Compliance & Legal

With a six-month reprieve before enforcement begins, healthcare organizations will soon have to "change their operating procedures to be in compliance," says ONC.

Industry groups including AHIP, MGMA and the AMA support the patient access aims of the final regs, but have qualms about third-party developers and the compliance burden for providers.

National Coordinator Don Rucker and Deputy National Coordinator Steve Posnack talk enforcement timelines, "content and manner," FHIR 4, gag clause provisions, patient privacy and more.

Both CMS and ONC have issued what they call "transformative" rules addressing 21st Century Cures data access requirements; they'll impact providers, payers, vendors and patients.

The Shared Responsibility Matrix aims to streamline the assurance process for privacy and security, helping assign responsibilities and reduce misunderstandings when healthcare organizations work with cloud service providers.

AMA officials say the playbook aims to dispel some of the "myths and misconceptions from an array of complex federal and state laws surrounding patient electronic access to medical information."

Dr. Eldesia Granger of The MITRE Corporation guides healthcare leaders on how to work with consumer-generated data. At HIMSS20, she’ll highlight MITRE’s framework for handling this emerging information source.

The health and wellness data group lead at The MITRE Corporation offers a sneak preview of her HIMSS20 session on the topic.

The ultimate goals are to avoid penalties for non-compliance with state regulations; improve provider satisfaction, loyalty and recruitment measures; and increase patient satisfaction measures.

Ponemon Institute and Keyfactor say 60% of organizations aren't adequately maintaining their digital certificates and public key infrastructure.