HITECH Stage 2 Rules: Expert Advice on Privacy, Security Compliance

HITECH Stage 2 Rules: Expert Advice on Privacy, Security Compliance

Federal officials recently released the final rules for Stage 2 of the HITECH Act electronic health record incentive program, which is providing billions of dollars worth of payments to hospitals and physicians. What privacy and security requirements are contained in the new rules? And what's the best way to prepare to comply?

See Also: How To Cut Through The Web Of Insurance Fraud

Register for this session to gain insights from Deven McGraw, chair of the Privacy and Security Tiger Team, who helped craft recommendations for the rules. She'll discuss:

  • What the rules have to say about encryption;
  • The rules' requirements for patient downloads of records, secure messaging and more;
  • Steps to take now to prepare to comply with the privacy and security provisions.


Under the HITECH Act electronic health record incentive program, launched as part of the economic stimulus package, hospitals and physicians are earning billions of dollars worth of incentives from Medicare and Medicaid for meaningfully using EHRs.

The Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health IT have released the final regulations for Stage 2 of the program. For providers who attested to meeting Stage 1 meaningful use requirements in 2011 or 2012, Stage 2 requirements begin in 2014. All participants in the incentive program must be using EHR technology certified to the updated certification criteria by 2014.

The two lengthy rules contain numerous provisions that touch on the issues of privacy and security. Sorting through the dense rules is challenging, as is preparing a compliance strategy.

In this session, attorney Deven McGraw, who helped draft some of the recommendations that ultimately became provisions in the rules, will offer a detailed guide to the privacy and security requirements. She'll also provide timely insights on the most important steps your organization can take now to begin compliance preparation. She'll review:

  • The scope of the Stage 2 meaningful use and software certification rules;
  • The requirement on meaningful users to perform a security risk assessment and address encryption of health information at rest;
  • The software certification requirement that EHRs must, by default, encrypt patient data stored on end-users' devices;
  • The privacy and security capabilities required to be included in the "Base EHR," and the elimination of the original certification requirement for all EHR modules to include these capabilities;Requirements for professionals and institutional providers to give patients access to their health information through secure "view, download, and transmit" capabilities;
  • Requirements for professionals to use secure e-mail to communicate with patients;
  • EHR software requirements to support secure transport of patient data, compliance with the HIPAA Privacy Rule's provisions on patient-requested amendments to health data, matching of data to the right patient record and data portability;
  • The persistence of "optional" status for EHR capabilities to implement the Access Report requirements proposed by the HHS Office for Civil Rights; and
  • Understanding the intersection between the meaningful use and certification requirements and HIPAA regulations.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.