On Tuesday, the North Carolina Healthcare Information and Communications Alliance published a white paper on privacy and security implications related to "meaningful use" criteria for electronic health records, Health Data Management reports.
NCHICA is a not-for-profit consortium of health care industry stakeholders.
Under the 2009 economic stimulus package, health care providers who demonstrate meaningful use of certified EHRs can qualify for incentive payments through Medicare and Medicaid.
The paper addresses several privacy and security issues in meeting meaningful use criteria, including:
- Accounting of disclosures;
- Awareness and training;
- Evaluation of security measures;
- Governance models;
- Incident reporting and response;
- Program designs; and
- Risk assessment processes (Goedert, Health Data Management, 10/5).
The paper includes information on the roles of key staff in meeting meaningful use criteria (NCHICA release, 10/5).
According to the paper, "it is not clear that most health providers have fully implemented robust programs that can meet" existing privacy rules as well as new requirements outlined in the HITECH Act.
Health care providers seeking to determine whether their privacy and security programs comply with meaningful use criteria have "minimal experience" at their disposal, as CMS security audits conducted in 2008 "were not widely circulated," the paper says.
The audit process is now under the HHS Office for Civil Rights, but the office is not expected to start auditing existing programs until 2011, according to the paper (Health Data Management, 10/5).