Instead of buying one comprehensive EHR from a single vendor, policymakers expect hospitals and even some office-based physician practices will buy and use pieces of an EHR from multiple developers, cobbling together enough functionality to meet the meaningful-use requirements of the stimulus law.
The law is offering up to an estimated $27.3 billion in subsidy payments for buyers of EHRs that meet federal standards, including those for privacy and security, and are using their systems in a “meaningful manner.”
But members of a privacy and security work group to the federally chartered Health IT Policy Committee want to ensure those buying and banging into place a complete EHR system from mixed parts don't inadvertently end up with privacy and security holes in their systems.
In a few days, the public comment period closes on an HHS proposed rule creating a permanent procedure for testing and certifying EHR systems as capable of meeting stimulus law standards, including those for privacy and security. To beat that deadline, the work group Thursday brought a few recommendations on composite EHRs to the full HIT Policy Committee for official approval and submission to the Office of the National Coordinator for Health Information Technology at HHS. The HIT Policy Committee was created pursuant to the stimulus law to advise the ONC on health IT matters.