In response to Joseph Conns CCHIT holds release of IT system testing criteria":
Thank you for your continuing coverage of the fast-changing electronic health-record domain. The statement about the particulars in the Office of the National Coordinator for Health Information Technologys report entitled " Recommended Requirements for Enhancing Data Quality in Electronic Health Records Systems was inaccurate.
For that report I served as prevention work group chairman under the project chairman, Dr. Don Simborg, and the requirement referred to, providing for an auditor user type, was most definitely anything but a back door. It was to enable strict controls on auditing, whether internal or external, to also protect patients and physicians from a reported current practice of giving auditors administrative access to EHRs for their auditing tasks and purposes. Such access gives that auditor virtually unlimited access to look wherever they might want to go.
A specifically configured auditor user type, with practice-set restrictions, could strictly limit where, when and how far an auditor can look. Furthermore, an organizations internal clinical, compliance or risk management auditor should clearly have different access and confidentiality protections than someone from an insurer or a recovery audit contractor.
Hopefully this helps clarify the intent of the item inaccurately referred to, especially as the Certification Commission for Healthcare Information Technology struggles to acclimate to a higher level of need and scrutiny. Thank you again for your coverage of these historic changes.
Reed D. Gelzer, M.D.Advocates for Documentation Integrity and ComplianceWallingford, Conn.
What do you think? Submit a letter to Your Views. Please include your name, title, company and hometown. Health IT Strategist reserves the right to edit all submissions.
Also, please share your thoughts by taking our latest HITS reader poll.