Making Corrections in EHRsTiger Team Recommends Certification Criteria
The HIPAA Privacy Rule already requires healthcare organizations to accommodate patient requests for corrections or amendments to their records. But the Tiger Team wants to make sure that EHRs have the technical capability to carry out this mandate, as well as accommodate changes that providers request, such as when they notice errors, says Deven McGraw, co-chair. She's director of the health privacy project at the Center for Democracy & Technology.
At the July 8 meeting of the Health Information Technology Policy Committee, the tiger team will recommend that:
- EHR software criteria for stage two of the EHR incentive program include a requirement that the applications support making changes/amendments to health information.
- Criteria for stage three of the incentive program include a requirement that EHRs have the ability to transmit amendments, updates or appended information to other providers.
The Policy Committee and the HIT Standards Committee are working on the guidelines for future stages of the EHR incentive program, which ultimately will be approved by the Department of Health and Human Services. Proposed stage two guidelines are due at year's end.
Legal ObligationsAfter lengthy debate during several recent meetings, the team decided not to advocate new policy dictating when providers must report corrections of records to others. Team members concluded that "existing ethical and legal obligations were sufficient to motivate [providers] to use appropriate professional judgment regarding when to inform any known or potential recipients of amendments to health data," according to a draft recommendation letter.
At its June 16 meeting, the tiger team acknowledged that the standards committee will need to work on standards, implementation specifications and certification criteria to carry out the team's two recommendations once they're ok'd by the policy committee. Also, the team decided to ask the policy committee for more feedback on how to tackle the difficult issue of creating policies and procedures for organizations that run health information exchanges regarding their notification of providers about amendments to records.
This summer, the tiger team plans to review the various HIE models and consider their privacy implications.