- At the heart of many Stage 2 requirements is patient access to EHR, but how those patients are actually going to retrieve and download to those records often isn’t included in discussion. Now, the Office of the National Coordinator for Health Information Technology (ONC) is trying to engage healthcare providers and their patients to get more information.
Deven McGraw, JD, of the Privacy and Security Tiger Team of the Health IT Policy Committee, wrote yesterday on HealthITBuzz.com that CIOs need to know how to credential patients and provide them the tools to connect with their healthcare providers for any EHR questions. McGraw referenced bi-directional, secure email with patients and that ONC “wants to make sure we facilitate electronic data access and email in a way that protects the privacy, confidentiality, and security of that information.”
These were the two questions ONC asks of providers:
- What steps should we be taking to make sure that the person who is remotely accessing the record is the actual patient (or that patient’s authorized representative)?
- How can we reliably issue these “digital credentials” without making it too hard or too expensive for patients?
ONC also wants to know patient online account capabilities, such as whether they had to prove their identity and if so how, the type of access they have to the account and whether they believe the account to be secure. ONC needs to be proactive in gathering both provider and patient information regarding online EHR access and bringing these questions forward isn’t a bad start.
The Tiger Team and the Privacy and Security Working Group of the Health IT Standards Committee will host a web hearing on Oct. 29 on credentialing patients (verifying patient identity to make sure that in an electronic environment, they are who they say they are) to enable them to take advantage of new online tools.