EHR Download Best Practices Outlined

Tiger Team Makes Recommendations
EHR Download Best Practices Outlined
The Privacy and Security Tiger Team is spelling out best practices for giving patients clear and simple guidance regarding how to safeguard electronic health records when downloading them from a hospital or a clinic.

Proposed criteria for Stage 2 of the HITECH Act's EHR incentive program would require that hospitals and physicians give at least 10 percent of their patients the ability to view and download certain records. The tiger team decided at its July 22 meeting to recommend that the Department of Health and Human Services offer best practice guidance to hospitals and physicians tied to these criteria, including:

  • Reminding patients that they should take steps to protect the downloaded information in the same way they protect other types of sensitive information;
  • Providing links to resources with more information on the download process and how the patient can best protect information after it's downloaded; and
  • Obtaining confirmation that the patient wants to complete the download transaction with the familiar "are you sure you want to do this" message or something similar.

The tiger team also is recommending that providers consider offering patients guidance on precautions to take when actually viewing downloaded records, such as when using a public computer. Plus, the team is recommending another best practice calling for preventing the retaining of cached copies of patient information.

The Health IT Policy Committee will review and vote on these best practice recommendations at its Aug. 3 meeting. These would be guidelines, and not actual requirements, for the EHR incentive program, notes Deven McGraw, co-chair of the tiger team.

Final Stage 2 criteria for the EHR incentive program are expected from HHS early in 2012.

The Markle Foundation's Blue Button approach to downloading information, now in use at the Department of Veterans' Affairs, Medicare and the Department of Defense, offers relevant guidance on important privacy issues, the tiger team notes. The VA is offering a $50,000 prize for expanding application of the Blue Button (see: VA Seeks to Expand 'Blue Button').

In other action at the tiger team's July 22 meeting, the group announced that it intends to begin investigating the privacy issues involved in the secondary use of EHRs, such as for research projects.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.