HHS’s Health IT Policy Committee 2011 Draft Meaningful Use Objectives and Measures for Public Comment

The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…

READ MORE

HHS’s HIT Policy Committee Releases Draft Recommendations on Meaningful Use for Public Comment

The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…

READ MORE

Integrity: Mechanism to Authenticate Electronic Protected Health Information-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the  implementation specification for the third Technical Safeguard Standard, Integrity. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement electronic…

READ MORE

Integrity: What This HIPAA Security Rule Technical Safeguard Standard Means

This is the third Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification:  mechanism to authenticate electronic protected health information. This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009….

READ MORE

Audit Control: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second Technical Safeguard Standard. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity is required to implement hardware, software, and/or procedural mechanisms…

READ MORE

Audit Control: What This HIPAA Security Rule Technical Safeguard Standard Means

This is the second Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. Covered entities are required to have in place audit controls to monitor activity on their electronic systems that…

READ MORE

Access Control: Encryption and Decryption-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…

READ MORE

Access Control: Automatic Logoff-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…

READ MORE

Access Control: Emergency Access Procedure-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is required. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Establish and implement as needed procedures for obtaining necessary electronic protected health information during an emergency. How to Do It Emergency access refers to loss of…

READ MORE

Access Control: Unique User Identification-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is required. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Assign a unique name and/or number for identifying and tracking user identity. How to Do It The covered entity should establish a policy whereby its Security…

READ MORE