ONC invites public comments on credentialing patients for online access to their records

The ability of patients to use health IT tools to access health information and to communicate securely with their providers is a critical part of making healthcare more patient-centered. Accordingly, the panel that advises the Office of the National Coordinator for Health IT (ONC) would like the public to weigh in on how the identity of individuals should be verified when they electronically access their health records.

[See also: ONC pushing Blue Button capability for all patients]

The public comments will be shared with the federal advisory Health IT Policy and Standards Committees as part of a Nov. 29 online hearing on credentialing patients to ensure that patients "are who they say they are" so they can take advantage of Web tools, according to Deven McGraw, chair of ONC’s Privacy and Security Tiger Team.

To meet the requirements of meaningful use Stage 2, healthcare providers will need to more actively engage patients by enabling them to electronically view, download and transmit relevant information from their electronic health records (EHRs).

This could include lab test results, a list of current medications and hospital discharge instructions. Patient engagement also includes bi-directional, secure email with patients.

[See also: ONC asks for comments on HIE standards and specs]

“We want to make sure we facilitate electronic data access and email in a way that protects the privacy, confidentiality and security of that information,” McGraw wrote in a Nov. 8 blog.

In addition to verifying the identity of a patient who is remotely accessing a health record, the panel -- made up of representatives from healthcare, technology, consumer and government organizations -- will explore at the meeting how to issue “digital credentials” without making it too difficult or expensive for patients.

Some patients already may have retrieved their health record online from their physician or hospital. The panel is interested in a description of how that access was granted, for example:

  • Did you have to show up in person at your doctor’s office or were you able to establish the account online?
  • If you were able to establish the account online, what steps did you have to go through to prove your identity?
  • Once you established the account, what steps do you have to go through to access it?
  • Do you believe the process for giving you access to your account will keep your information secure?

Commenters may also recommend other approaches to provide patients with secure online access to their medical information. The public may comment online at the blog link provided above or email ONC directly at .


Add new comment