170.314(e)(1) View, download, and transmit to 3rd party.



Similar documents
Eligible Professional Meaningful Use Core Measures Measure 7 of 17 Stage 2 Date issued: August, 2014

STANDARDS. MEANINGFUL USE 42 CFR 495.6(j)-(m) Stage 2 Objective Edition EHR CERTIFICATION CRITERIA 45 CFR

Drummond Group, Inc. Re: Price Transparency Attestation

Stage 2 Eligible Professional Meaningful Use Core Measures Measure 15 of 17 Last Updated: August, 2015

Certification Guidance for EHR Technology Developers Serving Health Care Providers Ineligible for Medicare and Medicaid EHR Incentive Payments

GE Healthcare Detailed Comments

TEST INSTRUCTIONS FOR CROSS VENDOR EXCHANGE TABLE OF CONTENTS

Implementing Consolidated-Clinical Document Architecture (C-CDA) for Meaningful Use Stage 2. ONC Implementation and Testing Division April 5, 2013

Stage 3/2015 Edition Health IT Certification Criteria Proposed Rules Overview May 11, 2015

Using Patient Portals to Achieve Meaningful Use Stage 2

Team # 1 Open EMR Certification Gap Analysis

AAP Meaningful Use: Certified EHR Technology Criteria

Eligible Professionals please see the document: MEDITECH Prepares You for Stage 2 of Meaningful Use: Eligible Professionals.

A. Provisions of the Proposed Rule affecting Standards, Implementation Specifications, Certification Criteria, and Definitions

HL7 and Meaningful Use

Stage 1 measures. The EP/eligible hospital has enabled this functionality

EHR Meaningful Use Guide

Health Information Exchange. Scalable and Affordable

Stage 1 measures. The EP/eligible hospital has enabled this functionality

TABLE B5: STAGE 2 OBJECTIVES AND MEASURES

MEETING MEANINGFUL USE IN MICROMD -STAGE TWO- Presented by: Anna Mrvelj EMR Training Specialist

MICROMD EMR VERSION OBJECTIVE MEASURE CALCULATIONS

The EP/eligible hospital has enabled this functionality. At least 80% of all unique patients. seen by the EP or admitted to the

meridianemr PATIENT PORTAL Release Notes

MicroMD EMR version 7.6

Stage 1 vs. Stage 2 Comparison Table for Eligible Hospitals and CAHs Last Updated: August, 2012

Office of the National Coordinator for Health IT Proposed Rule Public Comment Template

EMR Name/ Model. meridianemr 4.2 CCHIT 2011 certified

Meaningful Use Stage 2 Certification: A Guide for EHR Product Managers

Reporting Period: For Stage 2, the reporting period must be the entire Federal Fiscal Year.

Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

Meaningful Use of Certified EHR Technology with My Vision Express*

EHR Incentive Program Stage 3 Objectives & Measures Crosswalk of Stage 3 Proposed Objectives, Measures & Corresponding Stage 2 Measures

The Continuity of Care Document. Changing the Landscape of Healthcare Information Exchange

EHR Business Process Models for Care Coordination and MU

Enabling Patients Decision Making Power: A Meaningful Use Outcome. Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

uently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014)

Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013

THE STIMULUS AND STANDARDS. John D. Halamka MD

hospital s or CAH s inpatient or professional guidelines

ONC HIT Certification Program

SURVEY QUESTIONNAIRE 2013 AHA ANNUAL SURVEY INFORMATION TECHNOLOGY SUPPLEMENT

Achieving Meaningful Use with Centricity EMR

Test Procedure for (b)(6) Transmission of electronic laboratory tests and values/results to ambulatory providers inpatient setting only

TABLE 4: STAGE 2 MEANINGFUL USE OBJECTIVES AND ASSOCIATED MEASURES SORTED BY CORE AND MENU SET

EMR Name/ Model. Cerner PowerChart Ambulatory (PowerWorks ASP)

