Posted by: Azaltsman
access control, audit, authentication, ehr, encryption, HIPAA Security Rule, integrity, Meaningful use, NIST
Covered entities seeking to obtain reimbursement funds for implementing an electronic health records (EHR) system must choose a product that has been certified to comply with “meaningful use” criteria. In his presentation about the correlation of the HIPAA Security Rule to the certification criteria, Steven Posnack from the Office of the National Coordinator for Health Information Technology (ONC) described how key elements are correlated.
ONC has created criteria for both a complete EHR and an EHR module. It should be noted that components of the HIPAA Security Rule apply to both the complete EHR and an individual module. Key elements common to both the HIPAA Security Rule (45 CFR 164.302) and the proposed criteria for EHR certification (45 CFR 170.302) are as follows:
- Access control
- Emergency Access
- Automatic Logoff
- Integrity (of data)