Analyzing the relationship between CCHIT certification criteria and HIPAA

In the health field, there is an immense amount of personal data that is collected, stored and transmitted from providers to patients, within the electronic health systems, to insurance companies, etc. Important law and regulations, such as Health Information Portability and Accountability Act (HIPAA), have been adopted and enforced as national standards for the protection of health information. The Certification Commission for Health Information Technology (CCHIT), an organization that certifies and tests electronic health record (EHR) modules, has designed test scripts and certification criteria to certify EHR modules. This paper analyzes CCHIT certification criteria and its relationship with HIPAA´s Privacy and Security rules. This analysis discloses to what degree CCHIT certification criteria covers the testing of compliance of the HIPAA rules. The analysis results could provide useful information for improving the CCHIT certification criteria.