Comments on: HIPAA and EMR Design http://rdn-consulting.com/blog/2008/01/03/hipaa-and-emr-design/ Software Development and Biomedical Engineering Thu, 20 Nov 2008 17:02:22 +0000 http://wordpress.org/?v=2.6.3 By: Bob http://rdn-consulting.com/blog/2008/01/03/hipaa-and-emr-design/#comment-434 Bob Fri, 11 Jan 2008 03:27:44 +0000 http://rdn-consulting.com/blog/2008/01/03/hipaa-and-emr-design/#comment-434 @EMR and HIPAA: Audit trails are not really part of HIPAA (45 CFR Parts 160 and 164) which is primarily concerned with privacy rules. You're thinking of the 21 CFR Part 11 rules for electronic records and signatures which is what the FDA uses for all life science industries. @EMR and HIPAA:

Audit trails are not really part of HIPAA (45 CFR Parts 160 and 164) which is primarily concerned with privacy rules. You’re thinking of the 21 CFR Part 11 rules for electronic records and signatures which is what the FDA uses for all life science industries.

]]> By: EMR and HIPAA http://rdn-consulting.com/blog/2008/01/03/hipaa-and-emr-design/#comment-427 EMR and HIPAA Wed, 09 Jan 2008 06:24:31 +0000 http://rdn-consulting.com/blog/2008/01/03/hipaa-and-emr-design/#comment-427 I think that your missing a major point that an EMR company must cover: Audit trails. Every EMR company I've ever seen has to make sure that they have good audit trails built into their system in order to comply with HIPAA. Without the audit trail of who did what, then that EMR would be in trouble. EMRs are also much more granular with who can see what. HIPAA is pretty clear that you should only see what you need to do your job. An EMR really takes this to the next level because of the granular security you can implement. The interesting thing is that there probably isn't an EMR out there that isn't HIPAA compliant. So, that question really doesn't need to be asked now. Plus, since HIPAA compliancy is now complete for most EMR companies, then it's a very marginal cost for the EMR to continue to comply with EMR. However, that initial jump to comply with HIPAA certainly cost EMR companies some money, which they then most probably passed on to the consumer. I think that your missing a major point that an EMR company must cover: Audit trails. Every EMR company I’ve ever seen has to make sure that they have good audit trails built into their system in order to comply with HIPAA. Without the audit trail of who did what, then that EMR would be in trouble.

EMRs are also much more granular with who can see what. HIPAA is pretty clear that you should only see what you need to do your job. An EMR really takes this to the next level because of the granular security you can implement.

The interesting thing is that there probably isn’t an EMR out there that isn’t HIPAA compliant. So, that question really doesn’t need to be asked now. Plus, since HIPAA compliancy is now complete for most EMR companies, then it’s a very marginal cost for the EMR to continue to comply with EMR. However, that initial jump to comply with HIPAA certainly cost EMR companies some money, which they then most probably passed on to the consumer.

]]>