Explorations in the Design and Implementation of Clinical Information Systems
Since the last resources-related post, two additional pages have been added— Usability and Security. Resource pages offer practical information for those implementing systems and research information for informatics researchers and system designers. Usability The initial version of the usability page focuses on major national policy reports/documents and selected research articles going back to 1999. The [...]
{ 0 comments }
Backups are important. However, when things really go wrong, they alone are not enough. “Disaster” may sound overly dramatic, but, in fact, catastrophic data losses are not rare. Depending on where you live, floods, tornados, hurricanes or earthquakes are a fact of life. Of course, man-made misery (e.g., viruses, tampering, sabotage) accounts for its share [...]
{ 0 comments }
Increasingly, data breaches are in the news. Reports of stolen desktops, lost jump drives, and misplaced laptops seem to show up constantly. If it seems that you are now hearing more about breaches than in years past, you are correct, and the HITECH Act is probably the major reason. One component of the privacy/security provisions [...]
{ 0 comments }
The newly proposed rules for EHR certification, referred to by ONC as Certification Criteria for Electronic Health Record Technology, 2014 Edition, contains a few pleasant surprises that bode well for EHR users. There are provider-friendly changes in how CEHRT is defined; a new security requirement that may help with data breaches; and comments on data [...]
{ 0 comments }
As someone starting a new software development project, I have a keen interest in ensuring that my product does not create HIPAA headaches for users. Complying with the Security Rule’s technical safeguards seemed like a good start, so I decided to review their implementation specifications while developing security requirements. The technical safeguards are covered in sections 164.312(a)-(e). They [...]
{ 2 comments }
Viruses, worms, and spyware are ever present. Protection is essential, but it is difficult to make sense of all the various products. Over the last six years, I have tried several: Norton, McAfee, MS Security Essentials, Zone Alarm, and AVG. Last month I switched to Webroot Secure Anywhere. Before settling on a security suite, I [...]
{ 0 comments }
Each of the three previous posts in this series addressed a different aspect of security: information security principles, HIPAA changes in the HITECH Act, and the components of the HIPAA security rule. The subject of this post is meaningful use objective 15, which states: Objective: Protect electronic health information created or maintained by the certified [...]
{ 0 comments }
The security rule was one of four provisions of the HIPAA law passed in 1996. The final compliance date for all covered entities was April 20, 2006. Unlike the privacy rule provision of HIPAA, the security rule applies only to protected health information in electronic form (ePHI). The security rule is independent of the EHR [...]
{ 0 comments }
Enacted in 1996, HIPAA has long been a source of irritation for healthcare organizations, but not much of a threat. In fact, until recently, being hit by lightning was far more likely than being punished for violating any of the rule’s privacy or security provisions. Naturally, many began to view HIPAA as a paper tiger. [...]
{ 0 comments }
The EHR Science Blog presents the musings of Jerome H. Carter, MD, CEO of NTM Informatics, Inc. He is also the editor of Electronic Health Records, Second Edition, published by the American College of Physicians.
Posts on this blog are the personal views of Dr. Carter and do not reflect the official policies or positions of the American College of Physicians.