HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.

Slides:



Advertisements
Similar presentations
1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
Advertisements

HIT Standards Committee Privacy and Security Workgroup Recommendations for Electronic Health Record (EHR) Query of Provider Directories Dixie Baker, Chair.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Implementation Workgroup: Current Activities and Next Steps.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
Liz Johnson Christopher Ross Implementation Workgroup August 22, 2013.
Report to HITSC: Virtual Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Hearing held on March 12, 2014 Sponsored by the.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
Overview of HITSC and S&I Framework Criteria to Evaluate Health IT Standard HL7 Clinical Quality Information Workgroup Walter G. Suarez, MD, MPH – Co-Chair,
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.
HIT Standards Committee Clinical Operations Workgroup Report Jamie Ferguson, Chair Kaiser Permanente John Halamka, Co-chair Harvard Medical School 21 July,
Certification NPRM Comments Package Transport and Security Standards Workgroup Dixie Baker, Chair Lisa Gallagher, Co-Chair May 20, 2015.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union May 26, 2010.
Temporary Certification Program: Overview Educational Session August 18, 2010 Carol Bean, PhD Director, Certification Division Office of the National Coordinator.
Privacy and Security Tiger Team Comparison of Stage 2 Proposed Rules w/Health IT Policy Committee previous privacy & security recommendations Preliminary.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010.
HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair September 21, 2010.
1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.
HIT Standards Committee Hearing on Trusted Identity of Patients in Cyberspace November 29, 2012 Jointly sponsored by HITPC Privacy and Security Tiger Team.
Transport & Security Standards Workgroup Notice of Proposed Rulemaking Comments Dixie Baker, Chair Lisa Gallagher, Co-Chair May 15, 2015.
HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,
HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair Walter Suarez, Co-Chair June 22, 2011.
HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.
Authentication, Access Control, and Authorization (1 of 2) 0 NPRM Request (for 2017) ONC is requesting comment on two-factor authentication in reference.
HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009.
HIT Standards Committee HIT Standards Committee Privacy and Security Workgroup Discussion of NwHIN Power Team Recommendations August 6,
Privacy & Security Workgroup NPRM Comments Dixie Baker, Chair Lisa Gallagher, Co-Chair April 24, 2014.
HIT Standards Committee Consumer Technology Workgroup – Kickoff Meeting March 21, :00 AM– 12:00 PM Eastern.
Privacy and Security Tiger Team Trusted Identity of Providers in Cyberspace Follow-Up Recommendations September 6, 2012.
Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
HIT Standards Committee Privacy and Security Workgroup Recommendations on Certification of EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair December.
2015 Edition Certification NPRM HITSC Report Out Implementation, Certification, and Testing (ICT) Workgroup June 24, 2015 Liz Johnson, co-chair Cris Ross,
HIT Policy Committee NHIN Workgroup Introductory Remarks David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of Commerce,
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
Draft – discussion only Content Standards WG (Documents and Data) Proposed HITSC Workgroup Evolution 1 Architecture, Services & APIs WG Transport and Security.
Transport & Security Standards Workgroup Notice of Proposed Rulemaking Comments Dixie Baker, Chair Lisa Gallagher, Co-Chair April 21, 2015.
HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15,
Larry Wolf, chair Marc Probst, co-chair Certification / Adoption Workgroup March 19, 2014.
HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.
HIT Standards Committee Implementation Workgroup Updates July 17, 2013 DRAFT.
HIT Standards Committee Clinical Operations Workgroup Report Jamie Ferguson, Chair Kaiser Permanente John Halamka, Co-chair Harvard Medical School 20 August,
HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,
HIT Standards Committee NHIN Workgroup Introductory Remarks Farzad Mostashari Office of the National Coordinator for Health IT Douglas Fridsma Office of.
HIT Standards Committee Privacy and Security Workgroup Final Recommendations for NwHIN Governance RFI Assigned Questions Dixie Baker, Chair Walter Suarez,
HIT Standards Committee Clinical Operations Workgroup Jamie Ferguson, Kaiser Permanente John Halamka, Harvard Medical School June 23, 2009.
HIT Standards Committee Overview and Progress Report March 17, 2010.
HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,
HIT Standards Committee Implementation Workgroup Aneesh Chopra Chief Technology Officer Office of Science & Technology Policy (OSTP) October 29, 2009.
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
HIT Standards Committee Privacy and Security Workgroup Standards and Certification Requirements for Certified EHR Modules Dixie Baker, Chair Walter Suarez,
Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.
HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair November 16, 2011.
Larry Wolf Certification & Adoption Workgroup Recommendations on LTPAC/BH EHR Certification May 6, 2014.
Framing Identity Management Recommendations Transport & Security Standards Workgroup November 19, 2014.
HIT Standards Committee Privacy and Security Workgroup Progress Report on Review of Governance RFI Dixie Baker, Chair Walter Suarez, Co-Chair May 24, 2012.
HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair September 28, 2011.
Data Gathering HITPC Workplan HITPC Request for Comments HITSC Committee Recommendations gathered by ONC HITSC Workgroup Chairs ONC Meaningful Use Stage.
Workgroup Introduction & Trust Mark Briefing Transport & Security Standards Workgroup September 22, 2014.
HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair October 27, 2010.
HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,
HIPAA Security Standards Final Rule
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair November 13, 2012

