Download
1 / 2
20 likes | 117 Views
This update provides insights into the recent efforts of the HIT Standards Committee's Privacy and Security Workgroup led by Dixie Baker and Walter Suarez. The update includes completed reviews of standards and certification criteria, along with important recommendations. The workgroup suggested clarifications on transport standards references, patient-accessible logs, secure channels for patient viewing and downloading, and more. They also proposed adopting ASTM E2147-01 as a standard for defining auditable events in health information systems. Additionally, the group aims to develop test procedures recommendations to be presented at the upcoming April HITSC meeting.
E N D
HIT Standards CommitteePrivacy and Security WorkgroupUpdate Dixie Baker, Chair Walter Suarez, Co-Chair March 27, 2012
Current Efforts Completed review of Standards and Certification Criteria Notice of Proposed Rule Making (NPRM) Overall, thought ONC did a good job of translating our recommendations into Standards and Certification Criteria Recommendations Clarify Transport standards references Clarify intent of patient-accessible log Add certification criteria to secure channel for patient viewing and downloading; use same standards proposed for secure messaging with patients Change reference to “limited set of users” to “authorized users” Clarify that audit records may be purged after required retention period Adopt ASTM E2147-01, Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems, as standard for defining auditable events and information to be recorded about those events – rather than creating new standard language through a regulation Reduce specificity re how patient information may be appended Starting development of recommendations for test procedures – to be presented at April HITSC meeting Will Phelps (ONC) and Kevin Stine (NIST) supporting this effort
