Meaningful Use, Privacy and Security in EHR Systems: What Does the Future Hold?
In June, the Office of the National Coordinator for Health Information Technology (ONC) issued its final rule to establish a temporary certification program for Electronic Health Record (EHR) Technology. This marks an important step towards allowing healthcare facilities to meet and achieve meaningful use, a requirement to qualify for incentive payments under Medicare and Medicaid. Yet, even with this new development, lingering security questions still plague the process, making the transition to an interoperable EHR system seem even further away and harder to achieve.
Not only will offices, hospitals and other organizations have the same risks associated with access and transmission that have always existed for electronic data, but this will also be increased in magnitude as access from locations outside the organization’s control becomes easier. Further, employees within the healthcare system will have to be trained extensively to recognize the risks associated with this new level of interoperability.
Medicare incentives begin to phase out in 2014, followed by reductions in payments by 2015 if requirements are not met. Will most facilities make it in time? By some accounts, there is still quite a journey ahead – according to HHS’ Health Information Technology website, the preliminary estimates from the 2009 National Ambulatory Medical Care Survey indicate that 43.9 percent of physician respondents reported all or partial EMR/EHR systems (not including systems solely for billing) in office-based practices. Of those, about 20.5 percent have met the government criteria of a basic system, with a mere 6.3 percent reporting a fully functional system.
It’s a lot to consider, especially if your organization isn’t counted among that 43.9 percent. But for those that have yet to implement an interoperable system, you won’t exactly have to start from ground zero – the guidance that is slowly emerging from HHS and other government entities will be a helpful starting point. Additionally, there has never been a better time to consider patient data security and privacy, particularly in light of the new breach notification requirements under HITECH. Make this a part of your transition so that you don’t carry any bad security habits with you as you migrate to the digital world.
What do you see as the top privacy and security considerations when transitioning to EHRs? What are the biggest challenges an organization faces?
by Brian Lapidus
COO, Kroll Fraud Solutions
Tags: breach notification, data security, EHR, Health Information Technology, HHS, HITECH, HITECH Act
I read a fair amount of blogs and websites covering these topics. I can definitively say that this is rapidly becoming one of my must reads. I bookmarked this, I added this on Digg, and I subscribed to the RSS. Thanks!
Nice post. Like the wat you have brought out some of the key privacy issues.
On the topic of quality of EHR implementation, I fell that the introduction of REC’s through the HITECH act. is a great way to avail of quality EHR solutions at competitive prices. The stiff competition among not only these REC’s but also among EHR vendors ( to become a preferred vendor of a given REC) will result in lot of positives to medical practioners.
Looking the funding provided to the REC’s, the staggered grant allocation system also promises to be an unbiased way of allocating funds. It will also help in the concept of REC’s helping out each with their own unique business models. It can be one of the possible answers to the
’safe vendor challenge’ as discussed by many critics.
Police use this in their cyber-crimes divisions. Law enforcement in general utilizes hackers to break into computers used as evidence or to obtain information. Regular IT and networking experience and degrees would be a must.