Upload File

15 core protect electronic healthinformation

3

Click here to load reader

Upload: emid-nunez

Post on 09-Aug-2016

15 views

Category:

Documents


0 download

Report

DESCRIPTION

Eligible Professional Meaningful Use Core Measures Measure 14 of 14 Stage 1 Last Updated: April 2013

TRANSCRIPT

Page 1: 15 Core Protect Electronic HealthInformation

Eligible Professional Meaningful Use Core Measures Measure 14 of 14 Stage 1 Last Updated: April 2013

• • • • •

Protect Electronic Health Information

Objective Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

Measure Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

Exclusion No exclusion.

Table of Contents Definition of Terms Attestation Requirements Additional Information Certification and Standards Criteria Related Certification FAQs

Definition of Terms Appropriate Technical Capabilities – A technical capability would be appropriate if it protected the electronic health information created or maintained by the certified EHR technology. All of these capabilities could be part of the certified HER technology or outside systems and programs that support the privacy and security of certified EHR technology.

Attestation Requirements YES / NO

Eligible professionals (EPs) must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and corrected identified security deficiencies prior to or during the EHR reporting period to meet this measure.

Additional Information

EPs must conduct or review a security risk analysis of certified EHR technology and implement updates as necessary at least once prior to the end of the EHR reporting period and attest to

Page 2: 15 Core Protect Electronic HealthInformation

that conduct or review. The testing could occur prior to the beginning of the first EHR reporting period. However, a new review would have to occur for each subsequent reporting period.

A security update would be required if any security deficiencies were identified during the risk analysis. A security update could be updated software for certified EHR technology to be implemented as soon as available, changes in workflow processes or storage methods, or any other necessary corrective action that needs to take place in order to eliminate the security deficiency or deficiencies identified in the risk analysis.

Certification and Standards Criteria Below is the corresponding certification and standards criteria for electronic health record technology that supports achieving the meaningful use of this objective.

Certification Criteria

§170.302(o) Access control

Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information.

§170.302(p) Emergency

access

Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency.

§170.302(q) Automatic log-

off

Terminate an electronic session after a predetermined time of inactivity.

§170.302(r) Audit log

(1) Record actions. Record actions related to electronic health information in accordance with the standard specified in §170.210(b). .

(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at §170.210(b).

§170.302(s) Integrity

(1) Create a message digest in accordance with the standard specified in §170.210(c).

(2) Verify in accordance with the standard specified in §170.210(c) upon receipt of electronically exchanged health information that such information has not been altered.

(3) Detection. Detect the alteration of audit logs.

§170.302(t) Authentication

Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information.

§170.302(u) General

Encrypt and decrypt electronic health information in accordance with the standard specified in §170.210(a)(1), unless the Secretary determines that the use of such

Page 3: 15 Core Protect Electronic HealthInformation

encryption algorithm would pose a significant security risk for Certified EHR Technology.

§170.302(v) Encryption

when exchanging electronic

health information

Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in §170.210(a)(2).

§170.302(w) Optional.

Accounting of disclosures

Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in §170.210(d).

Standards Criteria Record actions

related to electronic

health information

§170.210(b) - The date, time, patient identification, and user identification must be recorded when electronic health information is created, modified, accessed, or deleted; and an indication of which actions(s) occurred and by whom must also be recorded.

Verification that electronic

health information has

not been altered in transit

§170.210(c) - A hashing algorithm with a security strength equal to or greater than SHA-1 (Secure Hash Algorithm (SHA-1) as specified by the National Institute of Standards and Technology (NIST) in FIPS PUB 180-3 (October, 2008) must be used to verify that electronic health information has not been altered

Encryption and decryption of

electronic health

information

§170.210(a)(1) - Any encryption algorithm identified by the National Institute of Standards and Technology (NIST) as an approved security function in Annex A of the Federal Information Processing Standards (FIPS) Publication 140-2 (incorporated by reference in §170.299). §170.210(a)(2) - Any encrypted and integrity protected link.

Record treatment,

payment, and health care operations disclosures

§170.210(d) - The date, time, patient identification, user identification, and a description of the disclosure must be recorded for disclosures for treatment, payment, and health care operations, as these terms are defined at 45 CFR 164.501.

Related Certification FAQs Click on the green numbers to view the answer to the FAQ.

If an EHR Module addresses multiple certification criteria (thus providing multiple capabilities), does it need to be tested and certified to the applicable privacy and security certification criteria as a whole or for each capability? 9-10-008-1

http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=3163&PageID=20770

Binder1 - Electrical & Electronic Enclosures, Cabinets ... · Advance search enclosure ... style lip for superior protect against flowing liquids. ... The flexibility of our modular

Protect your customer data. Protect your brand. Protect ... · Protect your customer data. Protect your brand. Protect your business. “From an attack pattern standpoint, the most

Protect Your Data, Protect Yourself

Meaningful Use Core Measures Protect Electronic Health

Protect your investment, your family, and your wallet...Protect your investment, your family, and your wallet Key FeaturesKey Features Why you need this electronic device: • Protect

UL L t Covers ProteCt against aCCidentaLLy UnPLUgging ...ProteCt against aCCidentaLLy UnPLUgging eLeCtroniC eqUiPment All Mier Transformer Covers include: • Durable CRS steel construction

