Friday, June 24, 2011

CMS Clarifies Electronic Transmission

One of the more confusing items about Meaningful Stage 1 is what constitutes a test of electronic record exchange.  The HIT Standards Committee did not specify transport standards, so there are no certification criteria to test the ability of an EHR to send data from place to place.

It was unclear what kinds of transport constitute a valid test of data exchange - Bluetooth between iPhones?  e-Fax?  USB Drives?

Now we know from a new CMS FAQ - any transport standard will do, but physical media will not.

Here's the language:

"To complete step 2, an eligible professional, eligible hospital, or critical access hospital may use any means of electronic transmission according to any transport standard(s) (SMTP, FTP, REST, SOAP, etc.) regardless of whether it was included by an EHR technology developer as part of the certified EHR technology in the eligible professional’s, eligible hospital’s, or critical access hospital’s possession.

Please note that the use of USB, CD-ROM, or other physical media or electronic fax would not meet the measure of this objective and has been addressed in another FAQ (see FAQ #10638)  If the test involves the transmission of actual patient information, all current privacy and security regulations must be met."

Now that we know, feel free to send me a secure email (Zixmail, Accellion, Direct, S/MIME, or TLS) and I can validate your test!


Glen said...

That is an amazingly lazy specification! It makes me wonder if they just read a list of IETF RFC titles and picked some that sounded like they might be used. The absence of standards-based secure transport requirements and reference to REST (not a standard) suggests they used blogs, Compterworld, and/or eWeek as authorative sources. Critical thinking is suspiciously not in evidence.

Anonymous said...

For the meaningful use objective of "capability to exchange key clinical information", can an EP or EH test this functionality by sending between different legal entities where the sending EP or EH has a certified EHR technology but the receiving entity may or may not have a certified EHR (i.e. Regional Health Information Organization, Health Information Exchange, provider or hospital without a certified EHR, state Medicaid, health plan, other)? Or, must the receiving entity also have a distinct certified EHR technology?