EHR Certification Criteria Correlation to HIPAA Security Rule - NIST Conference Part 3 - Data Security for HIPAA Compliance

Health IT and Electronic Health Activate your FREE membership today | Log-in

Home > IT Blogs > Data Security for HIPAA Compliance > EHR Certification Criteria Correlation to HIPAA Security Rule - NIST Conference Part 3

>>VIEW ALL POSTS

Data Security for HIPAA Compliance

May 17 2010 9:12PM GMT

EHR Certification Criteria Correlation to HIPAA Security Rule - NIST Conference Part 3

Posted by: azaltsman

NIST, Meaningful use, ehr, HIPAA Security Rule, access control, encryption, audit, integrity, authentication

Covered entities seeking to obtain reimbursement funds for implementing an electronic health records (EHR) system must choose a product that has been certified to comply with “meaningful use” criteria. In his presentation about the correlation of the HIPAA Security Rule to the certification criteria, Steven Posnack from the Office of the National Coordinator for Health Information Technology (ONC) described how key elements are correlated.

ONC has created criteria for both a complete EHR and an EHR module. It should be noted that components of the HIPAA Security Rule apply to both the complete EHR and an individual module. Key elements common to both the HIPAA Security Rule (45 CFR 164.302) and the proposed criteria for EHR certification (45 CFR 170.302) are as follows:

Access control
Emergency Access
Automatic Logoff
Encryption
Audit
Integrity (of data)
Authentication

EHR products need to meet this criterial in order to be eligible for certification. It’s also important to understand that using a certified EHR system in and of itself does not guarantee compliance with the HIPAA security rule. You must ensure that all other IT systems that contain PHI are properly secured and compliant with the HIPAA security rule.

.

Also, certification criteria applies to technology not the organization, meaning that you must actually use the certified technology in order to be meaningful user. You must properly implement the security controls!

Updates on methods for certification of EHR systems being developed can be viewed on the NIST Healthcare IT web site.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Ask an IT Question

About the Blogger

azaltsman

Alex is the CEO of Experior Data Security and Encryption. Experior specializes in implementing and supporting on-premise and on-demand data encryption solutions for regulatory compliance, including HIPAA and the HITECH Act within ARRA. Alex started his first technology business in 1998 which helped companies without information technology departments outsource their information technology needs. During his career he has maintained technical certifications from leading technology vendors such as PGP Corporation, Microsoft, Cisco Systems, Citrix, and AEP Networks. Alex is on the Board of Directors of Entrepreneurs’ Organization (EO) NJ Chapter. He is also on the Board of Directors Advisory Committee for Bizworld.org, a non-profit organization that creates programs and curriculum for teachers, enabling them to teach young students about money management and entrepreneurship. Alex has also participated in iMentor.org, a New York-based non-profit that matches mentors with kids in New York City area high schools. Alex can be reached at alex - at - experiordata.com READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

aes, audit, backup tapes, best practices, breach notification, corrective action, data at rest, data breach, data in motion, data in use, data leakage prevention, Data management and data standards, des, disaster recovery, Disaster recovery and business continuity, disk to disk backup, DLP, ehr, EHR systems, electronic transcription, encryption, enforcement, excel, full disk encryption, Hardware and software, Health care applications and vendor organizations, Health care reform and federal initiatives, HIPAA, HIPAA Security Rule, hitech act, Industry organizations and associations, Interoperability and health information exchange, Meaningful use, microsoft word, OCR, office of general counsel, pci compliance, pgp, phi, PHRs and patient engagement, powerpoint, Privacy and security, Regulatory compliance, resolution agreement, Risk Management, robert hudock, state breach notification laws, symantec, Virtualization and cloud computing, whole disk encryption

Archives

Blog Roll

Help

Subscribe to Alerts

RSS feed of Data Security for HIPAA Compliance

About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site | Media Kits | Site Map

All Rights Reserved, Copyright 2009 - 2012, TechTarget | Read our Privacy Statement

TechTarget - The IT Media ROI Experts