In a recent Tweet, the Office of the National Coordinator for Health Information Technology (ONC) stated: “Move into the 21st Century and check out the Privacy & Security 10-Step Plan before you implement an Electronic Health Record.” ONC makes the following recommendation to an Eligible Professional (EP) covered entity participating in the Medicare and Medicaid Financial Incentive Program for Adoption and Meaningful Use of Certified Electronic Health Record (EHR) Technology: “An EP must meaningfully use certified EHR technology for an EHR reporting period, and then attest to CMS [the Centers for Medicare & Medicaid Services] that he or she has met meaningful use for that period. Start your 10-step process at…
Tag: electronic systems
Audit Control: What This HIPAA Security Rule Technical Safeguard Standard Means
This is the second Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. Covered entities are required to have in place audit controls to monitor activity on their electronic systems that…
Contingency Plan: Applications and Data Criticality Analysis-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the fifth implementation specification for the Administrative Safeguard Standard (Contingency Plan). This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As HIPAA.com has noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (ARRA) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. What to Do Assess the relative criticality of specific applications and data in support of other…