for Stages 1 and 2 of MU [meaningful use] proposed by CMS [see preceding HIPAA.com posting]. The certification criteria we propose for adoption would also enhance care coordination, patient engagement, and the security, safety, and efficacy of EHR technology.  For clarity, we refer to the certification criteria proposed for adoption as the 2014 Edition EHR certification criteria and the currently adopted certification criteria as the 2011 Edition EHR certification criteria….” [p.13833]

HIPAA.com has focused especially on privacy and security issues related to safeguarding protected health information (PHI).  We commend the reader’s attention to the content in two sections of the NPRM:

45 CFR 170.210(e):  Standards for health information technology to protect electronic health information created, maintained, and exchanged–(e) Record actions related to electronic health information, audit log status, and encryption of end-user devices. [p. 13880]

45 CFR 170.314(d): 2014 Edition electronic health record certification criteria–(d) Privacy and security:

(1) Authentication, access control, and authorization.

(2) Auditable events and tamper-resistance.

(3) Audit report(s).

(4) Amendments.

(5) Automatic log-off.

(6) Emergency access.

(7) Encryption of data at rest.

(8) Integrity.

(9) Optional–accounting of disclosures.

[p. 13883]

Tags: 2014 editionaccess controlaccounting of disclosuresaudit logauditable eventsauthenticationauthorizationautomatic log-offCAHscertification criteriacertified electronic health record technologyCMScritical access hospitalsdata at restDEPARTMENT OF HEALTH AND HUMAN SERVICESEHREHR reporting periodelectronic health recordeligible hospitalseligible professionalsemergency accessencryptionEPsFederal RegisterFinal rulehealth information technologyHHSimplementation specificationsincentive programintegrityInterim Final RuleMeaningful UsemeasureMedicaidMedicareNotice of Proposed Rule MakingNPRMobjectiveOffice of the National Coordinator for Health Information TechnologyONCpermanent certification programPHIprotected health informationPublic Health Service Actrule makingSecretaryStage 1Stage 2Standards
No Comments
Share
0

You also might be interested in

Exploring HIPAA and HITECH Act Definitions: Part 8

Nov 19, 2009

From now through November, HIPAA.com is providing a run through[...]

Integrity: Mechanism to Authenticate Electronic Protected Health Information-What to Do and How to Do It

Jun 12, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

Collection, Use, and Disclosure Limitation Key Privacy/Security Principle of Meaningful Use 2011 Objectives

Jul 1, 2009

On December 15, 2008, the Office of the National Coordinator[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next