Making Corrections in EHRs

Tiger Team Recommends Certification Criteria
Making Corrections in EHRs
The Privacy and Security Tiger Team is recommending that electronic health records software certified for the HITECH Act's EHR incentive program should be able to record corrections from patients or providers as well as transmit those corrections to others.

The HIPAA Privacy Rule already requires healthcare organizations to accommodate patient requests for corrections or amendments to their records. But the Tiger Team wants to make sure that EHRs have the technical capability to carry out this mandate, as well as accommodate changes that providers request, such as when they notice errors, says Deven McGraw, co-chair. She's director of the health privacy project at the Center for Democracy & Technology.

At the July 8 meeting of the Health Information Technology Policy Committee, the tiger team will recommend that:

  • EHR software criteria for stage two of the EHR incentive program include a requirement that the applications support making changes/amendments to health information.
  • Criteria for stage three of the incentive program include a requirement that EHRs have the ability to transmit amendments, updates or appended information to other providers.
  • The Policy Committee and the HIT Standards Committee are working on the guidelines for future stages of the EHR incentive program, which ultimately will be approved by the Department of Health and Human Services. Proposed stage two guidelines are due at year's end.

    Legal Obligations

    After lengthy debate during several recent meetings, the team decided not to advocate new policy dictating when providers must report corrections of records to others. Team members concluded that "existing ethical and legal obligations were sufficient to motivate [providers] to use appropriate professional judgment regarding when to inform any known or potential recipients of amendments to health data," according to a draft recommendation letter.

    At its June 16 meeting, the tiger team acknowledged that the standards committee will need to work on standards, implementation specifications and certification criteria to carry out the team's two recommendations once they're ok'd by the policy committee. Also, the team decided to ask the policy committee for more feedback on how to tackle the difficult issue of creating policies and procedures for organizations that run health information exchanges regarding their notification of providers about amendments to records.

    This summer, the tiger team plans to review the various HIE models and consider their privacy implications.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.