April 24, 2012 12:00 AM

Federal privacy work group wants EHRs to verify patient ID

Joseph Conn

To be certified for use in the federal electronic health-record incentive payment programs, EHRs should have to demonstrate that they can authenticate the identity of patients looking to view or download their medical records or have their records transmitted to someone else, according to a federal privacy work group.

The Privacy and Security Tiger Team of the federally chartered Health IT Policy Committee met Monday to go over a four-page draft of comments on a pair of proposed rules issued in February by the CMS and the Office of the National Coordinator for Health Information Technology. The proposed rules govern Stage 2 of the Medicare and Medicaid EHR incentive payment programs created under the American Recovery and Reinvestment Act of 2009. The Stage 2 rules are expected to come into use in 2014.

The work group compared privacy and security recommendations that the policy committee previously made to the federal rule writers with what actually showed up in the Stage 2 proposed rules.

Among several issues addressed in the letter were instances in which the policy committee's recommendations were not included in the proposed rules. One involved a security requirement for patient portals. The policy committee wanted a rule requiring providers to have "at least single-factor authentication for patients using view, download and transmit functionalities" when accessing their records via a patient portal.

The ONC-drafted proposed rule states that authentication should be required for secure messaging, such as sending a referral letter from one provider to another, but that "there is no comparable authentication requirement for patient access," according to the letter.

The policy committee also recommended that EHRs be certified "to ensure information can be securely downloaded" by the patient or a third party at the patient's request, the letter said.

In addition, certified EHRs should be able to append patient-supplied information in both free-text and scanned formats, according to the Tiger Team.

The work group's draft letter (DOC) is available on HHS' website

The next policy committee meeting is May 2. Various work groups are expected at that meeting to present their reviews of the proposed Stage 2 rules.

Letter

to the

Editor

Send us a letter

Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

Recommended for You

Providers confront racial bias engrained in EHRs

Epic outlines what's ahead for patient portal, Cosmos

1	FDA deems Medtronic’s Pipeline Vantage recall ‘most serious’
2	Here are new state healthcare laws taking effect in 2025
3	Medicare spending lower among seniors who switch to Medicare Advantage
4	UnitedHealthcare’s new CEO reflects on tragedy, public scrutiny
5	Hospitals establishing hubs for digital health operations

Federal privacy work group wants EHRs to verify patient ID

Digital Health Intelligence Newsletter: Sign up to receive a twice-weekly (T, F) morning newsletter featuring the latest reporting on technologies, trends, players and money fueling the rapid changes in how healthcare is developed, paid for and delivered.