E9-31216 III B 1
1. Definition of Standard
The term standard is used in many different contexts and for many different purposes.
The HITECH Act did not define or provide a description of the term, standard, or how it should be used in relation to HIT.
As a result, we looked to other sources to inform our definition for the term.
As specified in the HIPAA Rules, standard is defined at 45 CFR 160.103 to mean ``a rule, condition, or requirement:
- (1) Describing the following information for products, systems, services or practices:
- (i) Classification of components.
- (ii) Specification of materials, performance, or operations; or
- (iii) Delineation of procedures; or
- (2) With respect to the privacy of individually identifiable health information.``
This definition includes important concepts that we believe are applicable and appropriate for this interim final rule and we have included these concepts in our definition of standard.
Other definitions or descriptions of the term standard include
- ``an established policy on a particular practice or method;``
- ``a set of instructions for performing operations or functions;`` or
- ``a published statement on a topic specifying the characteristics, usually measurable, that must be satisfied or achieved to comply with the standard.
\2\
FOOTNOTE:
\2\ This last definition is referenced in Federal Information
Processing Standards 201.
We believe the types of standards envisioned by Congress in the HITECH Act that would be most applicable to HIT are standards that are technical, functional, or performance-based.
For example,
- a technical standard could specify that
- the structure of a message containing a patient's blood test results
- must include a header,
- the type of test performed, and
- the results, and further,
- that message must always be put in that sequence
- and be 128 bits long;
- a technical standard could specify that
- a functional standard could specify certain actions that must be consistently accomplished by HIT such as recording the date and time when an electronic prescription is transmitted;
- and a performance standard could specify certain operational requirements for HIT such as being able to properly identify a drug-Allergy contraindication 99.99% of the time for patient safety purposes.
With this in mind, we have chosen to define standard to mean:
- a technical, functional, or performance-based rule, condition, requirement, or specification that stipulates instructions, fields, codes, data, materials, characteristics, or actions.