Certification of an electronic health record system involves specific adherence to regulations and requirements under laws such as HIPAA and the more recent provisions of the HITECH Act. As it is imperative for personal health information to be protected, the Department of Health and Human Services has specifically included encryption as a requirement for certification of EHRs. Further, patients must have accurate and timely access to their individual personal records and their information must remain secure and private. Healthcare organizations will also be held to certain standards of privacy and security best practices and reporting requirements.
Meaningful Use Privacy & Security
The HIPAA Privacy and Security final rule – also known as the HIPAA Omnibus Rule – became effective March 26. One expert predicts enforcers will have a heyday with expanded ability to crack down on providers and their business associates.
This website discusses the further need to secure electronic patient information via encryption methods. Under meaningful use Stage 2 one of the core measures is to have addressable implementation specification for electronic health records.
The HIPAA Security Rule of 2003 includes an addressable implementation specification for encryption of data at rest and why one of the EHR Incentive Program Stage 2 core measures requires that encryption of data at rest be addressed in a risk assessment of the certified EHR.
Guidance & Resources