MU Stage1 Final Rule - Automatic Log-Off

SECTION #  Section 170.302(q)—Automatic Log-Off

MU OBJECTIVE Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

MU STAGE 1 MEASURE Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

CERTIFICATION CRITERION Interim Final Rule Text: Automatic log-off. Terminate an electronic session after a predetermined time of inactivity. Final Rule Text: §170.302(q). Unchanged.

STANDARDS 45 CFR 164.308 http://edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf

TEST CRITERIA # §170.302(q) http://healthcare.nist.gov/docs/170.302.q_AutomaticLogOff_v1.1.pdf

SOLUTION DESIGN / TECHNOLOGY (Add details here)

SOLUTION COMPONENTS http://opensourcevista.net:8888/NancysVistAServer/UserTimeoutsVistA.odt

DEPENDENCIES (Add details here)

COMMENTS / NOTES (Add details here)

PREVIOUS NOTES (none)

DEVELOPMENT STATUSNone needed. Only documentation of the steps to configure it and demonstrate it are necessary.

Action ITEMS / NEXT STEPS (Add details here)

OPEN ISSUES / QUESTIONS (Add details here)