Can you explain the difference between the HIPAA Security Final Rule and the meaningful use final rule? What does...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
each require and how are they different?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The HIPAA Security Final Rule and the meaningful use rule are two different sets of requirements that may apply in different situations. Depending upon your organization's role in the health care process and the types of information you handle, one or both may apply to your organization.
The HIPAA Security Rule applies to health care providers that conduct certain electronic transactions, health plans and health care clearinghouses. The rule itself contains a series of specific standards that dictate the mandatory administrative, physical and technical controls that HIPAA-covered entities must have in place to ensure the security of protected health information. The rule covers matters ranging from workforce security and incident response to facility access controls and data encryption.
The meaningful use of electronic health records rule provides guidelines for hospitals and health care professionals seeking to make the most effective use of electronic medical records in their practices. While it is not mandatory, health care professionals and hospitals that choose to participate are eligible to receive financial subsidies from the federal government. These incentive payments may be as high as $44,000 through the Medicare program and $63,750 through the Medicaid program.
In addition to the two rules you asked about, health care professionals should also be familiar with the HIPAA Privacy Rule. This rule is far more complex than the Security Rule and contains very detailed requirements covering the manner in which covered entities handle protected health information.
It is very important to realize that these rules cover completely different topics. The Security and Privacy Rules are guidelines for the secure handling and sharing of protected health information. If you are a HIPAA-covered entity, you must comply with these rules by implementing technical administrative and physical controls as well as sound privacy practices. The meaningful use rule, on the other hand, covers the effective use of electronic health records and does not overlap with the other rules. Furthermore, compliance with this rule is voluntary and allows practices to qualify for incentive payments from the government.
Dig Deeper on HIPAA
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.