§170.315(d)(12) Encrypt Authentication Credentials

Mirth® Connect by NextGen Healthcare User Guide

§170.315(d)(7) End-User Device Encryption

(d)(7) End-user device encryption ensures that data is not stored in an non-secure manner on local devices. Required Extensions None Features that Support the Certification Mirth® Connect does not store message information in local cache. Required Actions None Parent topic: Cures Certification

Mirth® Connect by NextGen Healthcare User Guide

§170.315(d)(9) Trusted Connection

(d)(9) Trusted connection requires the ability to encrypt messages and send through a trusted connection. Required Extensions SSL Manager Features that Support the Certification The SSL Manager extension provides options that ensure encryption and connectivity validation through the use of SSL certificates. Required Actions In your Mirth® Connect channels, enable SSL to establish trusted connections between endpoints. Parent topic: Cures Certification

Mirth® Connect by NextGen Healthcare User Guide

§170.315(d)(8) Integrity

(d)(8) Integrity requires that a message digest can be created and sent using a hashing algorithm of SHA-2 security strength or greater. Required Extensions None Features that Support the Certification A SHA-256 hash variable (named Message Hash) is automatically generated for each message sent out by a destination connector. If sending the hash, the recipient of the message and the hash can validate the content of the message. For additional information, see Destination Mappings. New utility functions have been added to create a message hash, supporting the filtering of messages either in a source or destination connector. They are: HashUtil.generate(object); HashUtil.generate(string, encoding, algorithm); HashUtil.generate(byte[], algorithm); Required Actions Use of the Message Hash variable. Use the hash HashUtil.generate functions to compare received with generated hash. See examples in the Message Integrity section of Channel Development Best Practices and Tips. Parent topic: Cure

Mirth® Connect by NextGen Healthcare User Guide

Summary

The following list gives you a snapshot of the current certifications. Select the link in the Criterion Name column to see more details about the certification criterion. Criterion Name Required Extension Electronic Health Information (EHI) Export (b)(10) Enhancement Bundle Role-Based Access Control Authentication, access control, Authorization (d)(1) Role-Based Access Control Auditable events and tamper-resistance (d)(2) Cures Certification Support Role-Based Access Control Automatic access time-out (d)(5) None Emergency access (d)(6) Role-Based Access Control End-user device encryption (d)(7) None Integrity (d)(8) None Trusted connection (d)(9) SSL Manager Auditing actions on health information (d)(10) Cures Certification Support Encrypt authentication credentials (d)(12) None Multi-factor authentication (d)(13) Multi-Factor Authentication Quality Management System (g)(4) None Accessibility-Centered Design (g)(5) Not applicable Parent topic: Cures Certification

Mirth® Connect by NextGen Healthcare User Guide

§170.315(b)(10) Electronic Health Information (EHI) Export

Cures criteria for 170.315(b)(10) Electronic Health Information (EHI) Export. (b)(10) Electronic Health Information (EHI) Export gives the user the capability to efficiently export single and multi-patient EHI in a secure and timely manner. Note: Mirth® Connect by NextGen Healthcare is an interoperability engine and is not exposed to full patient data; instead it passes messages from one entity to another and saves only the information in the message. Note: The CURES(b)(10) criteria requires that no psychotherapy data is included in the export. Since Mirth® Connect only passes data, it is the user's responsibility to exclude all psychotherapy data from the export. Required Extensions: Role-Based Access Control Enhancement Bundle Features that Support the Certification Use of the Role-Based Access Control extension to limit access to protected health information (PHI). Ability to view and search for messages on multiple channels. Required Actions Administrator needs to create roles and

Mirth® Connect by NextGen Healthcare User Guide

Encryption Settings

You can change the default encryption settings for Mirth® Connect as you see fit. The following can be set in mirth.properties: Property Default Value Description encryption.algorithm AES/CBC/PKCS5Padding The algorithm to use for symmetric encryption. This applies to messages, exports, and anything that is used along with the keystore to encrypt / decrypt. You must include the explicit mode and padding settings with the algorithm. The mode must also require an initialization vector. Note: The default value is updated in version 4.3. If you did not explicitly set this property, then no action is needed. Mirth® Connect will automatically start using the new default. If you did explicitly set this property, then NextGen Healthcare highly recommends you to update it to include the mode/padding options as well. Support for "AES" (without any mode/padding specified) will be removed in a future version. encryption.charset UTF-8 The charset to use when encoding textual data into bytes before e

§170.315(d)(12) Encrypt Authentication Credentials

Required Extensions

Features that Support the Certification

Required Actions

Recommendations

§170.315(d)(7) End-User Device Encryption

§170.315(d)(9) Trusted Connection

§170.315(d)(8) Integrity

Summary

§170.315(b)(10) Electronic Health Information (EHI) Export

Encryption Settings

§170.315(d)(7) End-User Device Encryption

§170.315(d)(9) Trusted Connection

§170.315(d)(8) Integrity

Summary

§170.315(b)(10) Electronic Health Information (EHI) Export

Encryption Settings