Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIT Standards Committee Privacy and Security Workgroup Standards and Certification Requirements for Certified EHR Modules Dixie Baker, Chair Walter Suarez,

Published byHarvey Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: "HIT Standards Committee Privacy and Security Workgroup Standards and Certification Requirements for Certified EHR Modules Dixie Baker, Chair Walter Suarez,"— Presentation transcript:

1 HIT Standards Committee Privacy and Security Workgroup Standards and Certification Requirements for Certified EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair November 2, 2012

2 Agenda 10:00 amCall to Order/Roll Call - MacKenzie Robertson, Office of the National Coordinator 10:05 amWelcome & Assigned Task Overview - Dixie Baker, Chair - Walter Suarez, Co-Chair 10:15 amONC Background: 1)Factors Motivating Change in EHR Module Certification 2)NSTIC Compatibility Constraint - Steve Posnack, Will Phelps and Debbie Bucci, Office of the National Coordinator 10:45 amDiscussion of Minimal Requirements for EHR Module Certification - Workgroup 11:20 amNext Steps 11:25 amPublic Comment 11:30 amAdjourn

3 Assigned Task Overview 2014 Edition final rule modifies the certification processes ONC- Authorized Certification Bodies (ONC-ACBs) will need to follow for certifying EHR Modules in a manner that … reduces regulatory burden by eliminating the certification requirement that every EHR Module be certified to the “privacy and security” certification criteria. Instead, the privacy and security capabilities are included in the Base EHR definition that every EP, EH, and CAH must meet as part of meeting the CEHRT definition.

4 2014 Edition: Base EHR Definition

5 2014 Edition: Complete EHRs and CEHRT Complete EHR – EHR technology that meets the Base EHR definition and has been developed to meet, at a minimum, all mandatory 2014 Edition EHR certification criteria for either an ambulatory setting or inpatient setting Certified EHR Technology (CEHRT) – EHR technology certified under the ONC HIT Certification Program to the 2014 Edition EHR certification criteria that has: (i) The capabilities required to meet the Base EHR definition; and (ii) All other capabilities that are necessary to meet the objectives and associated measures under 42 CFR 495.6 and successfully report the clinical quality measures selected by CMS in the form and manner specified by CMS (or the States, as applicable) for the stage of meaningful use that an eligible professional, eligible hospital, or critical access hospital seeks to achieve.

6 Certified EHR Module 2014 Edition: Two Approaches for Meeting CEHRT Requirement Certified Complete EHR Base EHR Def CEHRT Base EHR Def Certified EHR Module Base EHR Def Certified EHR Module Certified EHR Module EPs, EHs, and CAHs are required to meet CEHRT definition using certified Complete EHR or combination of certified EHR Modules ONC HIT Certification Program

7 2014 Edition: Posnack Slide from Sept 2012 HITSC Presentation (showing Stage 2 examples only) Base EHR MU1 Core MU2 Menu 2014 Edition Complete EHR Stage 2 EP/EH Vendor B 2014 Edition EHR Module Approaches Base EHR MU1 Core MU2 Menu Vendor X Stage 2 EP/EH w/exclusions Stage 2 EP/EH Base EHR MU1 Core MU2 Menu Vendor A Vendor B Vendor C Base EHR MU2 MU1

8 Privacy and Security Workgroup Task Provide recommendations, targeted for the 2016 Edition of EHR certification. Specifically, they have asked us to identify the minimal set of privacy and security standards and certification criteria for certifying EHR Modules Recommendations should anticipate future broad adoption of NSTIC- based authentication, and therefore should be compatible with the NSTIC* approach *National Strategy for Trusted Identities in Cyberspace

9 Questions to be Addressed (1 of 2) 1.What is the minimal set of privacy and security properties (i.e., left- hand column in the table above) that every certified EHR Module should exhibit (either natively or by using external services)? What standards can support these properties? 2.What privacy and security properties might a certified EHR Module need to exhibit conditionally? For example, an e-prescribing Module may need to support two-factor authentication; an integration Module may need to be able to encrypt data for transmission. What standards can support these properties? 3.What certification criteria can be used to certify the privacy and security properties of EHR Modules? If the Module depends upon an external service to meet these criteria, does the external service need to be certified? If not, how can the Module be tested for conformance with these criteria?

