To be certified for use in the federal electronic health-record incentive payment programs, EHRs should have to demonstrate that they can authenticate the identity of patients looking to view or download their medical records or have their records transmitted to someone else, according to a federal privacy work group.
The Privacy and Security Tiger Team of the federally chartered Health IT Policy Committee met Monday to go over a four-page draft of comments on a pair of proposed rules issued in February by the CMS and the Office of the National Coordinator for Health Information Technology. The proposed rules govern Stage 2 of the Medicare and Medicaid EHR incentive payment programs created under the American Recovery and Reinvestment Act of 2009. The Stage 2 rules are expected to come into use in 2014.
The work group compared privacy and security recommendations that the policy committee previously made to the federal rule writers with what actually showed up in the Stage 2 proposed rules.