Difference between revisions of "MU Stage1 Final Rule - Access Control"
Peterbodtke (talk | contribs) |
Peterbodtke (talk | contribs) |
||
Line 16: | Line 16: | ||
'''STANDARDS''' | '''STANDARDS''' | ||
45 CFR 164.308 | 45 CFR 164.308 | ||
− | edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf | + | http://edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf |
'''TEST CRITERIA #''' | '''TEST CRITERIA #''' |
Revision as of 02:52, 19 August 2010
SECTION # Section 170.302(o)—Access Control
MU OBJECTIVE Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
MU STAGE 1 MEASURE Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
CERTIFICATION CRITERION Interim Final Rule Text: Access control. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information. Final Rule Text: §170.302(o). Unchanged.
STANDARDS 45 CFR 164.308 http://edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf
TEST CRITERIA # §170.302(o) http://healthcare.nist.gov/docs/170.302.o_AccessControl_v1.0.pdf
USERS | CORE / MENU | SOLUTION DEVELOPERS | STATUS |
---|---|---|---|
All | CORE | TBD | TBD |
SOLUTION DESIGN / TECHNOLOGY (Add details here)
SOLUTION COMPONENTS (Add details here - Ex. KIDS patch, Delphi code, User guide, Web resources, Manual test script, etc)
DEPENDENCIES (Add details here)
COMMENTS / NOTES (Add details here)
PREVIOUS NOTES (none)
DEVELOPMENT STATUS (Add details here)
ACTION ITEMS / NEXT STEPS (Add details here)
OPEN ISSUES / QUESTIONS (Add details here)