ehr onc final certification - Department of Health Care Services
ehr onc final certification - Department of Health Care Services
ehr onc final certification - Department of Health Care Services
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Page 101 <strong>of</strong> 228<br />
Unchanged<br />
Comment. One commenter explicitly noted its support for this <strong>certification</strong><br />
criterion. We received other comments that included some mention <strong>of</strong> “access” but did<br />
not expressly focus on the <strong>certification</strong> criterion or provide any related suggestions or<br />
recommendations.<br />
Response. We appreciate the comment supporting this <strong>certification</strong> criterion.<br />
This <strong>certification</strong> criterion remains unchanged from the <strong>certification</strong> criterion adopted in<br />
the Interim Final Rule.<br />
§170.302(p) - Emergency access<br />
Meaningful Use Stage 1<br />
Objective<br />
Protect electronic health<br />
information created or<br />
maintained by the<br />
certified EHR technology<br />
through the<br />
implementation <strong>of</strong><br />
appropriate technical<br />
capabilities<br />
Meaningful Use Stage 1<br />
Measure<br />
Conduct or review a security<br />
risk analysis per 45 CFR<br />
164.308 (a)(1) and<br />
implement security updates<br />
as necessary and correct<br />
identified security<br />
deficiencies as part <strong>of</strong> its risk<br />
management process<br />
Certification Criterion<br />
Interim Final Rule Text:<br />
Emergency access. Permit authorized users<br />
(who are authorized for emergency<br />
situations) to access electronic health<br />
information during an emergency.<br />
Final Rule Text:<br />
§170.302(p)<br />
Unchanged<br />
Comment. One commenter asked that we clarify the circumstances that would<br />
qualify as an “emergency” and further clarify whether compliance with this <strong>certification</strong><br />
criterion is intended to pre-empt conflicting or stricter state laws that may limit this type<br />
<strong>of</strong> access or require patient consent. Further, the commenter questioned whether we were<br />
implying that some authorized users <strong>of</strong> Certified EHR Technology would not be<br />
authorized for emergency situations or whether we intended for any authorized user to be<br />
entitled to access in an emergency situation. Finally, another commenter requested<br />
clarification as to whether emergency access is driven by organizational policies and<br />
whether capturing such access in an audit log is appropriate.