EMRAM Criteria Changes: What You Need to Know
Since its release in 2005, HIMSS Analytics’ EMRAM hasn't been updated in a major way. But the hectic and progressing pace of technology has led to many changes in healthcare, and as a general rule, we like to keep pace. To that end, the 2018 changes to the EMRAM criteria reflect the trends we're seeing emerge in various markets around the world. Here's what you need to know.
Why Did HIMSS Analytics Make Changes to EMRAM Criteria?
We made changes to reflect the current state of an advanced EMR environment. Today, practically every hospital we visit is using digital medical imaging in a critical way. As a result of some capabilities becoming more and more prevalent, we've had to make updates across stages. Consider, for example, the fact that role-based access control has not been included in online care documentation criteria until now. It's time for us to include those types of security capabilities in our definition of advancement.
Updating the EMRAM criteria is truly a push to raise the bar globally. We want to see the markets continue to drive toward more advanced EMR capabilities.
The new criteria focuses more on functions accomplished via technology rather than on the technology itself. In other words, we're looking closely at how technology is being used to improve care quality and patient safety.
Security and Criteria Updates
Let's dig into security for a moment. It’s top of mind. Hacks and ransomware scare everyone. They are propagated, prevalent and prolific. That's why we've updated a lot of criteria in this arena. We know that most organizations understand how vital privacy and security components of technology are, but we thought it fair to highlight this change.
For example, in Stage 2 security criteria updates include:
- Description of data center security and user security training
- Description of encryption and data destruction policy
- Description of antivirus, anti-malware and acceptable use policy
What Does This all Mean for Validation?
If you are already validated at Stage 6 or Stage 7, don't fret too deeply over the difficulty of the new criteria. The majority of the additional requirements for validation are mostly security related. If you are comfortable with your security program and posture, you should be in a great spot. If you are not yet validated at Stage 6 or Stage 7, there are new minimum thresholds for documentation and other criteria that needs to be considered.
That said, we do encourage you to get validated as soon as possible to begin realizing the full potential if your technology investments. We’re happy to discuss the details of a validation visit to help you effectively prepare for becoming a recognized Stage 6 and Stage 6 facility. Contact us below if you're ready for your EMRAM validation.
This post is part of a multipart series on the value of EMRAM. Continue to follow HIMSS Analytics for more on this topic.