Agenda. What is Meaningful Use? Stage 2 - Meaningful Use Core Set. Stage 2 - Menu Set. Clinical Quality Measures (CQM) Clinical Considerations

STAGES 1 AND 2 REQUIREMENTS FOR MEETING MEANINGFUL USE OF EHRs 1

ONC HIT Certification Program

Medicaid EHR Incentive Program. Focus on Stage 2. Kim Davis-Allen, Outreach Coordinator

Attesting for Meaningful Use Stage 2 in 2014 Customer Help Guide

Work Product of the HITPC Meaningful Use Workgroup DRAFT Meaningful Use Stage 3 Recommendations

Meaningful Use Stage 2 MU Audits

HIE Ready 2.0 SPECIFICATIONS MATRIX. Product Name: Version Number: Preferred Message and Trigger

MEANINGFUL USE STAGE QUICK REFERENCE GUIDE

Meaningful Use and Dentrix Enterprise Lynne Hughston Regional Manager

HIE Services & Pricing

EHR Incentive Program Stage 2 Objectives Summary CORE OBJECTIVES (You must meet all objectives unless exclusion applies.)

Webinar #1 Meaningful Use: Stage 1 & 2 Comparison CPS 12 & UDS 2013

Meaningful Use Quick Guide

HIE Services & Pricing

HITECH MEANINGFUL USE

Transcription:

170.314(e)(1) View, download, and transmit to 3rd party. i. EHR technology must provide patients (and their authorized representatives) with an online means to view, download, and transmit to a 3rd party the data specified below. Access to these capabilities must be through a secure channel that ensures all content is encrypted and integrity-protected in accordance with the standard for encryption and hashing algorithms specified at 170.210(f). The patient portal is already HTTP Secure. The application should check for whether the request comes from browsers that support minimum AES 256, if else have to close the connection. 170.210(f) Encryption and hashing of electronic health information. Any encryption and hashing algorithm identified by the National Institute of and Technology (NIST) as an approved security function in Annex A of the FIPS Publication 140-2 http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf A. View. Electronically view in accordance with the standard adopted at 170.204(a), at a minimum, the following data: of MU2 dataset in the patient portal is marked in the tables available in the bottom of this document. s for Level A conformance of WCAG 2.0 are remaining 170.204 (a) Accessibility. Standard. Web Content Accessibility Guidelines (WCAG) 2.0, Level A Conformance (incorporated by reference in 170.299). Reference Links http://www-static.shell.com/content/dam/shell/static/usa/downloads/ footer/wcag-guidelines-1208.pdf http://www.w3.org/wai/wcag20/glance/wcag2-at-a-glance.pdf Partially Completed 1. The Common MU Data Set (which should be in their English (i.e., non-coded) representation if they associate with a vocabulary/code set). Care plan field(s), including goals and instructions is missing. (Refer Table 1: Common MU Data Set at the bottom of this document) http://wiki.siframework.org/file/view/mu2 Data Requirements.docx/360279112/MU2 Data Requirements.docx Partially Completed ZH Health Care, 2013 Page 1

2. Ambulatory setting only. Provider s name and office contact information. For remaining fields to be included in patient portal Refer Table2: Ambulatory or Inpatient Summary at the bottom of this document Partially Completed 3. Inpatient setting only. Admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization. B. Download 1. Electronically download an ambulatory summary or inpatient summary (as applicable to the EHR technology setting for which certification is requested) in human readable format or formatted according to the standard adopted at 170.205(a)(3) that includes, at a minimum, the following data (which, for the human readable version, should be in their English representation if they associate with a vocabulary/code set): Patient portal should have the option for downloading health information (that was viewed as part of the View ) in human readable format and in C-CDA format. Also one should be able to download ambulatory summary and transition care summary separately or together Reference Links Also the application should check for whether the download request comes from browsers that support minimum AES 256 170.205(a)(3) :. HL7 Implementation Guide for CDA Release 2: IHE Health Story Consolidation, The use of the unstructured document document-level template is prohibited. http://www.healthit.gov/sites/default/files/glidepath_hitsp_c83_to_ccda.pdf i. Ambulatory setting only. All of the data specified in paragraph (e)(1)(i)(a)(1) and (2) of this section. ii. Inpatient setting only. All of the data specified in paragraphs (e)(1)(i)(a)(1) and (3) of this section. 2. Inpatient setting only. Electronically download transition of care/referral summaries that ZH Health Care, 2013 Page 2

