Focus Rheums| ACR Convergence 2024 Previews

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

Is the Electronic Health Information in Your Practice Really Safe?

  |  Issue: July 2011  |  

Healh IT

The Centers for Medicare and Medicaid Services (CMS) Electronic Health Record (EHR) Incentive Program (Meaningful Use) provides for eligible physicians who demonstrate “meaningful use” of certified EHR technology to be eligible to receive up to $44,000 in Medicare incentive payments over five years or up to $63,750 in Medicaid incentive payments over six years. But what does it really mean to achieve “meaningful use” for the EHR Incentive Program, and what will your practice need to do to meet the required objectives?

Privacy and Security of Electronic Health Information

One Meaningful Use objective that generates quite a bit of interest and even more questions is the aim to ensure appropriate protection of electronic health information. To meet this objective, you need to ensure that your EHR system is equipped to support basic security functionalities and that your practice is doing everything it can to identify potential threats and implement policy to keep information protected from nontechnical threats.

ADVERTISEMENT
SCROLL TO CONTINUE

The Meaningful Use certification program addresses the more technical aspects of privacy and security, making sure that your system functionally protects electronic health information by implementing controls and encryption, such as:

  • Assigning a unique user name for each user;
  • Encrypting and decrypting health information for backups and removable media;
  • Providing for event recording such as deletion of records;
  • Creating an audit review log;
  • Using systems to ensure health information has not been altered using a hash algorithm;
  • Recording disclosures made for treatment; and
  • Ensuring identity management is in place.

However, technology is just one piece of the security puzzle. Using certified EHR technology alone will not guarantee compliance with the Health Insurance Portability and Accountability Act (HIPAA) and supporting security rules. Your practice will also need to actively conduct a security risk assessment, documenting the findings and any plans to mitigate risk and improve practice workflow and policy that supports the security of patient data.

ADVERTISEMENT
SCROLL TO CONTINUE

HIT Resources

The ACR website offers information and resources for Health Information Technology, including:

  • HIT Webinar Library: View recordings and slides on all aspects of the CMS EHR Incentive Program
  • Frequently Asked Questions about the EHR Incentive program
  • CMS 2011 e-Prescribing Program: What you need to know about the program and its financial impact on your practice
  • EHR selection and implementation
  • HITECH programs supporting HIT and your practice
  • Rheumatology Clinical Registry
  • HIT education opportunities and events

To access these resources, visit www.rheumatology.org/HIT.

The Risk Assessment

During a recent ACR Meaningful Use webinar, Nicholas Harned, JD, a health law attorney from Vedder Price, P.C., focused on the privacy and security requirements. Harned said that the Meaningful Use Privacy and Security objective is framed to ensure certified EHR technology supports the protection of electronic data but “does not impede [a provider’s] ability to comply with HIPAA.”1

Related Articles

    The New Year Brings New Opportunities in HIT

    January kicked off a new era for health information technology (HIT). A new year brings new opportunities, with the Centers for Medicare and Medicaid Services (CMS) electronic health record (EHR) incentive program topping the list. But what is meaningful EHR use, and what does it mean for you? What are the steps to get started?

    Measuring Up for Meaningful Use

    The Centers for Medicare and Medicaid Services’ (CMS’) Electronic Health Record (EHR) Incentive Program—Meaningful Use—requires that eligible providers participating in the incentive program successfully demonstrate meaningful use of the EHR system by reporting on a set of core and menu functional objectives to qualify for incentive payments of up to $44,000.