More on MeaningfulUse Certification: Quality and Security

Quality Reporting

For quality measures, the challenge is that the standards that folks have been working on just aren't ready yet.  This is largely in part due to the whole Health eDecisions/Health Quality Measure Format incompatibility created a couple of years ago.  A self-inflicted wound if ever there was one, but one that is healing, but not fully healed yet.  I'm not sure how to respond to this one yet.  I think we stay the course, but one of the things I'm looking for this cycle is whether provisions have been made to pilot new technology.  That will show up in the Incentives rule (should I be calling it the penalties rule).

Throughout this section, one change you will see is that:

... when a Health IT Module is presented for certification to this criterion, we would expect that testing of the Health IT Module would include demonstration of a user’s ability to ____ without subsequent health IT developer assistance beyond normal orientation/training.

This basically is saying that users have to be able to execute the functions that the module is certified to without having to call on the vendor for support.

Security

On security, you can rest easy with regard to the certification criteria, as they remain unchanged. They do ask for comment about when SHA-2 (SHA-256 for example) should be phased in and how.