HIMSS Analytics announces new EMRAM criteria for 2018 with focus on security, digital imaging
HIMSS Analytics on Friday revealed updated criteria for achieving Electronic Medical Record Adoption Model certification in 2018.
“It’s both evolutionary and a big change. We’re not taking any criteria away but now we’re adding to it,” said HIMSS Analytics Global Vice President John Daniels. “EMRAM is a truly aspirational model.”
Effective January 1, 2018, the new EMRAM criteria brings a first-time focus on privacy and security and moves the PACS and digital imaging requirement from Stage 5 down to Stage 1.
[Also: Saint Francis Hospital scores HIMSS Stage 7 Award]
That means that hospitals vying for Stage 1 need to have PACS for DICOM and patient-centric storage of non-DICOM images.
The security requirements begin in Stage 2, with a look at data center security, end-user training, encryption and disposal policies as well as antivirus, anti-malware and firewall programs.
Stage 3 requires role-based access control and intrusion detection and Stage 4 stipulates that clinicians can access data about patients’ allergies, diagnoses, medications and recent labs in the event that systems go down.
New to Stage 5 is the requirement that hospitals have intrusion detection systems and portable device security.
Hospitals looking to achieve Stage 6 will need to have security risk assessments in place and any organization aiming for Stage 7 will need to provide an overview of its privacy and security program.
Daniels said that HIMSS Analytics is also adding non-scored criteria to Stage 7 for anesthesia information systems in operating rooms and the use of smart pumps that interface bi-directionally with EMRs.
“We’re going to ask about these capabilities because we anticipate they will become part of the criteria in five to 10 years,” Daniels said. “We’re letting the market know that in the future these will be required.”