NOTE: Encryption and Auditable events are two key components of Stage 2 certification with regards to the security requirements.
The Centers for Medicare and Medicaid Services (CMS), Medicare and Medicaid Programs; Electronic Health Record Incentive Program—Stage 2
The ONC proposed rule proposed stage 2 rules; Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology.
MU Objective: Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities.
2014 Edition EHR Certification Criteria:
§ 170.314(d)(2) (Auditable events and tamper-resistance)
§ 170.314(d)(3) (Audit report(s))
§ 170.210(e) (Record actions related to electronic health information, audit log
status, and encryption of end user devices)
Encryption of data at rest:
2014 Edition EHR Certification Criterion
§ 170.314(d)(7) (Encryption of data at rest)