Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interim Final Rule on Data Standards and Certification Criteria DRAFT – WORK IN PROGRESS (11/4/09)

Published byKeshawn Tibbals Modified over 10 years ago

Similar presentations

Presentation on theme: "Interim Final Rule on Data Standards and Certification Criteria DRAFT – WORK IN PROGRESS (11/4/09)"— Presentation transcript:

1 Interim Final Rule on Data Standards and Certification Criteria DRAFT – WORK IN PROGRESS (11/4/09)

2 Principles that Guide Certification Criteria and Standards Certification Criteria – Assure providers that EHR can support Meaningful Use – Key capabilities that can be tested objectively – Minimal set -- supports innovation Standards – Incrementally build the capacity (progressive) – Recognize common methods for secure transport – Push industry to adopt specific terminologies – Require strong security functionality, but allow future industry advances to satisfy requirements 2

3 Illustrative Crosswalk 3 Meaningful Use Objectives Meaningful Use Objectives Certification Criteria Standards E-Rx Capability to E-Rx must be included NCPDP SCRIPT 8.1/10.6 must be used NCPDP SCRIPT 8.1/10.6 must be used Provide Patient Summary Record Capability to electronically transmit a patient summary record must be included Continuity of Care Document (CCD) or Continuity of Care Record (CCR) must be used plus vocabulary standards Electronically Submit Data to Immunization Registries Capability to electronically transmit immunization data must be included HL7 2.5.1 or HL7 2.3.1 and CVX Code Set HL7 2.5.1 or HL7 2.3.1 and CVX Code Set

4 Organization of the IFR 4 Initial set of standards are organized into four categories as recommended by HIT Policy and Standards Committees: Content Exchange Standards (i.e., standards used to share clinical information such as clinical summaries, prescriptions, and structured electronic documents); Vocabulary Standards (i.e., standard nomenclature used to describe clinical problems and procedures, medications, and allergies); Transport Standards (i.e., standards used to establish the communication protocol between systems); and Privacy and Security Standards (e.g., authentication, access control, transmission security – encryption) which relate to and span across all of the other types of standards.

5 Interim Standards 5 AreaHIT Standards Cmte recommendations Stage 1/2011Current IFR Stage 2/2013 Content Exchange or Package Patient summary data packageCCD, CDA template, or HL7 2.5.1 CCD or CCRAlternatives expected to be narrowed based on HIT Stds Committee recommendations E-prescribing data packageNCPDP SCRIPT 8.1/10.6 NCPDP SCRIPT 10.6 Lab data reporting to public health agencies package HL7 2.5.1 Potentially newer versions, based on HIT Stds Cmte Recommendations Administrative data packageX12 4010A1 and NCPDP 5.1 and CAQH CORE X12 5010 and NCPDP D.0 and CAQH CORE Public Health Surveillance and Reporting HL7 2.3.1., HL7 2.5.1 Potentially newer versions, based on HIT Stds Cmte recommendations Immunization Reporting to registriesHL7 2.3.1, HL7 2.5.1 Potentially newer versions, based on HIT Stds Cmte recommendations Quality ReportingCMS CDA and respective template lib. specifications CMS PQRICMS CDA and respective template library specifications

6 Interim Standards 6 AreaHIT Standards Cmte recommendations Stage 1/2011Current IFR Stage 2/2013 Vocabulary (codify content) Problem ListSNOMED CT or ICD-9 SNOMED CT or ICD-10 ProceduresCPT-4 or ICD-9 CPT-4 or ICD-10 Vital SignsLocal or proprietary codes or candidate Stage 2 standard No specific standard specifiedCDA template Units of MeasureLocal or proprietary codes or candidate Stage 2 standard No specific standard specifiedUCUM Medication AllergiesLocal or proprietary codes or candidate Stage 2 standard No specific standard specifiedUNII Medication ListsLocal or proprietary codes or candidate Stage 2 standard Any code set by an RxNorm drug data source provider that is identified by NLM as being a complete data set integrated within RxNorm RxNorm Lab Orders and ResultsLocal or proprietary codes or candidate Stage 2 standard Ability to accept LOINC codesLOINC Electronic PrescribingLocal or proprietary codes or candidate Stage 2 standard Any code set by an RxNorm drug data source provider that is identified by NLM as being a complete data set integrated within RxNorm RxNorm Public Health Surveillance or ReportingAccording to applicable public health agency requirements GISPE or according to applicable public health agency requirements ImmunizationsCVX

7 Interim Standards 7 Area HIT Standards Cmte recommendations Stage 1/2011 Current IFR Stage 2/2013 Transport, Security, and Privacy - 1 TransportREST or SOAP Future standards TBD by HIT Stds Committee Encryption and Decryption of Electronic Health Information at Rest FIPS 197 Advanced Encryption Standard, (AES), Nov 2001* A symmetric 128 bit fixed-block cipher algorithm capable of using a 128, 192, or 256 bit encryption key must be used (e.g., FIPS 197 Advanced Encryption Standard, (AES), Nov 2001). Future standards TBD by HIT Stds Committee Encryption and Decryption of Electronic Health Information for Exchange IETF Transport Layer Security (TLS) Protocol: RFC 2246, RFC 3546 An encrypted and integrity protected link must be implemented (e.g., TLS, IPv6, IPv4 with IPsec). Future standards TBD by HIT Stds Committee Record and Examine Activity in Information Systems that Contain or Use Electronic Health Information (audit log)  IHE ITI-TF Revision 4.0 or later, Audit Trail and Node Authentication (ATNA) Integration Profile; and  ASTM E2147, Section 7 The date, time, patient identification (name or number), and user identification (name or number) must be recorded when electronic health information is created, modified, deleted, or printed. An indication of which action(s) occurred must also be recorded (e.g., modification). * Already published in HHS guidance regarding breach notification as a safe harbor (i.e., if you encrypt using this standard, and you have a breach, you don’t need to report it)

