End-user device encryption (MU2)

From OpenEMR Project Wiki

Overview

MU Requirements

Per ONC

Taken from ONC Final Rule:File:2014 Edition Cert Federal Register.pdf
(7) End-user device encryption. Paragraph (d)(7)(i) or (ii) of this section must be met to satisfy
this certification criterion.
(i) EHR technology that is designed to locally store electronic health information on end-user
devices must encrypt the electronic health information stored on such devices after use of
EHR technology on those devices stops.
(A) Electronic health information that is stored must be encrypted in accordance with the
standard specified in § 170.210(a)(1).
(B) Default setting. EHR technology must be set by default to perform this capability and,
unless this configuration cannot be disabled by any user, the ability to change the
configuration must be restricted to a limited set of identified users.
(ii) EHR technology is designed to prevent electronic health information from being locally
stored on end-user devices after use of EHR technology on those devices stops.

Per ONC/NIST Final Test Methods

See here: http://www.healthit.gov/policy-researchers-implementers/2014-edition-final-test-method

Status

Proposal

Owner

Links