Can you explain the difference between the HIPAA Security Final Rule and the meaningful use final rule? What does each require and how are they different?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The HIPAA Security Final Rule and the meaningful use rule are two different sets of requirements that may apply in different situations. Depending upon your organization's role in the health care process and the types of information you handle, one or both may apply to your organization.
The HIPAA Security Rule applies to health care providers that conduct certain electronic transactions, health plans and health care clearinghouses. The rule itself contains a series of specific standards that dictate the mandatory administrative, physical and technical controls that HIPAA-covered entities must have in place to ensure the security of protected health information. The rule covers matters ranging from workforce security and incident response to facility access controls and data encryption.
The meaningful use of electronic health records rule provides guidelines for hospitals and health care professionals seeking to make the most effective use of electronic medical records in their practices. While it is not mandatory, health care professionals and hospitals that choose to participate are eligible to receive financial subsidies from the federal government. These incentive payments may be as high as $44,000 through the Medicare program and $63,750 through the Medicaid program.
In addition to the two rules you asked about, health care professionals should also be familiar with the HIPAA Privacy Rule. This rule is far more complex than the Security Rule and contains very detailed requirements covering the manner in which covered entities handle protected health information.
It is very important to realize that these rules cover completely different topics. The Security and Privacy Rules are guidelines for the secure handling and sharing of protected health information. If you are a HIPAA-covered entity, you must comply with these rules by implementing technical administrative and physical controls as well as sound privacy practices. The meaningful use rule, on the other hand, covers the effective use of electronic health records and does not overlap with the other rules. Furthermore, compliance with this rule is voluntary and allows practices to qualify for incentive payments from the government.
This was first published in March 2013