8 Interim Standards 8 Area HIT Standards Cmte recommendations Stage 1/2011 Current IFR Stage 2/2013 Transport, Security, and Privacy (cont) Corroborate that Electronic Health Information Has Not Been Altered or Destroyed in Transit FIPS PUB 180-2 with change notice to include SHA-224. 1 August, 2002. SHA-2 Family (SHA-1 excluded) A secure hashing algorithm must be used to verify that electronic health information has not been altered in transit. The secure hash algorithm used must be SHA-1 or higher (e.g., Federal Information Processing Standards (FIPS) Publication (PUB) Secure Hash Standard (SHS) FIPS PUB 180-3). Future standards TBD by HIT Stds Committee Authentication  IHE ITI-TF Revision 5.0 or later, Enterprise User Authentication (EUA) Profile; and  IHE ITI-TF Volume 2 Supplement 2007-2008 Cross Enterprise User Assertion (XUA) Use of a cross-enterprise secure transaction that contains sufficient identity information such that the receiver can make access control decisions and produce detailed and accurate security audit trails (e.g., IHE Cross Enterprise User Assertion (XUA) with SAML identity assertions). Future standards TBD by HIT Stds Committee Record Treatment, Payment, and Health Care Operations Disclosures  IHE ITI-TF Revision 4.0 or later, Audit Trail and Node Authentication (ATNA) Integration Profile; and  ASTM E2147, Section 8 The date, time, patient identification (name or number), user identification (name or number), and a description of the disclosure must be recorded. Future standards TBD by HIT Stds Committee

9 Building the Foundation for Certified EHR Technology 9

10 Questions? 10

Download ppt "Interim Final Rule on Data Standards and Certification Criteria DRAFT – WORK IN PROGRESS (11/4/09)"

Similar presentations

Meaningful Use and Health Information Exchange

Meaningful Use and Health Information Exchange
1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.
Dedicated to Hope, Healing and Recovery 0 Dec 2009 Interim/Proposed Rules Meaningful Use, Quality Reporting & Interoperability Standards January 10, 2010.

Dedicated to Hope, Healing and Recovery 0 Dec 2009 Interim/Proposed Rules Meaningful Use, Quality Reporting & Interoperability Standards January 10, 2010.
IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.

IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
INTERNATIONAL HEALTHCARE STANDARDS LANDSCAPE

INTERNATIONAL HEALTHCARE STANDARDS LANDSCAPE
ARRA Meaningful Use Update Mount Auburn Hospital Information Systems Update March 2011.

ARRA Meaningful Use Update Mount Auburn Hospital Information Systems Update March 2011.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
1 Sep 15Fall 05 Standards in Medical Informatics Standards Nomenclature Terminologies Vocabularies.

1 Sep 15Fall 05 Standards in Medical Informatics Standards Nomenclature Terminologies Vocabularies.
2014 Certification Criteria associated with MU Menu Stage 2: 2014 Certification Criteria associated with MU Core Stage 2: 2014 Certification Criteria associated.

2014 Certification Criteria associated with MU Menu Stage 2: 2014 Certification Criteria associated with MU Core Stage 2: 2014 Certification Criteria associated.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
Presented By LeRoy Jones – Chief Executive January, 2011 1.

Presented By LeRoy Jones – Chief Executive January,
Companion Guide to HL7 Consolidated CDA for Meaningful Use Stage 2

Companion Guide to HL7 Consolidated CDA for Meaningful Use Stage 2
The Standards Rule and the NPRM for Meaningful Use John D. Halamka MD.

The Standards Rule and the NPRM for Meaningful Use John D. Halamka MD.
HITSP: Where we’ve been Where we are and Where we’re going John D. Halamka MD.

HITSP: Where we’ve been Where we are and Where we’re going John D. Halamka MD.
August 12, 20151 Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.

August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
2010 UBO/UBU Conference Health Budgets & Financial Policy Briefing: ARRA ARRAn't You Going to Make Some Changes Too? Date: 23 March 2010 Time: 1010–1100.

2010 UBO/UBU Conference Health Budgets & Financial Policy Briefing: ARRA ARRAn't You Going to Make Some Changes Too? Date: 23 March 2010 Time: 1010–1100.
Meaningful Use Measures. Reporting Time Periods Reporting Period for 1 st year of MU (Stage 1) 90 consecutive days within the calendar year Reporting.

Meaningful Use Measures. Reporting Time Periods Reporting Period for 1 st year of MU (Stage 1) 90 consecutive days within the calendar year Reporting.
The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.

The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.

Similar presentations

Ads by Google