10 Questions to be Addressed (2 of 2) 4.Should the privacy and security services implemented in one EHR technology be accessible to, and interoperable with, other EHR Modules that are separately certified? –If not, is the minimal property set defined in 1 still valid? –If so, what functional interactions between EHR technology #1 and EHR technology #2 can and should be addressed by interoperability standards and certification criteria? 5.Given that the 2014 Edition EHR standards and certification criteria has been released, with no prerequisite privacy and security certification requirements for EHR Modules in order to be certified, should ONC offer guidance regarding appropriate or suggested EHR Module use of the privacy and security properties and services of other EHR technology?

11 ONC Background Steve Posnack, Will Phelps, Debbie Bucci Factors Motivating Change in EHR Module Certification NSTIC Compatibility Constraint

Download ppt "HIT Standards Committee Privacy and Security Workgroup Standards and Certification Requirements for Certified EHR Modules Dixie Baker, Chair Walter Suarez,"

Similar presentations

Quality Measures Vendor Tiger Team December 13, 2013.

Quality Measures Vendor Tiger Team December 13, 2013.
Quality Measures Vendor Tiger Team January 30, 2014.

Quality Measures Vendor Tiger Team January 30, 2014.
2014 Edition Release 2 EHR Certification Criteria Final Rule.

2014 Edition Release 2 EHR Certification Criteria Final Rule.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.

Connecticut Ave NW, Washington, DC Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
CMS EHR Incentives Attestation-Audits-Appeals Focus on Hospitals Jim Tate November 12, 2013 www.MeaningfulUseAudits.com.

CMS EHR Incentives Attestation-Audits-Appeals Focus on Hospitals Jim Tate November 12,
Overview of HITSC and S&I Framework Criteria to Evaluate Health IT Standard HL7 Clinical Quality Information Workgroup Walter G. Suarez, MD, MPH – Co-Chair,

Overview of HITSC and S&I Framework Criteria to Evaluate Health IT Standard HL7 Clinical Quality Information Workgroup Walter G. Suarez, MD, MPH – Co-Chair,
Proposed Establishment of Certification Programs for Health Information Technology Notice of Proposed Rulemaking HIT Standards Committee Presentation.

Proposed Establishment of Certification Programs for Health Information Technology Notice of Proposed Rulemaking HIT Standards Committee Presentation.
Health IT Policy Committee Meeting Data Analytics Update January 13, 2015.

Health IT Policy Committee Meeting Data Analytics Update January 13, 2015.
CMS 2014 CEHRT Flexibility Rule Mark Renfro Jesus F. Ruiz.

CMS 2014 CEHRT Flexibility Rule Mark Renfro Jesus F. Ruiz.
Slide 1 Regional Care Collaborative March 26, 2015.

Slide 1 Regional Care Collaborative March 26, 2015.
Supporting Meaningful Use Stage 2 Transition of Care Requirements

Supporting Meaningful Use Stage 2 Transition of Care Requirements
Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)

Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)
Interoperability and Health Information Exchange Workgroup April 17, 2015 Micky Tripathi, chair Chris Lehmann, co-chair.

Interoperability and Health Information Exchange Workgroup April 17, 2015 Micky Tripathi, chair Chris Lehmann, co-chair.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
CMS NPRM proposes requirements for Stage 3 of EHR Incentive Programs (in FR March 30, 2015) In conjunction with.

CMS NPRM proposes requirements for Stage 3 of EHR Incentive Programs (in FR March 30, 2015) In conjunction with.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Electronic Health Records – Meaningful Use, Certification, and the Regulatory Rulemaking Process June 18, 2015 Lori Mihalich-Levin,JD

Electronic Health Records – Meaningful Use, Certification, and the Regulatory Rulemaking Process June 18, 2015 Lori Mihalich-Levin,JD
ONC Policy and Program Update Health IT Standards Committee Meeting July 17, 2013 Jodi Daniel Director, Office of Policy and Planning, ONC 0.

ONC Policy and Program Update Health IT Standards Committee Meeting July 17, 2013 Jodi Daniel Director, Office of Policy and Planning, ONC 0.

Similar presentations

Ads by Google