Committee Documents Report from Privacy & Security Workgroup:
— Implementation Specifications Recommendations (PPT)
— Implementation Specifications Handout (XLS)
Clinical Operations Workgroup Detailed Recommendations (XLS)
The committee’s security and privacy workgroup clarified requirements that electronic health record systems must meet so both vendors and healthcare providers could use a number of access controls in their electronic health record systems and practices by 2011. […]
Under the standards approved today, by 2011 EHR systems would have to meet several standards for access control, including technical requirements of the security and privacy rules of the Health Insurance Portability and Accountability Act’s (HIPAA) and the Advanced Encryption Standard.
The HITECH provisions of the economic stimulus legislation toughened HIPAA’s security and privacy rules. The standards endorsed today cover the terms of those rules.
Under these standards, EHRs should be able to permit access only to those persons or applications that have been granted access rights. The standards also cover the ability to encrypt and decrypt electronic personal health information.