MU Stage1 Final Rule - Emergency Access

SECTION #  Section 170.302(p)—Emergency Access

MU OBJECTIVE Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

MU STAGE 1 MEASURE Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

CERTIFICATION CRITERION Interim Final Rule Text: Emergency access. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency. Final Rule Text: §170.302(p). Unchanged.

STANDARDS 45 CFR 164.308 http//:edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf

TEST CRITERIA # §170.302(p) http://healthcare.nist.gov/docs/170.302.p_EmergencyAccess_v1.1.pdf

SOLUTION DESIGN / TECHNOLOGY (Add details here)

SOLUTION COMPONENTS (Add details here - Ex. KIDS patch, Delphi code, User guide, Web resources, Manual test script, etc)

DEPENDENCIES (Add details here)

COMMENTS / NOTES (Add details here)

PREVIOUS NOTES (none)

DEVELOPMENT STATUS The devil is in the details of the scripts here as to whether or not the emergency access controls are adequate if a privileged user can grant access to another or if the ordinary user had to be able to break the box to privileged user status without a supervisor providing for that access.

Action ITEMS / NEXT STEPS (Add details here)

OPEN ISSUES / QUESTIONS (Add details here)