Security Requirements and Meaningful Use

IANS Faculty, Ed Moyle, gives a thought provoking webinar on the implications of "meaningful use" for information security professionals.

With the exception of HIPAA, nothing has been as transformative to Healthcare Information Technology as HITECH, especially pertaining to requirements around "meaningful use" of EHR.

For providers, when it comes to meaningful use, security can be a scary topic. Since it's a Phase 1 core requirement, it has providers asking questions (and the business associates supporting those providers) about what specific actions they need to take to address this topic. And while it's true that many providers will have to take some action to address security and privacy in the manner HHS intends, there's also an "upside" for security in meaningful use; namely, actions taken in the product space as part of certification efforts can help providers in historically challenging areas of security.

This discussion addresses the security requirements for providers as it relates to meaningful use: what HHS has said to date, enforcement guidance via OCR, as well as what information and direction there is from other stakeholders.

The discussion also focuses on how providers can use some of the movement in the industry (specifically product changes as part of certification efforts) to their advantage: for example, how they can leverage required security features implemented by EHR/EMR vendors to help them tackle some of the pernicious addressable HIPAA security controls that have been hanging open for years.