TRENDING:

HITECH EHR Certification Program Nears

Committee Tweaks Security Details Howard Anderson (ismg_editor) • May 7, 2010    
HITECH EHR Certification Program Nears
A proposed rule creating a program to certify electronic health records software for the HITECH Act incentive initiative is one step closer to being completed.

The HIT Policy Committee, an advisory body to the Office of the National Coordinator for Health Information Technology, has approved recommendations from workgroups for tweaks in security provisions and other components of the proposed rule.

David Blumenthal, M.D., who heads ONC, will consider the recommendations, which must ultimately be approved by the Department of Health and Human Services.

Workgroup recommendations

The privacy/security workgroup noted that the proposed rule does not "appropriately recognize that the security functionality that any specific EHR module needs to provide will vary depending upon the environment in which it is intended to be used."

It recommended that EHR modules be tested and certified for privacy and security functions unless "it would be technically infeasible for the module to be tested" or the module itself "is designed to perform a specific privacy and security capability." The workgroup asks HHS to provide specific examples of instances of technical infeasibility to clarify the circumstances that would justify granting a privacy/security testing exemption.

The certification/adoption workgroup also made numerous recommendations approved by the full committee, including giving ONC authority to decertify EHRs if patient safety concerns emerge.

Testing software

Under the proposed rule unveiled March 2, organizations designated to certify electronic health records software will assess the applications' security functionality but not require the use of specific security standards.

Healthcare organizations must use certified software to qualify for the Medicare and Medicaid EHR incentive payment program under the HITECH Act. The proposed rule spells out how an organization can become a certifier and how it must conduct testing. The new rule for certification programs, called for under the HITECH Act, follows an earlier proposed rule setting standards for the certified software itself.

Previous
Access Control Insufficient: Survey
Next
Breach List: A Call to Action?

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.