ONC Touts its 10 Step Plan for Meeting Meaningful Use Privacy and Security Attestation Requirements

In a recent Tweet, the Office of the National Coordinator for Health Information Technology (ONC) stated:  “Move into the 21st Century and check out the Privacy & Security 10-Step Plan before you implement an Electronic Health Record.”  ONC makes the following recommendation to an Eligible Professional (EP) covered entity participating in the Medicare and Medicaid Financial Incentive Program for Adoption and Meaningful Use of Certified Electronic Health Record (EHR) Technology:  “An EP must meaningfully use certified EHR technology for an EHR reporting period, and then attest to CMS [the Centers for Medicare & Medicaid Services] that he or she has met meaningful use for that period.  Start your 10-step process at…

READ MORE

CMS and ONC Publish Final Rules for Meaningful Use Stage 2 Security in Federal Register

September 4, 2012.  The Department of Health and Human Services (HHS) entities:  Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC), published their Final Rules for Meaningful Use Stage 2 in today’s Federal Register.  This posting focuses on the preamble relating to the following Stage 2 security objective in the CMS Final Rule entitled Medicare and Medicaid Programs; Electronic Health Record Incentive Program:  “Protect electronic health information created or maintained by the Certified EHR Technology [CEHRT] through the implementation of appropriate technical capabilities.”  Reference numbers in brackets refer to the page number(s) in the September 4, 2012,  Federal Register. Associated with this objective…

READ MORE

ONC Issues Meaningful Use Guide for Privacy & Security Attestation Compliance

May 9, 2012.  The Office of the National Coordinator for Health Information Technology (ONC) has issued a Guide to Privacy and Security of Health Information (Version 1.1 022312).  This Guide is targeted to medical practitioners who participate in the Medicare and Medicaid Program for Adoption and Meaningful Use of Certified Electronic Health Record Technology. Chapters are: 1. What Is Privacy & Security and Why Does It Matter? 2. Privacy & Security and Meaningful Use. 3.  Privacy & Security Step Plan for Meaningful Use. 4.  Integrating Privacy and Security into Your Practice. 5.  Privacy and Security Resources. The Guide highlights two of the Stage 1 Meaningful Use Objectives and Corresponding Measures…

READ MORE

ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM

On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology:  Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885].  Comments to HHS may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set…

READ MORE

EHR Incentive and Certification Criteria Final Rules Published in Federal Register

The EHR Incentive and Certification final rules were published in the Federal Register this morning, July 28, 2010.  HIPAA.com provides the title, summary, effective date, and URL for each below. Department of Health and Human Services, Centers for Medicare & Medicaid Services, “42 CFR Parts 412, 413, 422, and 495;  Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule, Federal Register, 75(144), Wednesday, July 28, 2010, pp. 44313-44588. Summary:  This final rule implements the provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)(Public Law 111-5) that provide incentive payments to eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) participating in Medicare and Medicaid programs…

READ MORE

HHS’ ONC Releases Proposed Rule for Temporary and Permanent HIT Certification Programs

On Wednesday, March 10, 2010, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register the Proposed Rule (NPRM) for Proposed Establishment of Certification Programs for Health Information Technology.  [75 Federal Register 11327-11373]  We present the summary of the NPRM. “SUMMARY.  Under the authority granted to the National Coordinator for Health Information Technology (the National Coordinator) by section 3001(c)(5) of the Public Health Service Act (PHSA) as added by the Health Information Technology for Economic and Clinical Health (HITECH ) Act, this rule proposes the establishment of two certification programs for purposes of testing and certifying…

READ MORE

HHS Publishes Proposed Rule for Electronic Health Record Incentive Program

HHS published today in the Federal Register:  “Medicare and Medicaid Programs–Electronic Health Record Incentive Program; Proposed Rule.”  75 FR 1844-2011.  Comments on this Notice of Proposed Rulemaking (NPRM) may be submitted to HHS no later than March 15, 2010.  Here is the Summary from the NPRM: “This proposed rule would implement the provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)(Public Law 111-5) that provide incentive payments to eligible professionals (EPs) and eligible hospitals participating in Medicare and Medicaid programs that adopt and meaningfully use certified electronic health record (EHR) technology.  The proposed rule would specify the initial criteria an EP and eligible hospital must meet in order…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 11

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 10

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. In this posting we highlight the last two definitions from the following HITECH Act section: Exploring HIPAA and HITECH Act Definitions:  Parts 6-10, include definitions from:…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 9

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE