| Law Enforcement Community's Priorities for EMR Function Supports for Management of Health Care Fraud* | ||
| *Excerpted from ONC Health Care Anti-Fraud Project Task Order HHSP23320054100EC Item 2 pp. 56-59 (embedded with link on the left) | ||
| 2. EHRs and information available through the NHIN must fully comply with applicable federal and state laws and meet the requirements for reliability and admissibility of evidence. Recommendations: |
||
| a. Establish standards for the electronic maintenance, submission, and disclosure of health and financial information contained in the EHR. Standards should address completeness, accountability, access and availability, traceability, auditability (verifiability), identification, authentication, non-repudiation, integrity, digital certificate, digital signature, electronic signature, and public key infrastructure. b. Delineate data quality and electronic transmission standards. c. Adopt a national approach to making public key infrastructure and other data security technologies available to all constituents of the NHIN. d. Ensure that access to and disclosure of EHR content and other information available through the NHIN is consistent with health information privacy and security laws and other applicable laws. |
||
| The principle and recommendations originated and are summarized from the Law Enforcement and Prosecution Workgroup. Standards should address: | ||
| Completeness | In developing required, mandatory, or customary data fields of information in EHRs and billing records, the information must include complete information and be sufficient to fully satisfy support and communicate decisions made about services rendered and facilitate automated coding and billing purposes. | |
| Accountability | Users of the EHR (In moving from a paper or hybrid environment to an interoperable HIT system) agree that the EHR/NHIN system must contain executed "terms and conditions agreements" as necessary among all the parties to the electronic process to ensure that all conditions of submission and receipt of data electronically are mutually known and understood, including potential criminal, civil, and administrative penalties for making fraudulent claims or false statements. |
|
| Access and availability | Access must be restricted (closed) to only approved, identifiable users for approved, identifiable purposes. Access to any backup databases must be appropriately maintained and restricted and made available at all times. | |
| Traceability | This key critical principle relates to access and traceability. Access must be restricted (closed) to only approved, identifiable users. The system collects and preserves all transaction (and/or clinical or encounter) information, including: -Content or substance of the transaction (for example, the text of a contract or claim). -The processing of the transaction (such as when and from where a communication was sent and when and where it was received throughout all phases of the transaction recordation/submission process). -Identities of all parties or individuals involved in creating, transmitting, and receiving the record or transaction and the identification of any changes those parties or individuals made to the record or transaction via the digital certificate and signature process referenced below. |
|
| Auditable (verifiable) | The system's electronic processes can be shown to gather, retain, and reproduce data that can be audited and verified to be accurate and to do so reliably and without alteration. | |
| Identification | The EHR and/or interoperable HIT system includes processes to identify and verify the identities of authorized users who input, alter, and/or transmit information as well as the identify of each individual who is a party to an EHR entry or transaction. | |
| Authentication | The system must authenticate the parties and the specific individuals involved in creating, modifying, or transmitting an EHR or transaction. Authentication is defined as a system that enables a recipient to positively verify the signer without direct communication with the signer and subsequently demonstrate to a third party, if needed, that the sender’s identity was properly verified. |
|
| Biometric Authentication | Authentication based on measurement of the individual’s physical features or repeatable actions where those features or actions are both unique to the individual and measurable. This includes authorization of electronic signatures. Furthermore, this applies to records stored offshore in addition to those maintained electronically in the United States. | |
| Non-repudiation | The EHR and/or interoperable NHIT system must ensure that strong and substantial evidence is available to the recipient of the sender’s identity, sufficient to prevent the sender from successfully denying having sent the data. This criterion includes the ability of a third party to verify the origin of the document. | |
| Integrity | The EHR and/or interoperable HIT system must ensure that the recipient, or a third party, can determine whether the contents of the document (EHR and/or electronic transmission) have been altered during its transmission or altered or amended or sought to be amended by any party. | |
| Storage and Security | EHRs and/or data transmitted and retained in an interoperable HIT system must be stored and be secure from access by unauthorized and unidentified persons or users. This applies to data stored in the United States and offshore. Records must be retained - unaltered, readable, and retrievable - and record retention must comply with all applicable laws and regulations. Records are to be readily available and in a readable format in the English language. Regardless of the physical location where the EHR is stored, the EHR must at all times be actually available, by legal process or as otherwise authorized by law, to patients, governmental and private payers, and law enforcement. | |
| Record Retention | Record retention requirements must be a minimum of 10 years. Presumably, patients would want their EHRs to be preserved forever since they represent patient medical history, but this would not be true for transactional/billing records. Law enforcement would need, at a minimum, to replicate current retention requirements for transactional records (that is, 10 years for civil enforcement purposes). | |
| Reliability | Unique EHRs and the interoperable HIT system must reliably and consistently do what they are supposed to do, perform as they are supposed to, use redundant or backup (of all transactions and changes) systems as necessary and therefore be reliable. If the IT system fails, there is a goal of always having access for law enforcement and all other purposes. Either redundant or backup information must be available if the system fails. | |
| Digital Certificate | A digital certificate is a data record that, at a minimum: (1) identifies the certification authority issuing it; (2) names or otherwise identifies the certificate holder; (3) contains a public key that corresponds to a private key under the sole control of the certificate holder; (4) identifies the operational period; and (5) contains a serial number and is digitally signed by the Certification Authority issuing it. | |
| Digital Signature | An EHR or transaction record in an interoperable HIT system must include a digital signature record created when a file is algorithmically transformed into a fixed length digest that is then encrypted using an asymmetric cryptographic private key associated with a digital certificate. The combination of the encryption and algorithm transformation ensure that the signer’s identity and the integrity of the file can be confirmed. This relates to the transmittal, which creates a record/technology and authenticates that it was an unaltered transaction. | |
| Electronic Signature | A method of signing an electronic message that identifies a particular person as the source of the message (or record) and identifies the person’s approval of the information contained in the message. The importance of a focus on the electronic signature is its relevance to traceability to an individual or organization. | |
| Public Key Infrastructure (PKI) | A structure under which a Certification Authority verifies the identity of applicants, issues, renews, and revokes digital certificates, maintains a registry of public keys, and maintains an up-to-date Certification Revocation List. | |
| Private Key | The key of a key pair that is used to create a digital signature. | |
| Public Key | The key of a key pair that is used to verify a digital signature. The public key is made available to anyone who will receive digitally signed messages (records or transactions) from the holder of the key pair. |
|