The Centers for Medicare and Medicaid Services (CMS) Electronic Health Record (EHR) Incentive Program (Meaningful Use) provides for eligible physicians who demonstrate “meaningful use” of certified EHR technology to be eligible to receive up to $44,000 in Medicare incentive payments over five years or up to $63,750 in Medicaid incentive payments over six years. But what does it really mean to achieve “meaningful use” for the EHR Incentive Program, and what will your practice need to do to meet the required objectives?
You Might Also Like
Explore This IssueJuly 2011
Also By This Author
Privacy and Security of Electronic Health Information
One Meaningful Use objective that generates quite a bit of interest and even more questions is the aim to ensure appropriate protection of electronic health information. To meet this objective, you need to ensure that your EHR system is equipped to support basic security functionalities and that your practice is doing everything it can to identify potential threats and implement policy to keep information protected from nontechnical threats.
The Meaningful Use certification program addresses the more technical aspects of privacy and security, making sure that your system functionally protects electronic health information by implementing controls and encryption, such as:
- Assigning a unique user name for each user;
- Encrypting and decrypting health information for backups and removable media;
- Providing for event recording such as deletion of records;
- Creating an audit review log;
- Using systems to ensure health information has not been altered using a hash algorithm;
- Recording disclosures made for treatment; and
- Ensuring identity management is in place.
However, technology is just one piece of the security puzzle. Using certified EHR technology alone will not guarantee compliance with the Health Insurance Portability and Accountability Act (HIPAA) and supporting security rules. Your practice will also need to actively conduct a security risk assessment, documenting the findings and any plans to mitigate risk and improve practice workflow and policy that supports the security of patient data.
The ACR website offers information and resources for Health Information Technology, including:
- HIT Webinar Library: View recordings and slides on all aspects of the CMS EHR Incentive Program
- Frequently Asked Questions about the EHR Incentive program
- CMS 2011 e-Prescribing Program: What you need to know about the program and its financial impact on your practice
- EHR selection and implementation
- HITECH programs supporting HIT and your practice
- Rheumatology Clinical Registry
- HIT education opportunities and events
To access these resources, visit www.rheumatology.org/HIT.
The Risk Assessment
During a recent ACR Meaningful Use webinar, Nicholas Harned, JD, a health law attorney from Vedder Price, P.C., focused on the privacy and security requirements. Harned said that the Meaningful Use Privacy and Security objective is framed to ensure certified EHR technology supports the protection of electronic data but “does not impede [a provider’s] ability to comply with HIPAA.”1