{"id":629,"date":"2020-11-19T13:41:10","date_gmt":"2020-11-19T08:11:10","guid":{"rendered":"https:\/\/www.healthasyst.com\/blog\/?p=188"},"modified":"2022-01-13T15:09:42","modified_gmt":"2022-01-13T09:39:42","slug":"21st-century-cures-act-final-rules-breaking-down-the-new-criteria-part-2","status":"publish","type":"post","link":"https:\/\/www.healthasyst.com\/healthcare-it-services\/21st-century-cures-act-final-rules-breaking-down-the-new-criteria-part-2\/","title":{"rendered":"21st Century Cures Act Final Rules: Breaking down the new criteria &#8211; Part 2"},"content":{"rendered":"\r\n<p>In the\u00a0<a href=\"https:\/\/www.healthasyst.com\/blog\/21st-century-cures-act-final-rules-what-it-means-for-isvs-providers-and-payers-part-1\/\" target=\"_blank\" rel=\"noreferrer noopener\">first part<\/a>\u00a0of the blog series, we presented a broad view of the two categories on which the 21st Century Cures Act Final Rules are based \u2013 an open technology ecosystem and information blocking.<\/p>\r\n\r\n\r\n\r\n<p>The\u00a0<a href=\"https:\/\/www.federalregister.gov\/documents\/2020\/11\/04\/2020-24376\/information-blocking-and-the-onc-health-it-certification-program-extension-of-compliance-dates-and\" target=\"_blank\" rel=\"noreferrer noopener\">reporting period<\/a>\u00a0has been extended to help healthcare IT vendors prioritize COVID19 responses; however, it\u2019s crucial to start planning and preparing to meet the requirements to avoid last-minute hassles.<\/p>\r\n\r\n\r\n\r\n<p>In the second part of the series, we will break down the\u00a0<a href=\"https:\/\/www.healthit.gov\/topic\/certification-ehrs\/2015-edition-cures-update-test-method\" target=\"_blank\" rel=\"noopener\">new\u00a0certification criteria<\/a> focused on the broader themes of interoperability and authentication.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Seamless exchange of EHI<\/h2>\r\n\r\n\r\n\r\n<p>This new criterion will enable the export of electronic health information of patients during standard workflows or migration of healthcare IT systems. A provision is also to be included to export the data without any assistance from the healthcare IT vendor. To overcome any privacy concerns, the healthcare vendor must restrict access to a chosen few users who will export the data. The exported data has to be formatted with structure and syntax that is easily identifiable by any healthcare IT system (recipient). This new criterion alludes to the importance the ONC has placed on ensuring privacy and enabling greater accessibility of EHI as patients move from provider to provider. This criterion will also serve to curb any anti-competitive behaviors among healthcare IT vendors.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Fortified authentication measures<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>There are two new criteria on authentication \u2013 encryption of authentication credentials and multi-factor authentication (MFA). Healthcare IT vendors need to attest as \u201cYes\u201d that their system encrypts stored authentication credentials. If they attest as \u201cNo,\u201d they should state, for example, that their healthcare IT system does not support authentication credentials. In the same vein, they need to attest as \u201cYes\u201d to supporting authentication using multiple elements of the user\u2019s identity. If they attest as \u201cNo,\u201d they should provide context as to why, for example, that their system does not support multi-factor authentication since it is engaged in system-to-system public health reporting, and hence MFA is not applicable. These criteria will ensure confidentiality and authenticity of data, as well as protect against cybercrimes.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>An open interface for an easy transition<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>This criterion is regarding the standardization of Application Programming Interface (API) for patient and population services. It will enable healthcare IT developers to publish the APIs and allow EHI to be easily transported and used wherever required to offer optimum care. Along with the API, FHIR (Fast Healthcare Interoperability Resources) server endpoints for all customers are required to be publicly available. This criterion will create a more open environment for healthcare IT vendors to collaborate and communicate safely. There will no longer be any silos of EHI, allowing seamless transmission across devices, anywhere in the world.<\/p>\r\n\r\n\r\n\r\n<p>Besides these, the\u00a0<a href=\"https:\/\/www.healthit.gov\/sites\/default\/files\/2020-08\/2015EdCures_Update_CCG_USCDI.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">USDCI<\/a>, which provides more comprehensive patient information, will now replace the Common Clinical Data Set (CCDS). We will discuss this in greater detail in the next blog in the series.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Begin the journey now&#8230;<\/h2>\r\n\r\n\r\n\r\n<p>Better outcomes are not easy. They need a relentless focus on offering best-in-class care and ensuring that health data travels wherever it will be most useful for the patient. These final rules will ensure greater transparency and security for all in the healthcare ecosystem, and not just for the patients. As leaders in healthcare transformation, HealthAsyst can offer the guidance and remediation support required to meet these requirements and ensure the deadlines are met way ahead of time. Please write to us at\u00a0<a href=\"mailto:Itservices@healthasyst.com\" target=\"_blank\" rel=\"noreferrer noopener\">Itservices@healthasyst.com<\/a>\u00a0to start the countdown to compliance.<\/p>\r\n\r\n\r\n\r\n<p><em>Note: The New Certification Criteria is true as on date November 18, 2020. Any updates to the New Certification Criteria will reflect on this blog as it takes place.<\/em><\/p>\r\n\r\n\r\n\r\n<p><em>With inputs from I.V. Chandra Mouli, Senior Manager (QA)<\/em><\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>In the\u00a0first part\u00a0of the blog series, we presented a broad view of the two categories on which the 21st Century Cures Act Final Rules are based \u2013 an open technology ecosystem and information blocking. The\u00a0reporting period\u00a0has been extended to help healthcare IT vendors prioritize COVID19 responses; however, it\u2019s crucial to start planning and preparing to [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":688,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[10,9,11],"tags":[23,24,25,15,26],"ppma_author":[127],"class_list":["post-629","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-healthcare-it","category-blog","category-it-services","tag-21stcentury","tag-cures-act","tag-final-rules","tag-healthcare-it","tag-new-certification","entry","has-media"],"acf":[],"authors":[{"term_id":127,"user_id":12,"is_guest":0,"slug":"ha-blogging","display_name":"HealthAsyst Blogging Community","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/ec40f1d2b7d280072a45c1022ff042cca5547feaeb2e9ae2658385b3e7c438a6?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/posts\/629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/comments?post=629"}],"version-history":[{"count":3,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/posts\/629\/revisions"}],"predecessor-version":[{"id":692,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/posts\/629\/revisions\/692"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/media\/688"}],"wp:attachment":[{"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/media?parent=629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/categories?post=629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/tags?post=629"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.healthasyst.com\/healthcare-it-services\/wp-json\/wp\/v2\/ppma_author?post=629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}