Stage 2 Meaningful Use Rule Progresses

OMB Review is Final Step Before Publication

By , July 17, 2012.
Stage 2 Meaningful Use Rule Progresses

One of the final rules for Stage 2 of the HITECH Act electronic health record incentive program has moved a step closer to publication. The Centers for Medicare and Medicaid Services on July 16 sent the rule to the Office of Management and Budget for review, the final step before a regulation is published in the Federal Register.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

Earlier, federal officials had indicated the final version of both of the Stage 2 rules would be released by the end of summer (see: HIPAA, HITECH Updates Inch Closer). But in the past, OMB has taken from several weeks to many months to complete its reviews.

The proposed Stage 2 meaningful use rule sets detailed requirements for hospitals and physician groups to prove they are meaningfully using EHRs and, thus, qualify for additional incentive payments. For example, it would require hospitals and physician groups to conduct a security risk analysis that includes "addressing the encryption/security of data at rest."

In commenting on the proposed provision, the Healthcare Information and Management Systems Society called on regulators to provide "additional education and clarification on what it means to 'address encryption'." (See: Industry Debates Stage 2 EHR Rules).

The College of Healthcare Information Management Executives went further, saying this provision should be simplified "to refer only to compliance with applicable HIPAA privacy and security rules. We believe that it would be a mistake for each EHR incentive program regulation to emphasize different aspects of the HIPAA privacy and security rules. ..."

A second proposed Stage 2 rule on software certification is not yet on the list of regulations OMB is reviewing. That rule, which sets standards for software eligible for the incentive program, includes a provision that EHRs must be able to demonstrate the capacity to encrypt data on mobile devices in circumstances where electronic health record technology manages the data flow on the device.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE The Future of the Internet and Privacy

The Internet as we know it may be heading toward fundamental changes in the coming decade as a...

Latest Tweets and Mentions

ARTICLE The Future of the Internet and Privacy

The Internet as we know it may be heading toward fundamental changes in the coming decade as a...

The ISMG Network