The North Carolina Healthcare Information and Communications Alliance, which comprises industry stakeholders, has published a white paper on the privacy and security implications of meaningful use of electronic health records.

Privacy and security requirements in Stage 1 meaningful use criteria are minimal, but compliance could be tricky.

"While having privacy and security programs in place that meet the requirements of the HIPAA privacy and security rules may be assumed under the Meaningful Use criteria, it is not clear that most health care providers have fully implemented robust programs that can meet the existing rules, in addition to new requirements imposed by HITECH (e.g., breach notification, accounting of disclosures, etc.)," according to the paper. "Other than the rules and increasing enforcement activities, there is minimal experience from which providers can draw to determine where their privacy and security programs may fall on the compliance spectrum. The results of the CMS efforts to audit security programs in 2008 were not widely circulated; thus, lessons learned in that endeavor may have been overlooked. The audit/review process has been transferred to the Office of Civil Rights; however, OCR is not expected to begin audits of existing programs until 2011."

The white paper covers a number of privacy and security implications in achieving meaningful use. These include governance models, program components, risk assessment and migration processes, security program evaluation, awareness and training, incident reporting and response, and accounting of disclosures. The paper is available at

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access