Getting a Certified EHR System Does Not Mean You are HIPAA Compliant
_{May 9, 2018}

EHR a.k.a. Electronic Health Record is one of the major turning points in the healthcare history as it paved way to the betterment of patient-provider relationship. This technology has helped a lot in the timeliness and availability of medical data of patients which enabled healthcare providers make better decisions, timely decisions and consequently provide better healthcare services.

The US government thru its Center for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) has placed standards that will certify EHR that you have acquired have the necessary technical capabilities and security safeguards. EHR must meet the meaningful use criteria that aids in determining whether a healthcare provider or practitioner may avail federal funding from the Medicare and Medicaid EHR Incentive Program now termed as PI Programs (Promoting Interoperability Programs).

Then once you have the Certified EHR, to comply with HIPAA, the organization must conduct a Security Risk Analysis per HIPAA Security rule 45 CFR 164.308 (a)(1)

An accurate and comprehensive assessment of the potential risks and vulnerabilities to the privacy, integrity, and availability of electronic protected health information must be done with your CEHRT. Consequently, the organization must also make sure the security of the ePHI data that will be created and/or maintained by the CEHRT technology. Example of this security measures is encryption of this technology to ensure information are safely transmitted over the internet. Moreover, EHR systems must include access controls such as passwords which help limit the access to patients’ confidential information. There is also the audit trail that the organization can set up within their EHR that will track user access, actions done, when and where the access transpired.

Taking all of these into consideration can solidify your organization’s very purpose of adopting the use of EHR system, protect patient privacy, and prevent HIPAA violations as well as data breaches.