The Office of the National Coordinator for HIT reminds providers of availability of a 10-step plan to comply with privacy and security requirements under Stage 1 of the electronic health records meaningful use program.

These steps should begin 90 days before the target date to start the meaningful use program, ONC counsels. Steps in the plan include:

* Confirm the organization is covered entity using tools on ONC’s Web site;

* Designate a privacy and security officer;

* Document why you have security measures in place and where they are, how they were created and are being monitored, and retain relevant records that support attestation;

* Conduct a security risk analysis or reassess the existing analysis;

* Develop a plan to address threats and vulnerabilities identified in the analysis;

* Develop updated policies and procedures supporting the new plan, and retain outdated policies and procedures;

*  Train the workforce on the new policies and procedures;

* Communicate with patients about privacy and security issues, and emphasize the benefits of EHRs;

* Update business associate agreements requiring compliance with the privacy, security and breach notification rules; and

* Attest for the security risk analysis when attesting for meaningful use. Do not register or attest for the program until completing the privacy/security component. “Providers participating in the EHR Incentive Program can be audited,” ONC reminds stakeholders. “When you attest to meaningful use, it is a legal statement that you have met specific standards.”

Details on the 10-step plan are available here.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access