Health IT and Electronic Health Activate your FREE membership today |  Log-in

Data Security for HIPAA Compliance

May 17 2010   9:12PM GMT

EHR Certification Criteria Correlation to HIPAA Security Rule – NIST Conference Part 3

Posted by: Azaltsman
access control, audit, authentication, ehr, encryption, HIPAA Security Rule, integrity, Meaningful use, NIST

Covered entities seeking to obtain reimbursement funds for implementing an electronic health records (EHR) system must choose a product that has been certified to comply with “meaningful use” criteria. In his presentation about the correlation of the HIPAA Security Rule to the certification criteria, Steven Posnack from the Office of the National Coordinator for Health Information Technology (ONC) described how key elements are correlated.

ONC has created criteria for both a complete EHR and an EHR module. It should be noted that components of the HIPAA Security Rule apply to both the complete EHR and an individual module. Key elements common to both the HIPAA Security Rule (45 CFR 164.302) and the proposed criteria for EHR certification (45 CFR 170.302) are as follows:

  • Access control
  • Emergency Access
  • Automatic Logoff
  • Encryption
  • Audit
  • Integrity (of data)
  • Authentication
EHR products need to meet this criterial in order to be eligible for certification. It’s also important to understand that using a certified EHR system in and of itself does not guarantee compliance with the HIPAA security rule. You must ensure that all other IT systems that contain PHI are properly secured and compliant with the HIPAA security rule.
Also, certification criteria applies to technology not the organization, meaning that you must actually use the certified technology in order to be meaningful user. You must properly implement the security controls!
Updates on methods for certification of EHR systems being developed can be viewed on the NIST Healthcare IT web site.

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: