EHR Stage 2 Final Rules Call for Encryption
HEALTHCARE PRIVACY—U.S.August 24, 2012
GovInfoSecurity reports on Thursday’s release of the two final rules for Stage 2 of the HITECH Act's electronic health record (EHR) incentive program. The Department of Health and Human Services rules, which address meaningful use and software certification, are scheduled to be published in the Federal Register on September 4. The meaningful use rule includes requirements for risk assessment analysis addressing encryption of data stored in certified EHR technology, while the software certification rule requires EHR software “be designed to encrypt, by default, electronic health information stored locally on end-user devices,” the report states. A recent whitepaper, meanwhile, cautions against securing personal health information on portable devices.