White paper explores security and privacy protections of HITECH Act
ARLINGTON, VA — 05/20/10 — Vangent, Inc. has published a white paper to help healthcare providers and organizations understand security and privacy protections for personal health information as it pertains to the Federal Government’s HITECH Act and meaningful use measures. “Privacy and Security Considerations for EHR Incentives and Meaningful Use” focuses on the privacy and security aspects of the measures, Electronic Health Record (EHR) certification criteria, and standards included in meaningful use. Health care providers and professionals will gain insight into future expectations and compliance as they prepare to seek government funding through the EHR incentive program, which requires ‘meaningful use’ of EHRs.
Meaningful use measures cover a wide range of functional and technical capabilities, but there is only one measure related to security and privacy. As stated in the proposed rule and required under the HIPAA Security Rule, organizations implementing EHR technology must “conduct or review a security risk analysis and implement security updates as necessary” to demonstrate eligibility for the incentive program. Many healthcare organizations are not prepared to comply despite the fact that this measure is already an obligation under HIPAA.
There are no specific privacy measures in the proposed rules on meaningful use, nor are there privacy certification criteria or standards required for EHR technology. The absence of explicit privacy requirements has created uncertainty, particularly the lack of criteria to ensure that individual patients can control the use or disclosure of information in their electronic health records. “Privacy and Security Considerations for EHR Incentives and Meaningful Use” dives into the American Recovery and Reinvestment Act of 2009 (ARRA), helping to ensure adequate privacy and security protections for personal health information, and guiding organizations toward conducting adequate privacy and risk analyses to achieve compliance and prepare for future stages of meaningful use requirements.
“Consent and control of health information are integral components necessary to encourage patient participation and support of electronic health records. Vangent’s white paper helps healthcare organizations prepare now by taking the necessary steps to ensure they are mitigating privacy and security risks, garnering patient acceptance of EHRs, and maintaining their eligibility to receive the incentives associated with meaningful use,” said Kerry Weems, Senior Vice President for Health Strategy at Vangent.