Signal detection in electronic medical records · Signal detection in electronic medical records PROTECT Symposium Niklas Norén, PhD Uppsala Monitoring Centre On behalf of PROTECT

Meaningful Use Update Eligible Professionals · Security Audit Requirements •Objective: Protect electronic health information created or maintained by the certified EHR technology

Master Policy Number: UIC-07-B2BE-108-18-01 · 2018-01-04 · Tune Protect Travel Electronic Assurance_UAE (V 1.0) Tune Protect Travel Electronic Assurance (“Insurance Policy”)

LSU 06/04/2007Electronics 21 Electronic Components Electronics Unit, Lecture 2 Identification of components and handling precautions to protect them from

How security mechanisms can protect cars against …...How security mechanisms can protect cars against hackers Agenda • Electronic Control Unit (ECU) security • On-board network

Electronic Fund Transfer Act - Federal Reserve...EFTA 1 Electronic Fund Transfer Act The Electronic Fund Transfer Act (EFTA) (15 U.S.C. 1693 et seq.) of 1978 is intended to protect

Meaningful Use Core Measures Protect Electronic Health Information · Protect electronic health information created or maintained by the certified electronic health record (EHR) technology

PETA v. Texas A&M 18 - Electronic Frontier Foundation · Since 1990, the Electronic Frontier Foundation has led the charge to protect our basic rights to privacy and free expression

Protect B. 750 PRO Protect B.1000 (BP) PRO Protect …€¦ · Protect B.1000 PRO, Protect B.1400 PRO, Protect ... The back of the Protect B. PRO features the mains connections,

Protect Electronic Equipment from Damaging Power … Electronic Equipment from Damaging Power Surges and Line Noise Interference How to Choose the Best Surge Protectors for Everything

Electronic timers CT range - ABB Ltd · sealable transparent cover to protect against unauthorized changes in time and threshold values. ... Brochure - Electronic timers CT range

NETWORKS By : Nicolas Pottier. Electronic security Establishing techniques that allow users to prove and protect their Identity from unauthorised personnel

fusing and circuit breakers - Home of Pro-Tech · PDF fileThe fundamental way to protect an electronic circuit is ... with the circuit. Fusing and Circuit Breakers ... mobile electronic

Electronic Component Distributors - SL3S1003 1013 UCODE G2iM … · 2016. 5. 25. · (Electronic Article Surveillance) tag without the need for a back-end data base. Read Protect

Speaker’Name Statement Eileen’Nixon No’interests’to’declarePatientLandLStaffLPriorities Patients Staff 1. Care#coordination 2. Shared#medical#records#and#results# 3. Communicating#healthinformation

Secure Electronic Transaction (SET). What Is SET? SET is an open encryption and security specification designed to protect credit card transactions

The Patient’s Electronic Medical Record or Chart · CHAPTER 8 The Patient’s Electronic Medical Record or Chart 119 10008-GILLINGHAM-9781455707201 To protect the rights of the

SAFETY LIGHT CURTAINS OVERVIEW - Industrial … Electronic/PDF Documents Protect... · SAFETY LIGHT CURTAINS OVERVIEW ... operation on the most compact construction designs possible,

17.3. Secure Electronic Transaction - Compiler Design · PDF fileSecure Electronic Transaction SET is an open encryption and security specification designed to protect credit card

Health District Health Promotion submission regarding the ... › HealthInformation › HealthPro… · own alcohol consumption. Restricting the delivery of same day alcohol purchases

FUSEHOLDER SELECTION - Littelfuse/media/electronics/... · Littelfuse offers technologies that protect electronic and electrical circuits and their users against electrostatic discharge

Privacy & Security: Fundamentals of a Security Risk Analysis · Meaningful Use Core Measure 15: Protect Electronic Health Information Objective: Protect electronic health information

Protect Electronic Health Informationcsohio.himsschapter.org/sites/himsschapter/files/... · (on all master slides) HIPAA and Meaningful Use Protect Electronic Health Information

Data Security Navigating Though Laws, Policies, and Procedures to Protect Physical and Electronic Records Jon Ostendorf, The Hotchkiss School Michael Haney,

Effect of Health Information Technologies on ...Purpose ofReview To identify a commoneffectof healthinformation technologies(HIT) onthe management ofcardiovascular disease (CVD) risk

PROTECT YOURSELF PROTECT YOUR FAMILY PROTECT YOUR …ebolacommunicationnetwork.org/wp-content/uploads/2014/09/... · 2016-10-05 · PROTECT YOURSELF PROTECT YOUR FAMILY ... • When

REVISED ELECTRONIC TAX REGISTER SPECIFICATIONS … › images › publications › Revised-Electronic-Tax... · UPS Internal rechargeable battery of sufficient capacity to protect

Electronic supplementary material Photosynthesis mediated decrease in cadmium translocation protect shoot growth of Oryza sativa seedlings up on ammonium

CHILDREN’S ELECTRONIC TOY CAR - miweba GmbH S ELECTRONIC TOY CAR ... • Park the vehicle indoors or cover it with a tarp to protect it from wet weather. ... Our products are suitable