Posted by: RedaChouffani
HIPAA, Meaningful use, privacy, security
Privacy and Security continue to be on top of the health IT priority list. And as some of the new measures associated with Meaningful Use Stage 2 open up Electronic Health Information to patients as well as health information Exchange qualified entities, many IT executives are gearing up for more steps to ensure future changes due to stage 2 will be met with the appropriate security measures.
Since the introduction of Meaningful Use through the Medicare and Medicaid EHR incentive Program, the HIPAA privacy and security rules were intentionally included in the program. As part of meaningful Use Stage 1 there are two main measures as part of the requirements:
- Core Objective & Measure 126: Provide patients with an electronic copy of their health information, upon request.
More than 50 percent of all patients who request an electronic copy of their health information are provided it within three business days.
- Core Objective & Measure 157: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
Conduct or review a security risk analysis in accordance with the requirements under the HIPAA Security Rule (45 CFR 164.308(a)(1) (ii) (A)) implement security updates as necessary and correct identified security deficiencies as part of the risk management process.
The National Institute of Standards and Technology developed a security toolkit application that is intended to assist health organizations understand the requirements of the HIPAA security rule and implement them (Click here).
In addition, the office of National Coordinator for Health information Technology made available some additional resources. It has released a guide to privacy and security of health information that describes the process and details of the meaningful Use core measure 12 and 15 (Click here)