Consumer Groups Want Tougher EHR Regs

Coalition calls for beefed up security provisions A coalition of 21 consumer groups and unions is calling on federal regulators to beef up and clarify information security provisions in the proposed "meaningful use" rule for the federal electronic health record incentive program.

In a letter to regulators, the Consumer Partnership for eHealth says the proposed rule "does not go far enough to ensure that providers are using appropriate safeguards."

The proposed rule states that to qualify for Stage 1 of the incentives under the HITECH Act, healthcare providers must "conduct or review a security risk analysis of certified EHR technology and implement updates as necessary."

Call for clarity

The coalition says regulators should make it clear that organizations that have never conducted a HIPAA security risk analysis must complete one to qualify for the incentives.

The group also asks regulators to clarify the meaning of "implement updates as necessary." The letter states that physicians and hospitals "should be required to have a written policy regarding how they will handle security updates, and they should also address any deficiencies identified in the security assessment. Attestation on the risk assessment should indicate that a risk analysis was conducted and that the entity has mitigated any risks that were identified."

In its letter, the group also says physicians and hospitals who are fined for significant HIPAA violations should not be eligible for EHR incentive payments.

Stand firm

Unlike many healthcare associations, the consumer coalition largely endorses the meaningful use rule as written and warns against weakening its criteria. "We strongly urge you to maintain this robust direction for meaningful use and address concerns that it is too challenging by offering ample support in the form of technical and other assistance," it states.

Comments on the "meaningful use" rule were due March 15. David Blumenthal M.D., national coordinator for health information technology, recently said the final versions of the three core rules for the EHR incentive program will be completed by the end of spring. (To read story, click here).

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.