ehr onc final certification - Department of Health Care Services
ehr onc final certification - Department of Health Care Services
ehr onc final certification - Department of Health Care Services
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Comment. One commenter suggested that adverse events be reported to public<br />
health agencies.<br />
Response. Our <strong>certification</strong> criterion does not preclude other types <strong>of</strong> reportable<br />
events from occurring. Presently, we do not believe that it is appropriate to modify the<br />
<strong>certification</strong> criterion to explicitly refer to adverse events.<br />
Comment. One commenter recommended that because some public health<br />
agencies do not have the ability to receive public health surveillance information in<br />
electronic format, we should clarify that this <strong>certification</strong> criterion is limited to verifying<br />
the ability <strong>of</strong> the system to record, modify, retrieve, and submit such information based<br />
on at least one test <strong>of</strong> these capabilities.<br />
Response. We reiterate, that the purpose <strong>of</strong> <strong>certification</strong> is to verify that a<br />
Complete EHR or EHR Module can perform these capabilities. That should not be<br />
construed to mean that an eligible pr<strong>of</strong>essional or eligible hospital is exempt from using<br />
Certified EHR Technology to meet the meaningful use objective and measure.<br />
Comment. A commenter recommended including the word “modify” in the<br />
<strong>certification</strong> criterion.<br />
Response. Consistent with our rationale above, we have added the word modify to<br />
the <strong>certification</strong> criterion.<br />
§170.302(o) - Access control<br />
Meaningful Use Stage 1<br />
Objective<br />
Protect electronic health<br />
information created or<br />
maintained by the<br />
certified EHR technology<br />
through the<br />
implementation <strong>of</strong><br />
appropriate technical<br />
capabilities<br />
Meaningful Use Stage 1<br />
Measure<br />
Conduct or review a<br />
security risk analysis per 45<br />
CFR 164.308 (a)(1) and<br />
implement security updates<br />
as necessary and correct<br />
identified security<br />
deficiencies as part <strong>of</strong> its<br />
risk management process<br />
Page 100 <strong>of</strong> 228<br />
Certification Criterion<br />
Interim Final Rule Text:<br />
Access control. Assign a unique name and/or<br />
number for identifying and tracking user<br />
identity and establish controls that permit only<br />
authorized users to access electronic health<br />
information.<br />
Final Rule Text:<br />
§170.302(o)