EHR Download Best Practices Outlined
Tiger Team Makes RecommendationsProposed criteria for Stage 2 of the HITECH Act's EHR incentive program would require that hospitals and physicians give at least 10 percent of their patients the ability to view and download certain records. The tiger team decided at its July 22 meeting to recommend that the Department of Health and Human Services offer best practice guidance to hospitals and physicians tied to these criteria, including:
- Reminding patients that they should take steps to protect the downloaded information in the same way they protect other types of sensitive information;
- Providing links to resources with more information on the download process and how the patient can best protect information after it's downloaded; and
- Obtaining confirmation that the patient wants to complete the download transaction with the familiar "are you sure you want to do this" message or something similar.
The tiger team also is recommending that providers consider offering patients guidance on precautions to take when actually viewing downloaded records, such as when using a public computer. Plus, the team is recommending another best practice calling for preventing the retaining of cached copies of patient information.
The Health IT Policy Committee will review and vote on these best practice recommendations at its Aug. 3 meeting. These would be guidelines, and not actual requirements, for the EHR incentive program, notes Deven McGraw, co-chair of the tiger team.
Final Stage 2 criteria for the EHR incentive program are expected from HHS early in 2012.
The Markle Foundation's Blue Button approach to downloading information, now in use at the Department of Veterans' Affairs, Medicare and the Department of Defense, offers relevant guidance on important privacy issues, the tiger team notes. The VA is offering a $50,000 prize for expanding application of the Blue Button (see: VA Seeks to Expand 'Blue Button').
In other action at the tiger team's July 22 meeting, the group announced that it intends to begin investigating the privacy issues involved in the secondary use of EHRs, such as for research projects.