were created as a result of a transition of care (pursuant to the capability expressed in the certification criterion adopted at paragraph (b)(2) of this section). C. Transmit to third party. 1. Electronically transmit the ambulatory summary or inpatient summary (as applicable to the EHR technology setting for which certification is requested) created in paragraph (e) (1)(i)(B)(1) of this section in accordance with the standard specified in 170.202(a) Patient portal should have the option to transmit the health information through a secure channel (Patient portal have to be integrated with emrdirect) 170.202(a). : ONC Applicability Statement for Secure Health Transport http://www.himssehra.org/docs/ EHRAStage2SecureHealthTransportCertificationandMeaningfulUse.pdf. 2. Inpatient setting only. Electronically transmit transition of care/referral summaries (as a result of a transition of care/referral) selected by the patient (or their authorized representative) in accordance with the standard specified in 170.202(a). ii. Activity history log. A. When electronic health information is viewed, downloaded, or transmitted to a third-party using the capabilities included in paragraphs (e)(1)(i)(a) through (C) of this section, the following information must be recorded and made accessible to the patient: Open EMR should keep log of every single action (with health information of a patient) (view/download and transmit) along with the date and time and the user s (who does the action) information. The same log should be made available through the patient portal. ZH Health Care, 2013 Page 3

170.210(g): Synchronized clocks. The date and time recorded utilize a system clock that has been synchronized following (RFC 1305) Network Time Protocol, (incorporated by reference in 170.299) or (RFC 5905) Network Time Protocol Version 4, (incorporated by reference in 170.299). (g) Synchronized clocks. The date and time recorded utilize a system clock that has been synchronized following (RFC 1305) Network Time Protocol, (incorporated by reference in 170.299) or (RFC 5905) Network Time Protocol Version 4, http://www.rfc-base.org/txt/rfc-1305.txt 1. The action(s) (i.e., view, download, transmission) that occurred; 2. The date and time each action occurred in accordance with the standard specified at 170.210(g); and 3. The user who took the action. B. EHR technology presented for certification may demonstrate compliance with paragraph (e)(1)(ii)(a) of this section if it is also certified to the certification criterion adopted at 170.314(d)(2) and the information required to be recorded in paragraph (e)(1)(ii)(a) is accessible by the patient. 170.314(d)(2)(i)(A) : The OpenEMR should record actions on patient data with the following data Date and Time of Event, Patient Identification, User Identification, Access Device (optional), Type of Action (additions, deletions, changes, queries, print, copy), Identification of the Patient Data that is Accessed(optional). And also this data should be made available to patient portal 170.314(d)(2)(i)(B): In OpenEMR an additional type of log should be kept in audit log table to keep track while each time audit log is enabled or disabled While completing 170.314(d)(2)(i), the requirement in 170.314(d)(2)(ii) will be met, but should make verify the same OpenEMR is already conformance to 170.314(d)(2)(iii), 170.314(d)(2) (iv) and 170.314(d)(2)(v) ZH Health Care, 2013 Page 4

