ONC Gives Guidance on Meaningful Use Privacy/Security Components
The Office of the National Coordinator for HIT reminds providers of availability of a 10-step plan to comply with privacy and security requirements under Stage 1 of the electronic health records meaningful use program.
The Office of the National Coordinator for HIT reminds providers of availability of a 10-step plan to comply with privacy and security requirements under Stage 1 of the electronic health records meaningful use program.
These steps should begin 90 days before the target date to start the meaningful use program, ONC counsels. Steps in the plan include:
* Confirm the organization is covered entity using tools on ONC’s Web site;
* Designate a privacy and security officer;
* Document why you have security measures in place and where they are, how they were created and are being monitored, and retain relevant records that support attestation;
* Conduct a security risk analysis or reassess the existing analysis;
* Develop a plan to address threats and vulnerabilities identified in the analysis;
* Develop updated policies and procedures supporting the new plan, and retain outdated policies and procedures;
* Train the workforce on the new policies and procedures;
* Communicate with patients about privacy and security issues, and emphasize the benefits of EHRs;
* Update business associate agreements requiring compliance with the privacy, security and breach notification rules; and
* Attest for the security risk analysis when attesting for meaningful use. Do not register or attest for the program until completing the privacy/security component. “Providers participating in the EHR Incentive Program can be audited,” ONC reminds stakeholders. “When you attest to meaningful use, it is a legal statement that you have met specific standards.”
Details on the 10-step plan are available here.
These steps should begin 90 days before the target date to start the meaningful use program, ONC counsels. Steps in the plan include:
* Confirm the organization is covered entity using tools on ONC’s Web site;
* Designate a privacy and security officer;
* Document why you have security measures in place and where they are, how they were created and are being monitored, and retain relevant records that support attestation;
* Conduct a security risk analysis or reassess the existing analysis;
* Develop a plan to address threats and vulnerabilities identified in the analysis;
* Develop updated policies and procedures supporting the new plan, and retain outdated policies and procedures;
* Train the workforce on the new policies and procedures;
* Communicate with patients about privacy and security issues, and emphasize the benefits of EHRs;
* Update business associate agreements requiring compliance with the privacy, security and breach notification rules; and
* Attest for the security risk analysis when attesting for meaningful use. Do not register or attest for the program until completing the privacy/security component. “Providers participating in the EHR Incentive Program can be audited,” ONC reminds stakeholders. “When you attest to meaningful use, it is a legal statement that you have met specific standards.”
Details on the 10-step plan are available here.
More for you
Loading data for hdm_tax_topic #reducing-cost...