TRENDING:

Second Stage 2 HITECH Rule Advances

OMB Reviewing EHR Software Certification Provisions Howard Anderson (ismg_editor) • August 1, 2012    
Second Stage 2 HITECH Rule Advances

A second rule for Stage 2 of the HITECH Act electronic health record incentive program has moved closer to publication. The Department of Health and Human Services on July 31 sent the final version of the EHR software certification rule to the Office of Management and Budget for review, the last step before a regulation is published in the Federal Register.

See Also: Securing Your Business Begins with Password Security

The certification rule sets standards for EHR software eligible for the incentive program. A proposed version of the rule included a provision that EHRs must be able to demonstrate the capacity to encrypt data on mobile devices in circumstances where electronic health record technology manages the data flow on the device.

On July 16, HHS submitted to OMB the final version of the Stage 2 "meaningful use" rule, which sets detailed requirements for hospitals and physician groups to prove they are meaningfully using EHRs and, thus, qualify for additional incentive payments. A proposed version of the rule called for requiring hospitals and physician groups to conduct a security risk analysis that includes "addressing the encryption/security of data at rest."

Earlier, federal officials had indicated the final versions of both of the Stage 2 rules would be published in the Federal Register by the end of summer (see: HIPAA, HITECH Updates Inch Closer). But in the past, OMB has taken from several weeks to many months to complete its reviews.

Comments on Rule

Earlier, in commenting on the encryption provision for mobile devices included in the proposed Stage 2 software certification rule, the HIMSS Electronic Health Record Association, which represents EHR vendors, supported the provision.

"Lost end-user devices represent a significant data breach risk to covered entities. We applaud the decision to allow the option to either encrypt end-user devices or make sure no data remains on end-user devices (managed by the technology)," the association wrote (see: Industry Debates Stage 2 EHR Rules).

But the records vendor association sought "clarity on when electronic health information is 'managed' by the EHR."

Previous
NIST Readies Guide on Server Protection
Next
Senate Votes to Block Cybersecurity Act Action

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How AI Can Help Speed Up Physician Credentialing Chores
How AI Can Help Speed Up Physician Credentialing Chores
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.