HIMSS Demands Clarity from Regulators

Wants more security details in "meaningful use" rule
HIMSS Demands Clarity from Regulators
The Healthcare Information and Management Systems Society is asking federal regulators to be much more specific about the information security requirements within the proposed "meaningful use" rule for the electronic health record incentive payment program.

The proposed rule states that to qualify for Stage 1 of the Medicare and Medicaid incentives under the HITECH Act, healthcare providers must "conduct or review a security risk analysis of certified EHR technology and implement updates as necessary."

More details

In a letter to regulators March 15, Chicago-based HIMSS asks them to "bring clarity to the requirements by identifying such items as what the baseline risk assessment should entail; frequency and scope of the risk assessment; and whether security requirements apply to the provider facility or just the (EHR) products."

HIMSS continues: "Greater specificity in the requirements, as well as guidance and resources for small provider practices, would be beneficial."

The letter also notes that "HIMSS is receiving informal comments from subject matter experts that the decision to be vague on the risk assessment's requirements is causing many organizations to delay action.

"In addition, security officers are expressing concern that ill-defined risk assessment requirements are creating anxiety in the healthcare community over the fact that they may not adequately meet the risk assessment requirement."

More time

Like many other healthcare associations, HIMSS called on regulators to give organizations more time to meet narrower criteria to earn the incentives. It recommends a shift from "highly detailed meaningful use criteria/measures and very aggressive timelines to a smaller number of required criteria/measures with lower thresholds for achievement."

To view the letter, click here.

Comments on the "meaningful use" rule were due March 15. David Blumenthal M.D., national coordinator for health information technology, recently said the final versions of the three core rules for the EHR incentive program will be completed by the end of spring. (To read story, click here).

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.