EMR Laws & Regulations For Health Care Providers

Here's a comprehensive guide on the general overview of EMR Regulations for health care providers

Free Resource

Medical, EMR & EHR software Pricing Guide


Don’t let price confusion keep you from selecting the best software!

EHR/EMR regulations detail the manner in which health care providers qualify for Medicare and Medicaid EMR “meaningful use” payments under The Health Information Technology for Economic and Clinical Health (HITECH) Act, which in turn is part of the American Recovery and Reinvestment Act of 2009 (ARRA).

These EHR and EMR regulations make direct and indirect reference to the latest regulations issued by The U.S. Department of Health and Human Services (HHS) regarding providers’ security and privacy obligations under the Health Insurance Portability and Accountability Act (HIPAA). EMR requirements fall under both HITECH/ARRA definitions for meaningful use requirements and for HIPAA security rules.

When was EMR Mandated?

In 2009, the HITECH act came into effect requires all healthcare providers to turn patients’ medical records into digital form. The use of electronic medical records thus came into existence. However, it was in January 2014 the rule to have patient records in digital form was mandatory. Failure to comply and maintain EMRs lead to penalties- reduced medicare reimbursement, the percentage which keeps increasing each year, if not compliant.


Federal payments are available for qualifying healthcare providers (referred to as Eligible Professionals (EPs) in federal regulations).

While a maximum of $21,250 of Medicaid EHR / EMR payments are independent of EMR use, the bulk of payments under Medicaid and all payments under Medicare requires “meaningful use” by an EP of an EMR system accredited by a proper certification authority. These electronic medical record regulations are designed to encourage widespread adoption of EMR technology and integration of these capabilities into the health care system. Meaningful Use criteria and rules under these two programs are the same.

It’s critical to note that there are three stages to meaningful use. The deadline for complying with Meaningful Use Stage 1 has passed (October 2012) and deadlines for meeting standards for Meaningful Use Stage 2 have recently been postponed until the calendar year 2014. Meaningful use payments will require compliance with these as-yet unissued regulations.


HIPAA, among other things, offers protection for personal health information, including medical records. The HIPAA law gave patients more control over their health information, set limits on the use and release of their medical records, and established a series of privacy standards for healthcare providers, which provides penalties for those who do not follow these standards.

HIPAA grants patients several fundamental privacy rights over their medical records, as outlined in this HIPAA compliance as part of the rollout of EMR systems.

Certain parties are exempted from HIPAA requirements, which means some medical information may be shared without a patient’s knowledge in limited circumstances. Information shared with other providers in order to treat any patient is always exempted. Full HIPAA regulations are quite complex and are detailed here.

With respect to HIPAA and EHR / EMR requirements, these systems typically use data encryption to protect patient medical records stored on an EMR system. Data encryption technology protects electronic records while they are stored and while they are being transferred, ensuring that only the intended recipients are able to view them.

In addition, while the HIPAA deadline of October 1, 2013, for the transition from ICD-9 to ICD-10 encoding is for hospital treatment inpatient procedures only, integrated treatment plans will increasingly require ICD-10 use by most healthcare providers. Since Stage 3 meaningful use standards have yet to be issued in preliminary rulings as of October 2012, it is unclear whether all providers will require ICD-10 compliance, but it remains a possibility.


Here are some frequently asked questions when it comes to EMR Laws & Regulations For Health Care Providers.

What are the rights of a patient under HIPAA?

Patients have the right to ask for a written notice about how their health information is used and shared, and to view their medical records. They can request a copy of their file, and also request that any mistakes be corrected. In most cases, healthcare providers must produce these documents within 30 days of receiving the request but may charge reasonable fees to cover any expenses associated with making copies, if the patient requests these.

What is meant by Meaningful Use?

Meaningful use refers to a set of standards required for EHRs and outlines how patient information must be exchanged between entities such as hospitals, insurance companies, physicians, etc.