ehr onc final certification - Department of Health Care Services

10.08.2013 Views
(l) Public health surveillance. Electronically record, modify, retrieve, and submit syndrome-based public health surveillance information in accordance with the standard (and applicable implementation specifications) specified in §170.205(d)(1) or §170.205(d)(2). (m) Patient-specific education resources. Enable a user to electronically identify and provide patient-specific education resources according to, at a minimum, the data elements included in the patient’s: problem list; medication list; and laboratory test results; as well as provide such resources to the patient. (n) Automated measure calculation. For each meaningful use objective with a percentage-based measure, electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage associated with each applicable meaningful use measure. (o) Access control. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information. (p) Emergency access. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency. (q) Automatic log-off. Terminate an electronic session after a predetermined time of inactivity. (r) Audit log. (1)—Record actions. Record actions related to electronic health information in accordance with the standard specified in §170.210(b). Page 218 of 228

(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at §170.210(b). (s) Integrity. (1) Create a message digest in accordance with the standard specified in §170.210(c). (2) Verify in accordance with the standard specified in §170.210(c) upon receipt of electronically exchanged health information that such information has not been altered. (3) Detection. Detect the alteration of audit logs. (t) Authentication. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information. (u) General encryption. Encrypt and decrypt electronic health information in accordance with the standard specified in §170.210(a)(1), unless the Secretary determines that the use of such algorithm would pose a significant security risk for Certified EHR Technology. (v) Encryption when exchanging electronic health information. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in §170.210(a)(2). (w) Optional. Accounting of disclosures. Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in §170.210(d). §170.304 Specific certification criteria for Complete EHRs or EHR Modules designed for an ambulatory setting. Page 219 of 228

Page 1 and 2: DEPARTMENT OF HEALTH AND HUMAN SERV

Page 3 and 4: HHS Department of Health and Human

Page 5 and 6: 5. Definition of Qualified EHR 6. D

Page 7 and 8: technology. Section 3004(b)(1) of t

Page 9 and 10: esolve identified technical challen

Page 11 and 12: Some commenters appear to have misi

Page 13 and 14: efficiencies and desired quality im

Page 15 and 16: codes must be used “inside” an

Page 17 and 18: not necessarily have applied to our

Page 19 and 20: 3. Definition of Implementation Spe

Page 21 and 22: program established by the National

Page 23 and 24: criteria adopted by the Secretary a

Page 25 and 26: Comment. In the context of the defi

Page 27 and 28: y the certification criteria for a

Page 29 and 30: commenters asked whether we meant t

Page 31 and 32: adopted by the Secretary. The secon

Page 33 and 34: Response. We would like to make cle

Page 35 and 36: Response. In the Interim Final Rule

Page 37 and 38: could be a health care professional

Page 39 and 40: standard for certain purposes. In s

Page 41 and 42: e voluntary and would not be requir

Page 43 and 44: already existing regulatory require

Page 45 and 46: setting). We also include, where ap

Page 47 and 48: clarification on why the number of

Page 49 and 50: more clearly specify this capabilit

Page 51 and 52: Response. While we do not require t

Page 53 and 54: that check, the functionality show

Page 55 and 56: Response. The comments are correct

Page 57 and 58: enable the user to electronically r

Page 59 and 60: longitudinal care, or whether the E

Page 61 and 62: EHR and EHR Module developers to pr

Page 63 and 64: suggestions for different age range

Page 65 and 66: Record smoking status for patients

Page 67 and 68: 23) during the EHR reporting period

Page 69 and 70: laboratory test results are receive

Page 71 and 72: commenters reasoned that because a

Page 73 and 74: laboratory test results to be elect

Page 75 and 76: or outreach Generate patient lists.

Page 77 and 78: months). We believe that these revi

Page 79 and 80: that the PQRI 2009 Registry XML spe

Page 81 and 82: To better align this certification

Page 83 and 84: the capability specified by the cer

Page 85 and 86: vendors were unwilling or unable to

Page 87 and 88: the concerns expressed by some comm

Page 89 and 90: Page 89 of 228 electronically compa

Page 91 and 92: (1) The standard (and applicable im

Page 93 and 94: for the purposes of demonstrating c

Page 95 and 96: Guide for Immunization Messaging Re

Page 97 and 98: Response. We clarify for commenters

Page 99 and 100: serve as a limiting factor, however

Page 101 and 102: Page 101 of 228 Unchanged Comment.

