4 reasons to welcome the advent of meaningful use Stage 2
With debate still swirling around the Aug. 23rd release of the final rules for meaningful use Stage 2, one CIO offers four reasons to celebrate it.
CIOs should be happy that the final government at last released the final rules for meaningful use Stage 2, says Dave Riley, the chief of informatics at Reston, Va.-based Harris Healthcare Solutions, a commercial and government vendor specializing in business intelligence, meaningful use, workflow management, EHRs and patient portals.
[See also: Final rules for Stage 2 meaningful use released.]
“In doing so we now have a clear target of what needs to be met with respect to compliance for meaningful use Stage 2,” he says. “It is impossible to implement to a moving target and do it well. By coming to closure we now have a known target whether we like it not it is something we can measure our progress against in moving forward and this is good.”
Second, the final rule’s definition of how to use secure email messaging has now provided organizations with a means to move forward with provider-to-provider and provider-to-patient email communications that will not expose them to undue risk, Riley says.
“There has been a recent trend for providers and patients to use email communication even though it is generally not a secure private means of communication,” he says. “This has exposed organizations to undue risk. By implementing secure email messaging we can now alleviate that risk and this is good.”
Third: As organizations move forward with implementing MU Stages 2 and 3, they will be expected to have more accountability to patients with respect to who is accessing the patient record; when they are accessing it and for what purpose, Riley says. In addition, patients under HITECH have the right to restrict access to data related to the healthcare they pay for out-of-pocket.
[See also: At a glance: Stage 2 final rule.]
“This is a significant step up for most organizations in terms of security and privacy competency, but in the end I believe it will be a good thing for all parties,” he adds. “Healthcare organizations need to continue to strengthen their IT staff competency in security and privacy. Historically, this is an area that healthcare in general has not been given enough attention.
“The usual approach has been for all care team members to have access to all parts of the patient record,” Riley adds. “As a result record systems have not done a good job of data mark-up to support data segmentation – albeit some progress has been made on implementing role-based access control – there are multiple attributes that must be factored in when authorizing access to a particular piece of patient data. This is a level of sophistication that most organizations are not yet comfortable with. With respect to data security, organizations generally only see outsider threat as their biggest worry, when the reality is that insider threat is the more frequent means by which data breaches occur."