HIMSS Demands Clarity from RegulatorsWants more security details in "meaningful use" rule
The proposed rule states that to qualify for Stage 1 of the Medicare and Medicaid incentives under the HITECH Act, healthcare providers must "conduct or review a security risk analysis of certified EHR technology and implement updates as necessary."
In a letter to regulators March 15, Chicago-based HIMSS asks them to "bring clarity to the requirements by identifying such items as what the baseline risk assessment should entail; frequency and scope of the risk assessment; and whether security requirements apply to the provider facility or just the (EHR) products."
HIMSS continues: "Greater specificity in the requirements, as well as guidance and resources for small provider practices, would be beneficial."
The letter also notes that "HIMSS is receiving informal comments from subject matter experts that the decision to be vague on the risk assessment's requirements is causing many organizations to delay action.
"In addition, security officers are expressing concern that ill-defined risk assessment requirements are creating anxiety in the healthcare community over the fact that they may not adequately meet the risk assessment requirement."
Like many other healthcare associations, HIMSS called on regulators to give organizations more time to meet narrower criteria to earn the incentives. It recommends a shift from "highly detailed meaningful use criteria/measures and very aggressive timelines to a smaller number of required criteria/measures with lower thresholds for achievement."
To view the letter, click here.
Comments on the "meaningful use" rule were due March 15. David Blumenthal M.D., national coordinator for health information technology, recently said the final versions of the three core rules for the EHR incentive program will be completed by the end of spring. (To read story, click here).