Page 103 and 104: Comment. One commenter suggested th

Page 105 and 106: Response. We appreciate the thought

Page 107 and 108: Complete EHRs or EHR Modules design

Page 109 and 110: Response. We disagree. As stated ab

Page 111 and 112: Response. As discussed above, we ha

Page 113 and 114: SHA-1 and other secure hash algorit

Page 115 and 116: misinterpreted our example and stat

Page 117 and 118: Other commenters also expressed con

Page 119 and 120: eferenced in FIPS 140-2 Annex A, wh

Page 121 and 122: of the most secure encryption algor

Page 123 and 124: the disclosure was made (recipient)

Page 125 and 126: Use CPOE for medication orders dire

Page 127 and 128: equire EHRs to build custom interfa

Page 129 and 130: esult, we do not believe that this

Page 131 and 132: was needed before RxNorm could be a

Page 133 and 134: • MDDB - Medi-Span Master Drug Da

Page 135 and 136: Response. We do not believe that it

Page 137 and 138: Send reminders to patients per pati

Page 139 and 140: specified data elements and CMS’s

Page 141 and 142: what would qualify as a "response."

Page 143 and 144: Comment. A commenter recommended th

Page 145 and 146: in accordance with one of the adopt

Page 147 and 148: Comments. Many commenters suggested

Page 149 and 150: flexibility in this certification c

Page 151 and 152: productive, confusing, time-consumi

Page 153 and 154: include in this initial set. Accord

Page 155 and 156: to the HITSP C32 implementation spe

Page 157 and 158: Response. Again, we do not believe

Page 159 and 160: e achieved without these and recomm

Page 161 and 162: electronically record, store, retri

Page 163 and 164: EHRs and EHR Modules designed for a

Page 165 and 166: §170.205(a)(2)(iii); and (v) The s

Page 167 and 168: Response. We disagree, as doing so

Page 169 and 170: Dental Terminology as a condition o

Page 171 and 172: However, we do not preclude Complet

Page 173 and 174: ability of CCD and CCR to support t

Page 175 and 176: ability to receive these reports. M

Page 177 and 178: commenters acknowledged and express

Page 179 and 180: a meaningful use objective they wou

Page 181 and 182: CMS and ONC had worked together to

Page 183 and 184: The eligible professional or eligib

Page 185 and 186: EHR technology with the needs of us

Page 187 and 188: The RFA requires agencies to analyz

Page 189 and 190: values seemed low and that the gap

Page 191 and 192: commenter provided), our assumption

Page 193 and 194: absolute low we estimated for a per

Page 195 and 196: number of previously CCHIT-certifie

Page 197 and 198: for Certification Low High Page 197

Page 199 and 200: Finally, the third type of cost we

Page 201 and 202: 2012 15% $10.10 $30.80 $20.45 3-Yea

Page 203 and 204: The RFA requires agencies to analyz

Page 205 and 206: The Office of Management and Budget

Page 207 and 208: The standards and implementation sp

Page 209 and 210: The Secretary adopts the following

Page 211 and 212: any edition other than that specifi

Page 213 and 214: (e) Regenstrief Institute, Inc., LO

Page 215 and 216: 4. Revise subpart C to read as foll

Page 217: smoker; current some day smoker; fo

Page 221 and 222: (3) Medication allergy list; (4) De

Page 223 and 224: §170.205(a)(1) or §170.205(a)(2).

Page 225 and 226: (d) Electronic copy of health infor

Page 227 and 228: specifications) specified in §170.

certification

commenters

certified

criterion

commenter

eligible

electronic

meaningful

specified

criteria

dhss.alaska.gov

ehr onc final certification - Department of Health Care Services

ehr onc final certification - Department of Health Care Services ... View more ehr onc final certification - Department of Health Care Services

Delete template?

Save as template ?

ehr onc final certification - Department of Health Care Services ehr onc final certification - Department of Health Care Services