HIMSS Analytics announces new EMRAM criteria for 2018 with focus on security, digital imaging

Global vice president John Daniels said the new requirements for its Electronic Medical Record Adoption Model are truly aspirational and provide a glimpse at the future with non-scored options as well.
By Tom Sullivan
03:08 PM

HIMSS Analytics on Friday revealed updated criteria for achieving Electronic Medical Record Adoption Model certification in 2018.
“It’s both evolutionary and a big change. We’re not taking any criteria away but now we’re adding to it,” said HIMSS Analytics Global Vice President John Daniels. “EMRAM is a truly aspirational model.”
Effective January 1, 2018, the new EMRAM criteria brings a first-time focus on privacy and security and moves the PACS and digital imaging requirement from Stage 5 down to Stage 1. 

[Also: Saint Francis Hospital scores HIMSS Stage 7 Award]
That means that hospitals vying for Stage 1 need to have PACS for DICOM and patient-centric storage of non-DICOM images.

The security requirements begin in Stage 2, with a look at data center security, end-user training, encryption and disposal policies as well as antivirus, anti-malware and firewall programs.
Stage 3 requires role-based access control and intrusion detection and Stage 4 stipulates that clinicians can access data about patients’ allergies, diagnoses, medications and recent labs in the event that systems go down. 

New to Stage 5 is the requirement that hospitals have intrusion detection systems and portable device security.

[Also: Saudi Arabia hospital achieves HIMSS Analytics Stage 7 EMRAM]

Hospitals looking to achieve Stage 6 will need to have security risk assessments in place and any organization aiming for Stage 7 will need to provide an overview of its privacy and security program.
Daniels said that HIMSS Analytics is also adding non-scored criteria to Stage 7 for anesthesia information systems in operating rooms and the use of smart pumps that interface bi-directionally with EMRs.
“We’re going to ask about these capabilities because we anticipate they will become part of the criteria in five to 10 years,” Daniels said. “We’re letting the market know that in the future these will be required.”

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.