Will MU Objectives Advance Privacy, Security?

Nov. 3, 2011
At the first meeting of the Health IT Policy Committee following the July 13 publication of the meaningful use Stage 1 final rule, most of the

At the first meeting of the Health IT Policy Committee following the July 13 publication of the meaningful use Stage 1 final rule, most of the members praised the Office of the National Coordinator for Health IT and the Centers for Medicare and Medicaid Services (CMS) for their flexibility. But a few members at the July 21 meeting expressed disappointment with the privacy and security aspect, stating that CMS may be missing an opportunity to drive improvements.

The final rule from CMS states “we do not see meaningful use as an appropriate regulatory tool to impose different, additional, and/or inconsistent privacy and security policy requirements from those policies already required by HIPAA.”

Gayle Harrell, a former Florida state legislator on the committee, said that comment might send a signal that CMS is not serious about privacy, and that it needs to assert that it will use every policy lever possible to promote privacy and security.

Deven McGraw of the Center for Democracy & Technology (CDT) raised the concern that CMS may be taking off the table an important tool to push for improvements. McGraw elaborated on some of her comments in a blog posting on the CDT website. There she agreed that meaningful use should not contradict or conflict with HIPAA requirements, and shouldn’t be the primary mechanism for implementing a comprehensive privacy and security framework. “But to foreclose the use of meaningful use criteria to make any advances in health privacy and security is to surrender a significant policy lever for encouraging industry adoption of privacy and security best practices for using EHR technology,” she added.

She also expressed disappointment that CMS rejected recommendations to make compliance with state and federal privacy and security laws a meaningful use requirement and to disqualify providers fined for willful neglect of the HIPAA privacy and security regulations from eligibility for the federal health IT subsidies.

Both Tony Trenkle, director of the CMS Office of e-Health Standards and Services, and National Coordinator for Health IT David Blumenthal, M.D., responded by saying there was no intention to preclude privacy and security criteria in future stages of meaningful use. “When we can define criteria that are consistent with the privacy rule and find other ways to measure, audit, and report on them, we will support that,” Trenkle said.

Blumenthal said he would support “ambitious and achievable” goals and doesn’t see privacy and security as off the table at all.

On another topic, Trenkle mentioned that CMS would be monitoring which of the meaningful use optional objectives are being deferred most often by hospitals and eligible providers to study patterns that will impact outreach programs and future rule-making.


Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...