Health Information Management

HIPAA Q&A: HIPAA-mandated software?

HIM-HIPAA Insider, June 4, 2012

A: None of the HIPAA regulations require the use of a specific application or specific software. HIPAA spells out privacy, security, and transaction related requirements but is technology neutral. This was not changed by the passage of HITECH. The EHR that will be implemented has been federally certified to meet the meaningful use incentive program requirements. Even the implementation of a federally certified EHR is not a HIPAA or HITECH mandate. It is only required if the physician is interested in taking advantage of the meaningful use incentive program.

Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, answered this question. He has more than 17 years of experience in information technology and specializes in security compliance, assessments, training, and strategic planning. Apgar is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy and Security Forum.

Most Popular