ONC Guide to Privacy and Security - 10 Steps to Meaningful Use

May 9, 2012. The ONC has issued a Guide to Privacy and Security of Health Information which includes the 10 steps to meaningful use and is directed at Eligible Practices.  The guidance provided however is valid for Covered Hosptials as well.  This is a must read document.  Some of the highlights are listed below.

Chapters include:
1. What Is Privacy and Security and Why Does It Matter?
2. Privacy and Security and Meaningful Use.
3. Privacy & Security 10 Step Plan for Meaningful Use.
4. Integrating Privacy and Security into Your Practice.
5. Privacy and Security Resources.

A FEW HIGHLIGHTS:
For privacy and security, the following are the requirements for Stage 1 of Meaningful Use:

Core Objective & Measure 12: Provide patients with an electronic copy of their health information,
upon request.

• More than 50 percent of all patients who request an electronic copy of their health information are provided it within three business days.

Core Objective & Measure 15: Protect electronic health information created or maintained by the
certified EHR technology through the implementation of appropriate technical capabilities.

• Conduct or review a security risk analysis in accordance with the requirements under theHIPAA Security Rule (45 CFR 164.308(a)(1) (ii) (A)) implement security updates as necessary and correct identified security deficiencies as part of the risk management process.

MYTH: Simply installing a certified EHR fulfills the security risk analysis MU requirement.
FACT: False. Even with a certified EHR, you must perform a full security risk analysis. Security
requirements address all electronic protected health information you maintain, not just what
is in your EHR.

Download the entire guidance here:
http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf