It is not a very safe practice to use paper records in maintaining Protected Health Information (PHI). This is why there is an Electronic Health Record (EHR) that is currently being recommended and used by health care providers to collect patients’ Protected Health Information (PHI) as electronic Protected Health Information (ePHI). Because of the reliance of this Electronic Health Record (EHR) on the internet it becomes not completely safe. ePHI requires an Internet connection in order to conduct any online activity that can be part of Electronic Health Record (EHR) and the use of ePHI.
Several health care online practices such as exchanging patient information electronically, submitting claims electronically, generating electronic records for patients’ requests, and e-prescribing would depend on cybersecurity practices in order to safeguard systems and information.
Cybersecurity are simply measure put in place to prevent, detect, and respond to attacks against or unauthorized access against a computer system and information contained in the computer system. Cybersecurity helps protect any information or any form of digital asset that is stored in a computer system or in any digital memory device.
The stronger the cybersecurity of a health care provider, the safer the information in their Electronic Health Record (EHR). This makes it very important that a health care provider who is willing to comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule should have a strong cybersecurity practices in place. A strong cybersecurity will help to protect patient information, health care operations, health care provider’s assets, and the personnel, as well as to comply with the HIPAA Security Rule.
As a Covered Entity (CE) there is need for you to have cybersecurity regardless of the category of have your EHR installed as an office-based EHR or as an Internet-based
You can always get more information about online cybersecurity from the Office of the National Coordinator for Health Information Technology (ONC) web page.
- Meaningful Use
The Health Insurance Portability and Accountability Act (HIPAA) have in it other rules that help in the protection of patient’s Protected Health Information (PHI). One of such rules is the Meaningful Use mostly described as Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs. This meaningful use is mostly handled by the Centers for Medicare and Medicaid Services (CMS). They set requirements for health care providers to show progressively more integrated use of Electronic Health Records (HERs) and receive incentive payments for the use of EHRs.
The Meaningful Use guide has two versions; an older version and a more recent updated version. The first version which is version 1.2 explains two core objectives of the Stage 1 that relate to privacy and security requirements. The newer updated Guide is focused on the core objectives of Stage 1 and Stage 2 that concerns privacy and security. However, it does not discuss menu objectives, clinical quality measures, or Stage 3.
In order to show Meaningful Use, health care providers must meet up requirements and report the use of their health care’s Electronic Health Records (EHRs) to the Centers for Medicare and Medicaid Services (CMS) through attestation. The Meaningful Use Programs has its own definition of those considered as Eligible Professionals (EPs). These professionals according to the definitions of the Meaningful Use Program are doctors of medicine or osteopathy, dental medicine, podiatric medicine, optometry, and chiropractic medicine.
In the Medicare and Medicaid Electronic Health Record (HER) Incentive Programs, some well stipulated Meaningful Use requirements put into consideration many Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements for electronic Protected Health Information (ePHI). Some important cybersecurity measures are required for the protection of the integrity, confidentiality and availability of health information that are contained in the HER system. It is important that these protections are done whether you have the HER installed on your office serve or hosted online by a developer on your behalf.