HITECH EHR Certification Program Nears

Committee Tweaks Security Details
HITECH EHR Certification Program Nears
A proposed rule creating a program to certify electronic health records software for the HITECH Act incentive initiative is one step closer to being completed.

The HIT Policy Committee, an advisory body to the Office of the National Coordinator for Health Information Technology, has approved recommendations from workgroups for tweaks in security provisions and other components of the proposed rule.

David Blumenthal, M.D., who heads ONC, will consider the recommendations, which must ultimately be approved by the Department of Health and Human Services.

Workgroup recommendations

The privacy/security workgroup noted that the proposed rule does not "appropriately recognize that the security functionality that any specific EHR module needs to provide will vary depending upon the environment in which it is intended to be used."

It recommended that EHR modules be tested and certified for privacy and security functions unless "it would be technically infeasible for the module to be tested" or the module itself "is designed to perform a specific privacy and security capability." The workgroup asks HHS to provide specific examples of instances of technical infeasibility to clarify the circumstances that would justify granting a privacy/security testing exemption.

The certification/adoption workgroup also made numerous recommendations approved by the full committee, including giving ONC authority to decertify EHRs if patient safety concerns emerge.

Testing software

Under the proposed rule unveiled March 2, organizations designated to certify electronic health records software will assess the applications' security functionality but not require the use of specific security standards.

Healthcare organizations must use certified software to qualify for the Medicare and Medicaid EHR incentive payment program under the HITECH Act. The proposed rule spells out how an organization can become a certifier and how it must conduct testing. The new rule for certification programs, called for under the HITECH Act, follows an earlier proposed rule setting standards for the certified software itself.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.