EHR Software Certification Rule ReleasedProposed HITECH EHR Incentive Rule for Stage 2
Federal authorities on Feb. 24 released a proposed rule setting certification standards for electronic health record software for Stage 2 of the HITECH Act EHR incentive program.
The proposed rule spells out the functions, including privacy protections and security, that must be included in EHR software in order for it to qualify for the next phase of the incentive program.
The proposal includes new details on encryption, says Farzad Mostashari, who heads the Office of the National Coordinator for Health IT. "We have proposed that [EHR] vendors ... by default enable encryption of data on end-user devices if any data is kept on user devices after the session ends," he said at a Feb. 23 press briefing at the Healthcare Information and Management Systems Society Conference in Las Vegas.
The software certification rule for Stage 1 of the incentive program listed several security functions, including encryption, that the applications must include.
On Feb. 23, federal authorities issued another proposed rule outlining how hospitals and physician practices would have to "meaningfully use" EHR software to earn Stage 2 incentives (see: Stage 2 HITECH EHR Rule Unveiled). That proposal contains relatively few new requirements on privacy and security.
The software certification rule will be officially published in the Federal Register March 7. The Department of Health and Human Services will accept comments on the rule for 60 days. Final versions of both Stage 2 rules will be completed by late summer, an Department of Health and Human Services official said at the HIMSS Conference.
The HITECH incentive program, funded by the economic stimulus package, is providing billions of dollars in payments from Medicare and Medicaid to hospitals and physician practices that demonstrate they're meaningfully using certified EHRs.
Participants in the EHR incentive program can gain additional payments in the next two stages if they meet the tougher requirements for each phase of the program. Stage 2 begins Oct. 1, 2013, for hospitals and Jan. 1, 2014, for physicians.Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.