ehr onc final certification - Department of Health Care Services
ehr onc final certification - Department of Health Care Services ehr onc final certification - Department of Health Care Services
(l) Public health surveillance. Electronically record, modify, retrieve, and submit syndrome-based public health surveillance information in accordance with the standard (and applicable implementation specifications) specified in §170.205(d)(1) or §170.205(d)(2). (m) Patient-specific education resources. Enable a user to electronically identify and provide patient-specific education resources according to, at a minimum, the data elements included in the patient’s: problem list; medication list; and laboratory test results; as well as provide such resources to the patient. (n) Automated measure calculation. For each meaningful use objective with a percentage-based measure, electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage associated with each applicable meaningful use measure. (o) Access control. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information. (p) Emergency access. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency. (q) Automatic log-off. Terminate an electronic session after a predetermined time of inactivity. (r) Audit log. (1)—Record actions. Record actions related to electronic health information in accordance with the standard specified in §170.210(b). Page 218 of 228
(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at §170.210(b). (s) Integrity. (1) Create a message digest in accordance with the standard specified in §170.210(c). (2) Verify in accordance with the standard specified in §170.210(c) upon receipt of electronically exchanged health information that such information has not been altered. (3) Detection. Detect the alteration of audit logs. (t) Authentication. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information. (u) General encryption. Encrypt and decrypt electronic health information in accordance with the standard specified in §170.210(a)(1), unless the Secretary determines that the use of such algorithm would pose a significant security risk for Certified EHR Technology. (v) Encryption when exchanging electronic health information. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in §170.210(a)(2). (w) Optional. Accounting of disclosures. Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in §170.210(d). §170.304 Specific certification criteria for Complete EHRs or EHR Modules designed for an ambulatory setting. Page 219 of 228
- Page 167 and 168: Response. We disagree, as doing so
- Page 169 and 170: Dental Terminology as a condition o
- Page 171 and 172: However, we do not preclude Complet
- Page 173 and 174: ability of CCD and CCR to support t
- Page 175 and 176: ability to receive these reports. M
- Page 177 and 178: commenters acknowledged and express
- Page 179 and 180: a meaningful use objective they wou
- Page 181 and 182: CMS and ONC had worked together to
- Page 183 and 184: The eligible professional or eligib
- Page 185 and 186: EHR technology with the needs of us
- Page 187 and 188: The RFA requires agencies to analyz
- Page 189 and 190: values seemed low and that the gap
- Page 191 and 192: commenter provided), our assumption
- Page 193 and 194: absolute low we estimated for a per
- Page 195 and 196: number of previously CCHIT-certifie
- Page 197 and 198: for Certification Low High Page 197
- Page 199 and 200: Finally, the third type of cost we
- Page 201 and 202: 2012 15% $10.10 $30.80 $20.45 3-Yea
- Page 203 and 204: The RFA requires agencies to analyz
- Page 205 and 206: The Office of Management and Budget
- Page 207 and 208: The standards and implementation sp
- Page 209 and 210: The Secretary adopts the following
- Page 211 and 212: any edition other than that specifi
- Page 213 and 214: (e) Regenstrief Institute, Inc., LO
- Page 215 and 216: 4. Revise subpart C to read as foll
- Page 217: smoker; current some day smoker; fo
- Page 221 and 222: (3) Medication allergy list; (4) De
- Page 223 and 224: §170.205(a)(1) or §170.205(a)(2).
- Page 225 and 226: (d) Electronic copy of health infor
- Page 227 and 228: specifications) specified in §170.
(2) Generate audit log. Enable a user to generate an audit log for a specific time<br />
period and to sort entries in the audit log according to any <strong>of</strong> the elements specified in<br />
the standard at §170.210(b).<br />
(s) Integrity. (1) Create a message digest in accordance with the standard specified in<br />
§170.210(c).<br />
(2) Verify in accordance with the standard specified in §170.210(c) upon receipt <strong>of</strong><br />
electronically exchanged health information that such information has not been<br />
altered.<br />
(3) Detection. Detect the alteration <strong>of</strong> audit logs.<br />
(t) Authentication. Verify that a person or entity seeking access to electronic health<br />
information is the one claimed and is authorized to access such information.<br />
(u) General encryption. Encrypt and decrypt electronic health information in accordance<br />
with the standard specified in §170.210(a)(1), unless the Secretary determines that the<br />
use <strong>of</strong> such algorithm would pose a significant security risk for Certified EHR<br />
Technology.<br />
(v) Encryption when exchanging electronic health information. Encrypt and decrypt<br />
electronic health information when exchanged in accordance with the standard<br />
specified in §170.210(a)(2).<br />
(w) Optional. Accounting <strong>of</strong> disclosures. Record disclosures made for treatment,<br />
payment, and health care operations in accordance with the standard specified in<br />
§170.210(d).<br />
§170.304 Specific <strong>certification</strong> criteria for Complete EHRs or EHR Modules<br />
designed for an ambulatory setting.<br />
Page 219 <strong>of</strong> 228