Difference between revisions of "End-user device encryption (MU2)"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
==MU Requirements== | ==MU Requirements== | ||
===Per ONC=== | ===Per ONC=== | ||
:Taken from [ | :Taken from ONC Final Rule:[[File:2014_Edition_Cert_Federal_Register.pdf]] | ||
<pre> | <pre> | ||
(7) End-user device encryption. Paragraph (d)(7)(i) or (ii) of this section must be met to satisfy | (7) End-user device encryption. Paragraph (d)(7)(i) or (ii) of this section must be met to satisfy | ||
Line 18: | Line 18: | ||
stored on end-user devices after use of EHR technology on those devices stops. | stored on end-user devices after use of EHR technology on those devices stops. | ||
</pre> | </pre> | ||
===Per ONC/NIST Final Test Methods=== | |||
:See here: http://www.healthit.gov/policy-researchers-implementers/2014-edition-final-test-method | |||
==Status== | ==Status== | ||
Line 26: | Line 28: | ||
==Links== | ==Links== | ||
:*[[OpenEMR Certification Stage II Meaningful Use|OpenEMR Certification Stage II Meaningful Use Main Project Page]] | |||
:*[[Encryption Transmission|Encryption Transmission wiki page for stage I certification]] | |||
[[Category:Certification]][[Category:Certification Stage II]] | [[Category:Certification]][[Category:Certification Stage II]] |
Latest revision as of 01:23, 26 January 2013
Overview
MU Requirements
Per ONC
- Taken from ONC Final Rule:File:2014 Edition Cert Federal Register.pdf
(7) End-user device encryption. Paragraph (d)(7)(i) or (ii) of this section must be met to satisfy this certification criterion. (i) EHR technology that is designed to locally store electronic health information on end-user devices must encrypt the electronic health information stored on such devices after use of EHR technology on those devices stops. (A) Electronic health information that is stored must be encrypted in accordance with the standard specified in § 170.210(a)(1). (B) Default setting. EHR technology must be set by default to perform this capability and, unless this configuration cannot be disabled by any user, the ability to change the configuration must be restricted to a limited set of identified users. (ii) EHR technology is designed to prevent electronic health information from being locally stored on end-user devices after use of EHR technology on those devices stops.