Search Briefs


Sign up for Health Policy Brief Alerts


SEPTEMBER 28, 2010

Electronic Health Record Standards

The federal government takes steps to ensure that these electronic systems are strong, secure, and able to communicate with each other.

What's the issue?

Over the next six years, doctors, hospitals, and other clinicians who treat patients on Medicare and Medicaid can earn extra payments from the government if they adopt and make "meaningful use" of electronic health records (EHRs). But to be eligible for the money, the electronic record systems they adopt must conform to strict technical standards and be certified as meeting them.

On July 28, 2010, the US Department of Health and Human Services (HHS) issued its first set of these standards, which are designed to ensure that the systems are secure and reliable. Another key goal is to make certain that data collected by one system is compatible with data collected by another. That way, if a patient approves, health care providers can exchange the information, which will help them operate more efficiently and improve patient care.

But software companies and other developers and users say that meeting the requirements promptly will be a challenge. Of about 100 EHR systems currently on the market, several dozen are expected to be certified in the coming months.

What's the background?

The standards rule is a key element of a national push to get doctors and hospitals across the country to adopt electronic health records by 2014. As outlined in a previous Health Policy Brief (August 24, 2010), under the 2009 American Recovery and Reinvestment Act, up to $27 billion in incentive payments will be given to doctors, hospitals, and other providers who adopt and make meaningful use of these health record systems (Exhibit 1).

Exhibit 1
Download Powerpoint Slide

To carry out the law, HHS issued a package of regulations in the summer of 2010. One was a final regulation detailing what activities constituted meaningful use. A second was the standards regulation. A third laid out procedures for giving temporary authorization to certain organizations to certify that electronic health record systems meet government standards. HHS also updated the federal government's rules on protecting the privacy of patient health information in the emerging new world of nationwide electronic health records.

Making Systems Work Together: The term standards has broad meaning, and when applied to health information technology, it may sound as if it deals with technical requirements for computer hardware. But in fact, the standards set forth by the government pertain to the software used by these systems.

If two different systems use a common standard, they can communicate with each other, or "interoperate." When systems are interoperable, information from one system can be sent into another with little or no translation. It is somewhat analogous to being able to write a document in Microsoft Word on a Windows PC and have it read perfectly by someone using an Apple computer system.

A health care system that uses electronic health records sporadically, and also has no common software standards, can be compared to a tower of Babel. That's largely the situation today in the United States. As things stand, many patient records are still on paper, and it's difficult to get comprehensive data on a lot of patients from them (a process known as "pulling charts"). Compiling that data would also be cumbersome. Even dealing with one patient's records can be difficult when a patient leaves one hospital for another. It's time-consuming and expensive to copy the records or otherwise transmit them to the next hospital through the mail, by fax, or by hand. As a result, vital patient records aren't always shared.

Even where electronic health records are in use today, providers may not readily share data because of different system standards--or in some cases, because no standards or only partial standards are in place. This means that records in one system are not easily transferred to another.
Just as one doesn't need to know about the intricacies of how computer software operates to buy and use it, doctors, nurses, and other EHR users don't need to know about the standards in their systems. But for the people who develop the software and hardware for these systems, standards will now play a more essential role.

Rights To Their Records: For some health care providers, incompatibility among systems is not an issue. They have taken the position that their medical records are their own proprietary information, and they see little need to share them with others. But in passing the Health Insurance Portability and Accountability Act of 1996, and more recently the Recovery Act sections on health information technology, Congress has decreed that patients have a right to obtain the information in their own records.

In the digital age, that means that a patient's records from one health care provider must be able to move seamlessly to another one, and be readily readable and usable there. Once the standards-compliant EHRs are in widespread use, it will become easier to send records securely over the Internet from one doctor's office, hospital, or health system to another.

There are many other reasons to standardize the record systems. More broadly, standardized records that contain information about patient experiences will yield a wealth of information about what works and doesn't work in medicine. The nation may be able to use that knowledge to drastically improve health care or to improve the health of diverse groups of people. Standardization will also make it easier to improve electronic health record systems in years to come.

Certification Is Key: Certification is a way to enforce standards. To earn incentive fees under the meaningful use program, hospitals, doctors, and other eligible practitioners must use certified EHRs. EHRs are certified after passing tests of their functionality, reliability, security, and compliance with the standards.

Federal officials originally launched a certification program to allay some health care providers' concerns about spending thousands of dollars on ineffective or deficient software. In 2005, HHS provided start-up support for a certification organization, the nonprofit Certification Commission for Health Information Technology. Until recently, this was the only organization authorized to certify software in connection with HHS' efforts to promote the use of electronic health records.

Multiple Certification Entities: HHS has modified and expanded the certification program, and has authorized a few organizations to certify EHR systems. The idea is to speed up the certification process and perhaps, through competition, keep down the fees that software developers are charged for certification. To date, HHS has authorized three organizations under a temporary program designed to quickly get the certification process under way. Officials are reviewing applications from other organizations that want to become authorized to certify systems.

What's in the law and the rules?

Many efforts to lay the groundwork for nationwide use of electronic health records began under the George W. Bush administration. In fact, by the time the Obama administration took office, a government-appointed committee known as the Healthcare IT Standards Panel had made considerable progress toward hammering out a set of agreed-upon standards for electronic health record systems. The committee had representatives from industry, government, and other stakeholders who reached agreement on standards through a voluntary consensus process.

