MU Stage1 Final Rule - Encryption

SECTION #  Section 170.302(u)—Encryption

MU OBJECTIVE Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

MU STAGE 1 MEASURE Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

CERTIFICATION CRITERION Final Rule Text: §170.302(u). General encryption. Encrypt and decrypt electronic health information in accordance with the standard specified in §170.210(a)(1), unless the Secretary determines that the use of such algorithm would pose a significant security risk for Certified EHR Technology. §170.302(v). Encryption when exchanging electronic health information. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in §170.210(a)(2).

STANDARDS §170.210(a)(1) §170.210(a)(2) 45 CFR 164.308 http//:edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf

TEST CRITERIA # §170.302(u) http://healthcare.nist.gov/docs/170.302.u_GeneralEncryption_v1.1.pdf §170.302(v) http://healthcare.nist.gov/docs/170.302.v_EncryptionHIE_v1.1.pdf

SOLUTION DESIGN / TECHNOLOGY (Add details here)

SOLUTION COMPONENTS (Add details here - Ex. KIDS patch, Delphi code, User guide, Web resources, Manual test script, etc)

DEPENDENCIES (Add details here)

COMMENTS / NOTES (Add details here)

PREVIOUS NOTES (none)

DEVELOPMENT STATUS (Add details here)

Action ITEMS / NEXT STEPS (Add details here)

OPEN ISSUES / QUESTIONS (Add details here)