Healthcare Management Services

A Management Services Company (MSO)


HIPAA-HITECH regulations 
require* that you perform
a Risk Assessment for electronic protected health information (PHI)

Contact Actus today for your PHI
Risk Assessment!

* CFR45 164.308(a)(1)(ii)(B) 

Glossary on Electronic Health Information Technologies

Confused by the myriad of terms and acronyms? You're not alone.

Electronic Health Record:           

EHR is a computerized patient-centric history of an individual’s health care record that includes data from the multiple sources of care that the patient has used. Because they are interoperable (i.e., can be accessed across networks by computers using a variety of operating systems and software), they can be accessed at any authorized point of care. At this time, the EHR is in a developmental phase, and it will be several years before it will be possible to determine the effect that the EHR will have on medical practices and patients.

Electronic Medical Record:                     

EMR describes a computerized system of accessing all aspects of a patient history within a single practice. The content of an EMR is analogous to the paper record, but the electronic format creates usable data in medical outcome studies, improves the efficiency of care, and makes for more efficient communication among providers and easier management of health plans.

Health Information Technology: 

HIT is an all-inclusive term that includes all computerized processes for maintaining patient medical records, automating administrative tasks of patient management, making patient records available at the point of care, linking clinical information to billing systems, and having a communications infrastructure capable of meeting interoperability standards and opportunities now and into the future.

HIPAA 5010:   

The updated set of HIPAA standards (5010) becomes effective on January 1, 2012. These provisions include: business associate liability; new limitations on the sale of protected health information, marketing, and fundraising communications; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information.  The Center for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) is responsible for enforcement of compliance with electronic transaction standards. CMS announced on November 17, 2011, that “[w]hile enforcement action will not be taken [from January 1-March 31, 2012], OESS will continue to accept complaints associated with compliance with Version 5010, transaction standards during the 90-day period.  If requested by OESS, covered entities that are the subject of complaints (known as ‘filed-against entities’) must produce evidence of either compliance or a good faith effort to become compliant with the new HIPAA [version] standards during the 90-day period.”

Not to be confused with HIPAA 5010, HIPAA HITECH refers to the privacy provisions from Section D of the HITECH legislation. These updated security measures include guidelines for notification of PHI breaches, business associate liability and stricter enforcement.


The Health Information Technology for Economic and Clinical Health Act (HITECH) is the portion of American Recovery and Reinvestment Act of 2009 (ARRA) that was enacted to promote the adoption and meaningful use of health information technology. 

Management Services Company (MSO):            
Management Services Companies provide a broad array of services to physician practices. In several states, MSO's have been the preferred means of establishing clear lines of responsibility between business and medicine.   

Meaningful Use:            

In the hopes of swaying more physicians to adopt and use EMRs, the American Recovery and Reinvestment Act ARRA set aside almost $20 billion under the Health and Human Services Department (HHS) to help physicians purchase and implement EMR systems. Meaningful use means that providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity. The initiative defines specific milestones to certify that a heath care provider is achieving the “meaningful use” of and EMR system

The Meaningful Use objectives, as defined in the Final Rule, include a set of core objectives that constitute an essential starting point for Meaningful Use of EHRs and a separate list of additional important activities from which providers can select several to implement in the first two years.

  • Core objectives include basic patient data, including functions that support improved health care (patient demographics, vital signs, active medications, allergies, problem lists of current and active diagnoses, and smoking status). Other core objectives include using software applications that incorporate the potential of EHRs to improve quality, safety, and efficiency of care (clinical decision support tools, CPOE, etc.). In addition to the core elements, the Rule includes a menu of ten additional tasks from which providers can choose five to implement in 2011 – 2012. The menu includes capabilities to perform drug formulary checks, incorporate laboratory results into EHRs, provide reminders to patients for needed care, identify and provide patient-specific health education resources, and employ EHRs to support the patient’s transitions between care settings and care givers.

  • Achieving Stage 1 Meaningful Use also means demonstrating progress in health outcome priorities. Reporting on blood pressure measures, smoking status, and adult weight screening will be required in 2011 and 2012.

  • As part of the process, HHS is establishing a nationwide network of Regional Extension Centers (RECs) to assist providers in adopting qualified EHRs and achieving meaningful use of them.

Risk Assessment:      

An electronic security risk analysis performed in accordance with Meaningful Use Core Measure #15 and HITECH regulation CFR45 164.308(a)(1)(ii)(B). Eligible Providers are required to implement security updates as necessary and correct identified security deficiencies as part of its risk management process.