Under the HITECH Act electronic health record incentive program, launched as part of the economic stimulus package, hospitals and physicians are earning billions of dollars worth of incentives from Medicare and Medicaid for meaningfully using EHRs.
The Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health IT have released the final regulations for Stage 2 of the program. For providers who attested to meeting Stage 1 meaningful use requirements in 2011 or 2012, Stage 2 requirements begin in 2014. All participants in the incentive program must be using EHR technology certified to the updated certification criteria by 2014.
The two lengthy rules contain numerous provisions that touch on the issues of privacy and security. Sorting through the dense rules is challenging, as is preparing a compliance strategy.
In this session, attorney Deven McGraw, who helped draft some of the recommendations that ultimately became provisions in the rules, will offer a detailed guide to the privacy and security requirements. She'll also provide timely insights on the most important steps your organization can take now to begin compliance preparation. She'll review:
- The scope of the Stage 2 meaningful use and software certification rules;
- The requirement on meaningful users to perform a security risk assessment and address encryption of health information at rest;
- The software certification requirement that EHRs must, by default, encrypt patient data stored on end-users' devices;
- The privacy and security capabilities required to be included in the "Base EHR," and the elimination of the original certification requirement for all EHR modules to include these capabilities;
- Requirements for professionals and institutional providers to give patients access to their health information through secure "view, download, and transmit" capabilities;
- Requirements for professionals to use secure e-mail to communicate with patients;
- EHR software requirements to support secure transport of patient data, compliance with the HIPAA Privacy Rule's provisions on patient-requested amendments to health data, matching of data to the right patient record and data portability;
- The persistence of "optional" status for EHR capabilities to implement the Access Report requirements proposed by the HHS Office for Civil Rights; and
- Understanding the intersection between the meaningful use and certification requirements and HIPAA regulations.
No comments:
Post a Comment