Dixie Baker, SAIC John Blair, Taconic IPA Tonya Dorsey, BlueCross BlueShield of South Carolina Mike Davis, Veterans Health Administration Lisa Gallagher, HIMSS Leslie Kelly-Hall, Healthwise Chad Hirsch, Mayo Jeff Jonas, IBM Peter Kaufman, DrFirst Ed Larsen David McCallie, Cerner Corporation John Moehrke, General Electric Wes Rishel, Gartner Kevin Stine, NIST Walter Suarez, Kaiser Permanente Sharon Terry, Genetic Alliance Privacy and Security Workgroup

Task Context 2010 Edition of EHR Certification Program introduced certification of “Complete EHRs” and “EHR Modules” –EHR Modules were certified against all privacy and security criteria 2014 Edition introduced changes aimed at streamlining the certification process and reducing regulatory burden –Eliminated the requirement for EHR Modules to be certified to the privacy and security certification criteria –Introduced “Base EHR definition” – a set of core attributes, including privacy and security, that each Certified EHR Technology (CEHRT) adopted by an eligible professional (EP), eligible hospital (EH), or critical access hospital (CAH) must meet Might the pendulum have swung too far? For the 2016 Edition, might it be possible to require that each EHR Module be certified against some minimal set of privacy and security criteria, without imposing unreasonable regulatory burden?

2014 Edition: Base EHR Definition

2014 Privacy and Security Certification Criteria and Related Standards

Task Assignment Provide recommendations for certifying EHR Modules under the 2016 Edition of the EHR Certification Program. –Identify the minimal set of privacy and security standards and certification criteria –Anticipate future broad adoption of NSTIC-based authentication, and therefore should be compatible with the NSTIC* approach *National Strategy for Trusted Identities in Cyberspace

Certified EHR Module 2014 Edition: Certification and Adoption Certified Complete EHR Base EHR Def CEHRT Base EHR Def Certified EHR Module Base EHR Def Certified EHR Module Certified EHR Module EPs, EHs, and CAHs are required to meet CEHRT definition by adopting a certified Complete EHR or a combination of certified EHR Modules that together meet the Base EHR definition ONC HIT Certification Program CEHRT is the technology that is implemented in the operational environments of meaningful users This is where HIPAA Privacy and Security Requirements are applied

Draft Recommendation – work in progress For the 2016 Edition, we recommend that each EHR Module presented for certification be required to meet each privacy and security certification criterion in the minimal set, using one of the following three certification paths: 1.Demonstrate, through system documentation and certification testing, that the EHR Module includes functionality that fully conforms to the privacy and security certification criterion. 2.Demonstrate, through system documentation and certification testing, that the EHR Module has implemented standards-based service interfaces that enable it to access external services necessary to conform to the privacy and security certification criterion. [P&S WG will recommend standards for service interfaces] 3.Demonstrate through documentation that the privacy and security certification criterion is inapplicable or would be technically infeasible for the EHR Module to meet.

Draft Recommendation – seeking your thoughts For the 2016 Edition, we recommend that each EHR Module presented for certification be required to meet each privacy and security certification criterion in the minimal set, using one of the following three certification paths: 1.Demonstrate, through system documentation and certification testing, that the EHR Module includes functionality that fully conforms to the privacy and security certification criterion. 2.Demonstrate, through system documentation and certification testing, that the EHR Module has implemented standards-based service interfaces that enable it to access external services necessary to conform to the privacy and security certification criterion. [P&S WG will recommend standards for service interfaces] 4.Demonstrate through documentation that the privacy and security certification criterion is inapplicable or would be technically infeasible for the EHR Module to meet. 3.Demonstrate through system documentation that the EHR Module has implemented non-standards-based service interfaces that enable it to access services provided by other certified EHR technology to conform to the privacy and security certification criterion.

Draft Recommendations – Minimal Set What is the “minimal set” of security functionality that every EHR Module should be required to address via one of the defined paths? 1.Authentication, access control, and authorization 2.Auditable events and tamper resistance 3.Audit report(s) 4.Amendments 5.Automatic log-off 6.Emergency access 7.Encryption of data at rest 8.Integrity 9.Optional – accounting of disclosures

Next Steps Agree upon 3 or 4 paths Select interoperability standards Solicit public comments through ONC blog Present final recommendation to HITSC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.