Best Practices for EHR Downloads

HIT Policy Committee Endorses Tiger Team Recommendations
Best Practices for EHR Downloads
The Health IT Policy Committee has endorsed best practices for giving patients guidance regarding how to safeguard electronic health records when viewing or downloading them, such as through a hospital's or a clinic's portal.

Proposed criteria for Stage 2 of the HITECH Act's EHR incentive program would require that at least 10 percent of patients at a hospital or clinic can view, and have the ability to download, certain records. Final Stage 2 criteria for the EHR incentive program, along with best practice recommendations, are expected from the Department of Health and Human Services early in 2012.

The HIT Policy Committee at its Aug. 3 meeting accepted best practice recommendations for hospitals and clinics from its Privacy and Security Tiger Team, including:

  • Providing patients with clear and simple guidance regarding the use of the view and download functionality;
  • Reminding patients that they should take steps to protect the downloaded information in the same way they protect other types of sensitive information;
  • Providing links to resources with more information on the download process and how the patient can best protect information after it's downloaded;
  • Obtaining confirmation that the patient wants to complete the download transaction with the familiar "are you sure you want to do this" message or something similar;
  • Offering patients guidance on precautions to take when viewing records on a public computer and a reminder to log off after viewing; and
  • Requesting that vendors and software developers configure the view and download functionality in a way that no cache copies are retained after the view session is terminated. Also, vendors should provide an auto log-off function.

    Guidelines, Not Requirements

    All of these are guidelines, and not actual requirements, for the EHR incentive program, notes Deven McGraw, co-chair of the tiger team. "The tiger team felt that providers would want flexibility with respect to the type of guidance provided to patients," the team said in its formal recommendation to the committee, which advises HHS.

    The tiger team recommends providers review the Markle Foundation's policy brief on its "blue button" records download approach as well as the guidance provided to patients using the Department of Veterans' Affairs and Medicare's blue button offerings. The VA is offering a $50,000 prize for expanding application of the blue button (see: VA Seeks to Expand 'Blue Button').


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.