170.314(d)(2) Auditable events and tamper-resistance. (i) Record actions. EHR technology must be able to: (A) Record actions related to electronic health information in accordance with the standard specified in 170.210(e)(1); (B) Record the audit log status (enabled or disabled) in accordance with the standard specified in 170.210(e)(2) unless it cannot be disabled by any user; and (C) Record the encryption status (enabled or disabled) of electronic health information locally stored on end-user devices by EHR technology in accordance with the standard specified in 170.210(e)(3) unless the EHR technology prevents electronic health information from being locally stored on end-user devices (see 170.314(d)(7) of this section). (ii) Default setting. EHR technology must be set by default to perform the capabilities specified in paragraph (d)(2)(i)(a) of this section and, where applicable, paragraphs (d)(2)(i)(b) or (d)(2)(i)(c), or both paragraphs (d)(2)(i)(b) and (C). (iii) When disabling the audit log is permitted. For each capability specified in paragraphs (d)(2)(i)(a), (B), and (C) of this section that EHR technology permits to be disabled, the ability to do so must be restricted to a limited set of identified users. (iv) Audit log protection. Actions and statuses recorded in accordance with paragraph (d)(2)(i) must not be capable of being changed, overwritten, or deleted by the EHR technology. (v) Detection. EHR technology must be able to detect whether the audit log has been altered. 170.210 for health information technology to protect electronic health information created, maintained, and exchanged. The Secretary adopts the following standards to protect electronic health information created, maintained, and exchanged: (e)(1) Record actions related to electronic health information, audit log status, and encryption of end-user devices. (i) The audit log must record the information specified in sections 7.2 through 7.4, 7.6, and 7.7 of the standard specified at 170.210(h) when EHR technology is in use. (ii) The date and time must be recorded in accordance with the tandard specified at 170.210(g). (e)(2) (i) The audit log must record the information specified in sections 7.2 and 7.4 of the standard specified at 170.210(h) when the audit log status is changed. (ii) The date and time each action occurs in accordance with the standard specified at 170.210(g). (e)(3)the audit log must record the information specified in sections 7.2 and 7.4 of the standard specified at 170.210(h) when the encryption status of electronic health information locally stored by EHR technology on end-user devices is changed. The date and time each action occurs in accordance with the standard specified at 170.210(g). (g) Synchronized clocks. The date and time recorded utilize a system clock that has been synchronized following (RFC 1305) Network Time Protocol, (incorporated by reference in 170.299) or (RFC 5905) Network Time Protocol Version 4, (incorporated by reference in 170.299). (h) Audit log content. ASTM E2147-01 (Reapproved 2009), ZH Health Care, 2013 Page 5

http://healthcaresecprivacy.blogspot.in/2012/09/meaningful-use-stage- 2-audit-logging.html Note: : stands for forms/fields that are already available with current patient portal N : for those are not available NA : Not applicable Table 1: Common MU Data Set Common MU Data Set Consolidated CDA Patient Portal Page Template Patient Name General Header Profile/Who Sex General Header Profile/Who Date of Birth General Header Profile/Who Race General Header Profile/Stats Ethnicity General Header Profile/Stats Preferred language General Header Profile/Stats Smoking Social History Section Smoking Observation Entry Problems Problem Section Med records/ CCR/Problems Medication List Medications (entries required) Section Med records/ CCR/Medications Hospital Discharge Medications Section Medication Allergies Allergies (entries required) Section Laboratory test(s) Plan of Care Section Plan of Care Activity Observation Entry Med records/ CCR/Alerts Med records/ CCR/Results from procedures Laboratory value(s)/result(s) Results (entries required) Section Med records/ CCR/Results from procedures Vital signs height, weight, blood pressure, BMI Vital Signs Section ZH Health Care, 2013 Page 6

Care plan field(s), including goals and instructions Plan of Care Section N Procedures Procedures (entries required) Section Med records/ CCR/Results from procedures Care team member(s) General Header Profile/Choices Table2: Ambulatory or Inpatient Summary Data Requirements Dates and Location of Admission and Discharge- Inpatient Only Consolidated CDA Template General Header NA Patient Portal Page Discharge Instructions- Inpatient Only Hospital Discharge Instructions Section NA Provider Name and Office Contact Information- Ambulatory Only General Header Profile/Choices Reason for Hospitalization- Inpatient Only Reason for Visit and/or Chief Complaint Section(s) NA ZH Health Care, 2013 Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information