System Design Compliance: Electronic Health Record (EHR) & Electronic Medical Record (EMR)

Concept to creation is sometimes a quantum leap, especially when it comes to Electronic Health Record (EHR) or Electronic Medical Record (EMR) system design.  When you make that leap, you want to be sure the effort pays off.   Form, fit and function have to be right and the end product must meet or exceed HIPAA & ARRA-HITECH regulatory compliance requirements.

In order to get functional, technical and performance details right, Protected Health Information (PHI) is often used in designing and rolling out that system.  As such, the designer is responsible for protecting the PHI and should be under a Business Associates Agreement with the providing party.  By law, the designer must be HIPAA and ARRA-HITECH compliant with an appropriate risk management program, policies and procedures, contingency and incident response plans, and viable configuration management and change control plan.