When Congress passed the Recovery Act and its health information technology provisions in 2009, it gave HHS the responsibility for developing the specifics of the incentive program and related rules. Building on the health IT policies developed under the previous administration, HHS issued a draft set of rules at the end of 2009, laying out the shape of the program and most of the specifics that would eventually become final.

The final rule on standards was published on July 28, 2010. The standards will become effective in 2011 and 2012, which the administration has designated as stage 1 of its incentive fee program for expanding use of electronic health records. In the coming year, the Office of the National Coordinator of Health IT and its official standards advisory committee will be ironing out rules for future stages. Stages 2 and 3 will raise the technical bar and require hospitals, doctors, and other clinicians seeking additional incentive payments to do even more to advance health and health care through electronic health records.

Achieving Meaningful Use: In the final rule, HHS sought to make clear the linkages between its meaningful use objectives--or requirements for EHR functionality--and the standards associated with those objectives. For example, one HHS objective is for hospitals, doctors, and other clinicians to maintain lists of the medications their patients are taking. To achieve this objective, the hospitals and clinicians must have in their electronic health records at least one medication entry, or a note saying the patient has not been prescribed medicine, for more than 80 percent of their patients.

For an EHR to be certified to hold these medication lists, the developer must demonstrate that a user can record, modify, and retrieve a patient's medication list and store medication histories. But there are many different ways to identify medications. For example, the same medications may have multiple names, and the doses given to patients may be different from the doses produced by drug manufacturers. As a result, under the new standards, EHRs will have to use a medication vocabulary included in RxNorm, a sort of thesaurus about drugs produced by the National Library of Medicine.

Certification requires testing and authorized testing organizations will determine whether certain inputs yield the required results. For example, to test whether the medication list objective has been satisfied, a tester will enter a list of medications, retrieve the list, modify it and store it anew, then check whether the modifications are still part of the EHR record. The test procedures were developed by the National Institute of Standards and Technology, a federal agency.

The standards and certification portion of the meaningful use program has drawn relatively little criticism, partly because of its technical nature and partly because it is just getting under way. But opponents of standardization say that it tends to shut out innovation and reduce the marketplace to a lowest common denominator, rather than rewarding technological leadership. In setting standards, HHS has, in effect, said "my way or the highway" when it comes to EHRs. But at the same time, the department mainly chose standards that had been reached through a broad consensus-making process among the industry, clinicians, and other stakeholders.

Potentially Expensive: EHR developers will have to spend money to upgrade their software to achieve meaningful use objectives and comply with the new technical standards. HHS estimates that a previously certified EHR for hospital use will cost at least $50,000 and probably $138,000 or more to prepare for the new certification. A system for doctors that has never been certified will cost at least $120,000 and probably close to $240,000 to be upgraded; hospital systems will cost perhaps $100,000 more. Achieving meaningful use and technical standards compliance could cost developers and users more than $136 million between now and 2012, the department estimates.

There will be additional costs for testing and certifying these systems. The Certification Commission for Health Information Technology estimates it will cost $33,000 to test and certify a complete vendor-supplied EHR system. All these costs might be passed along to hospitals and providers who seek to adopt the new systems and hope to receive incentive payments as a result.

What's next?

It's not clear, and won't be for some time, whether the push to extend electronic health records nationwide will make this technology an intrinsic element of medical practice in the twenty-first century. At least one IT market research company, Frost and Sullivan, is now projecting that the market for EHRs in doctors' offices will double over three years, growing from $1.3 billion in 2009 to $2.6 billion in 2012. And policy makers hope that doctors and other clinicians will, in fact, come to regard secure exchanges of patient information with their peers as a normal way of practicing medicine.

Even with the regulations in place, and the incentive payments pending, the technological platform to facilitate the sharing of electronic medical records is still being built out. In 2010, HHS has awarded $548 million to states and territories to develop state health information exchanges that will link health care providers within their boundaries. Eventually, the administration hopes to link the state exchanges into a unified Nationwide Health Information Network that could truly make health information exchange seamless across the country.


Buntin, Melinda B., Sachin H. Jain, and David Blumenthal, "Health Information Technology: Laying the Infrastructure for National Health Reform," Health Affairs 29, no. 6 (2010): 1214-19.

Halamka, John D., "An Analysis of the Final Standards Rule," July 13, 2010.

National Institute for Standards and Technology, "Test Method for Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for EHR Technology (45 CFR Part 170 Subpart C)."

U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, "Establishment of the Temporary Certification Program for Health Information Technology: Final Rule," Federal Register 75, no. 121 (June 24, 2010), 36158-209.

U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, "Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology: Final Rule," Federal Register 75, no. 144 (July 28, 2010), 44590-654.

U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, "Standards & Certification," August 30, 2010.

About Health Policy Briefs

Nancy Ferris
(Ferris is a veteran Washington, D.C., journalist specializing in health information technology.)

Editorial review by
John D. Halamka
Chief Information Officer
Dean for Technology
Harvard Medical School

Mark E. Frisse
Professor of Biomedical Informatics
Vanderbilt University

Susan Dentzer
Health Affairs

Ted Agres
Senior Editor
Health Affairs

Health Policy Briefs are produced under a partnership of Health Affairs and the Robert Wood Johnson Foundation.

Cite as:
"Electronic Health Record Standards," Health Affairs, September 28, 2010.

Sign up for free policy briefs at: