Can You Ensure Privacy & Security of ePHI with Meaningful Use Certified EHR?

Posted by: Alok Prasad


Schedule Free Demo & Consultation

Meaningful Use Stage 2 Compliant EHR

Many practices have been busy attesting to Meaningful Use (MU) objectives, many of which pertain to HIPAA hipaa_complianceprivacy and security. Privacy- and security-related MU measures include those that address the protection of electronic protected health information (ePHI) from unauthorized access. These measures also allow patients themselves to access their own ePHI. This article explores several MU measures that relate to keeping patients’ ePHI private and secure. Physicians must be aware of these measures and take steps to ensure compliance.

Privacy and security measures embedded in MU Stage 2

MU Stage 2 requires eligible professionals (EP) to report 17 core objectives and three out of six menu objectives. Several of the core objectives include privacy- and security-related measures, such as:

  • Provide patients the ability to view online, download and transmit their health information
  • Provide clinical summaries for patients for each office visit
  • Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical, administrative, and physical safeguards
  • Use secure electronic messaging to communicate with patients on relevant health information

The importance of using a certified EHR cannot be underestimated. Certified EHR technology helps accomplish the following goals:

  • Provides the technological capability, functionality, and security to help EPs meet MU criteria
  • Gives providers and patients the confidence they need in knowing that the systems they use are secure and can maintain data confidentiality

What to expect in proposed MU Stage 3?

Protection of ePHI is also a strong theme in the proposed MU Stage 3. Following are several notable changes:

  • EPs must provide patients with the ability to view online, download, and transmit their health information within 24 hours if generated during the course of a visit (labs or other types of information not generated within the course of a visit must be available to the patient within four business days)
  • EPs must be able to receive patient-generated health data via secure messaging or structured/semi-structured questionnaires
  • EPs must provide office visit summaries to patients or their representatives with relevant, actionable information and instructions pertaining to the visit (summaries should be shared in a format of the patient’s choosing)
  • EPs must conduct or review a security risk analysis for each EHR reporting period (i.e., every calendar year)

The HIT Policy Committee Workgroup published a helpful side-by-side comparison of Stages 2 and 3 so physicians can better understand the implications of any proposed new or revised requirements.

How to ensure protection of ePHI under MU Stage 3?

Not surprisingly, 18% of respondents to a recent survey conducted by QuantiaMD said protecting ePHI would be the most difficult MU Stage 3 proposed measure for physicians to meet. In April, the Office of the National Coordinator for Health Information Technology published a Guide to Privacy and Security of Electronic Health Information that includes a 7-step approach to implementing a security management process:

  • Step one: Lead your culture, select your team, and learn
  • Step two: Document your process, findings, and actions
  • Step three: Review existing security of ePHI
  • Step four: Develop an action plan
  • Steps five: Manage and mitigate risks
  • Step six: Attest for MU security-related objective
  • Step seven: Monitor, audit, and update security on an ongoing basis

Moving forward

As providers continue to implement EHRs, they must keep the privacy and security of ePHI in mind. This is important not only in terms of protection of information but also in terms of meeting MU requirements. Work with your certified EHR vendor to ensure that all current requirements are met and that proposed requirements can be met in the future.

For more information about how meaningful use compliant EHRs can help protect ePHI in your clinic or to see a demo of RevenueXL’s EHR, contact Revenue XL today.

Questions? Contact us Today

Related Posts:

Topics: Meaningful use, Certified EHR Software

  • There are no suggestions because the search field is empty.

Why RevenueXL

Streamline Your Small Practice With Customized Solutions

EHR Software, Practice Management, Telemedicine, Patient Engagement, Credentialing, Medical Billing Services, Denial Management, Coding Compliance and Audit

All-in-One EHR Software - Tired of Your EHR Software?

Related Posts

EHR Vendor Selection Criteria | EHR Selection Process

EHR Vendor Selection Guide For Small Medical Practices Successful implementation of medical EHR software can only be achieved by following a sound...

Read More

What is MIPS?

Learn More about Merit-Based Incentive Payment System MIPS or Merit-Based Incentive Payment System is a program that falls under the Quality Payment...

Read More

Providers: Mobile Healthcare Revolution Can Change Your Life. Adopt It.

There’s no doubt that mobile healthcare—often referred to as mHealth—has the ability to transform healthcare as we know it. Mobile health technology,...

Read More

Ready to Transform Your Practice?

PrognoCIS EMR Software - Award-Winning Patient Records Learn how it works