Explorations in the Design and Implementation of Clinical Information Systems
Increasingly, data breaches are in the news. Reports of stolen desktops, lost jump drives, and misplaced laptops seem to show up constantly. If it seems that you are now hearing more about breaches than in years past, you are correct, and the HITECH Act is probably the major reason. One component of the privacy/security provisions [...]
{ 0 comments }
As someone starting a new software development project, I have a keen interest in ensuring that my product does not create HIPAA headaches for users. Complying with the Security Rule’s technical safeguards seemed like a good start, so I decided to review their implementation specifications while developing security requirements. The technical safeguards are covered in sections 164.312(a)-(e). They [...]
{ 2 comments }
Each of the three previous posts in this series addressed a different aspect of security: information security principles, HIPAA changes in the HITECH Act, and the components of the HIPAA security rule. The subject of this post is meaningful use objective 15, which states: Objective: Protect electronic health information created or maintained by the certified [...]
{ 0 comments }
The security rule was one of four provisions of the HIPAA law passed in 1996. The final compliance date for all covered entities was April 20, 2006. Unlike the privacy rule provision of HIPAA, the security rule applies only to protected health information in electronic form (ePHI). The security rule is independent of the EHR [...]
{ 0 comments }
Enacted in 1996, HIPAA has long been a source of irritation for healthcare organizations, but not much of a threat. In fact, until recently, being hit by lightning was far more likely than being punished for violating any of the rule’s privacy or security provisions. Naturally, many began to view HIPAA as a paper tiger. [...]
{ 0 comments }
Information security is not a glamorous topic. However, HIPAA (1) has made it an unavoidable concern for those who use healthcare information systems. Unfortunately, this very important topic is often presented in a way that is difficult to understand unless one is a security professional. My goal in this series of posts is to make [...]
{ 0 comments }
Recently, I had the pleasure of speaking to a group of primary care physicians about meaningful use (MU) and the EHR incentive programs. The questions they asked made it obvious that there remains a good deal of misunderstanding about what is required to comply with meaningful use objectives. It was also clear from their comments [...]
{ 1 comment }
A few weeks ago, I called a junk removal company to clean out my attic. I was surprised to find so many old computers buried under mounds of old magazines and clothing. I found four laptops (one Toshiba that I cannot recall ever using); four desktops (including a Macintosh II from 1987, a Macintosh Performa [...]
{ 0 comments }
The EHR Science Blog presents the musings of Jerome H. Carter, MD, CEO of NTM Informatics, Inc. He is also the editor of Electronic Health Records, Second Edition, published by the American College of Physicians.
Posts on this blog are the personal views of Dr. Carter and do not reflect the official policies or positions of the American College of Physicians.