HIPAA Audit: OCR Is On The Move
The provisions of the two final rules of Stage 2 of Meaningful Use released last week have attracted significant attention, especially the rule demanding retention of patient engagement obligations. However, what is more striking is how these two final rules are intertwined with the privacy and security requirements of HIPAA, although many commenters on the proposed rules have asked the Centers for Medicare & Medicaid Services to remove redundancies. This clearly shows that the government’s top priorities lie in keeping electronic records secure, and allaying patients’ fears about the security of their medical records.
Elizabeth Holland, Director of HIT Initiative Group of CMS’ Office of e-Health Standards and Services said that HIPAA is now being reinforced, and that there will be added emphasis on the privacy and security of patient information as people are wary about the confidentiality of their health records when they go electronic.
So, conducting effective risk assessment of EHR and safeguarding EHR from vulnerabilities are now not only a part of HIPAA’s security rules, but also clearly a requirement as per the Stage 2 rule of Meaningful Use. However, the requirements of both these rules are not really identical. According to Elizabeth Holland, while HIPAA doesn’t require annual risk assessment, for the Meaningful Use program, risk assessments have to be conducted every year and these assessments must more specifically address data encryption for EHR.
While the final Stage 2 rule has adopted most of the provisions of HIPAA, there are some noteworthy differences too:
- Firstly, the proposed rule requires encryption to be enabled as a default setting on EHRs, and the ability to disable this setting should be limited
- Secondly, the rule which expands the accounting for disclosure obligations for patient data in electronic form is not yet final, but the proposed Stage 2 rule recommends this as an “optional” criterion to meet the certification obligations of Stage 2
While the proposed certification rule included certain technical requirements in dealing with patient requests for amending electronic data, the final rule allows some flexibility in this capability.
So it is quite evident that if you are complying with HIPAA, you should be easily able to meet the Stage 2 requirements of Meaningful Use. But, it is important to remember that this intertwining of HIPAA and Meaningful Use rules also means that if you are not complying with one of them, you may be violating both. This reinforces the need for a solution like SecureGRC which can help you meet the requirements of HIPAA effectively by safeguarding health records in a comprehensive manner, while also ensuring that you significantly benefit from ‘Meaningful Use’ of EHR.
Related posts
Hi blogger ! I read your blog everyday and i must say you have very interesting posts here.
Your website deserves to go viral. You need initial
boost only. How to go viral fast? Search for;
forbesden’s tools