Correction Key Privacy/Security Principle of Meaningful Use 2011 Objectives

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009. The Framework and Meaningful Use documents are available here.

In this series of postings, we reproduce—one at a time—Level 1 and Level 2 descriptions of the eight principles. A Level 1 (L1) description is a “short title and concise statement,” and a Level 2 (L2) description is a “short explanation that further elaborates on the principle, what it is designed to do, and its parameters.”

The second of the eight principles is:

(L1) CORRECTION. Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. [p. 7]

(L2) Individuals have an important stake in the accuracy and integrity of their individually identifiable health information and an important role to play in ensuring its accuracy and integrity. Electronic exchange of individually identifiable health information may improve care and reduce adverse events. However, any errors or conclusions drawn from erroneous data may be easily communicated or replicated (e.g., as a result of an administrative error as simple as a transposed digit or more complex error arising from medical identity theft). For this reason it is essential for individuals to have practical, efficient, and timely means for disputing the accuracy or integrity of their individually identifiable health information, to have this information corrected, or a dispute documented when their requests are denied, and to have the correction or dispute communicated to others with whom the underlying information has been shared. Persons and entities that participate in a network for the purpose of electronic exchange of individually identifiable health information should make processes available to empower individuals to exercise a role in managing their individually identifiable health information and should correct information or document disputes in a timely fashion.