Show Menu

EHR Developer Code of Conduct Cheat Sheet (DRAFT) by [deleted]

HIMSS EHR Developer Code of Ethics

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Code of Conduct

Since its inception in 2004, the Associ­ation has repres­ented its member companies with a single voice on issues that affect our industry, as we collab­orate to represent our collective customers — the vast majority of hospitals and physic­ians’ practices of all sizes and specia­lties across the US with operat­ional EHRs. Recogn­izing the transf­orm­ative power of health IT, we offer this Code of Conduct as a reflection of our industry’s ongoing commitment to collab­orate as trusted partners with all stakeh­olders.

As a company that develops electronic health records (EHRs) and provides health IT software and services, we are committed to the following princi­ples:


Our business practices will emphasize accurate commun­ication about the functi­onality and benefits of our products and services.

Patient Safety

Recogn­izing that patient safety is a shared respon­sib­ility among all stakeh­olders in an increa­singly health IT-ena­bled, learning healthcare system:
We are committed to product design, develo­pment, and deployment in support of patient safety. We will utilize such approaches as quality management systems (QMS) and user-c­entered design method­olo­gies, and use recognized standards and guidel­ines.
We will partic­ipate with one or more Patient Safety Organi­zations (PSOs) (and/or other recognized bodies) in reporting, review, and analyses of health IT-related patient safety events. The exact nature, extent, and timing of our partic­ipation will depend on the outcome of current industry and policy discus­sions; such factors as legisl­ative, regulatory changes, or agency guidance; the availa­bility of the approp­riate recognized organi­zat­ions; develo­pment of standa­rdized defini­tions for safety events; and other implem­ent­ation factors. This work will require close collab­oration with our customers.
We will share best practices with our customers for safe deploy­ment, implem­ent­ation, mainte­nance, and use of our products.
We will notify our customers should we identify or become aware of a software issue that could materially affect patient safety, and offer solutions.
We recognize the value of our customers’ partic­ipation in discus­sions about patient safety. We will not contra­ctually limit our customers from discussing patient safety issues in approp­riate venues. In applying this policy, we will maintain fair and reasonable intell­ectual property protec­tions.

Intero­per­ability and Data Portab­ility

Recogn­izing that data should follow the patient:
We will enable our customers to exchange clinical inform­ation with other parties, including those using other EHR systems, through standa­rds­-based techno­logy, to the greatest extent possible.
We will use available, recogn­ized, and nationally uniform standards to the greatest extent possible in developing interf­aces.

Privacy and Security

We are committed to developing and implem­enting our software, services, and business practices in ways that protect patients’ privacy through the secure and trusted handling of personal health inform­ation.

Patient Engagement

We recognize that EHRs can enable increased engagement by patients and families in their health­care, support patien­t-c­entered healthcare and shared decision making, and we will reflect this unders­tanding in our business practices. Although patients and families are not our direct customers, we appreciate that they are the benefi­ciaries and, in some cases, the direct users of EHR techno­logy.

Implem­ent­ation of the Code

By adopting the Code, we are stating that we will adhere to all of its principles and will have practices in place to apply these princi­ples. Such practices could include educating staff about their obliga­tions under the Code of Conduct; monitoring business adoption; public­izing our adoption of the Code of Conduct to customers, prospects, and partners; and being responsive to questions or concerns related to our adoption of the EHR Developer Code of Conduct.
As customers implement interfaces and work to achieve intero­per­abi­lity, we will share best practices with them about the safe deploy­ment, implem­ent­ation, and use of the supporting tools and techno­logies.
We will work with our customers to facilitate the export of patient data if a customer chooses to move from one EHR to another. We will enable, at a minimum, the export of one or more standa­rds­-based clinical summary formats such as CCD/CCDA (or the then-c­urrent equiva­lent) for all patients.

Clinical and Billing Docume­ntation

Our software, services, and business practices will support our customers’ needs to effici­ently and accurately document care provided.
We will make available to our customers inform­ation about our products’ approaches to clinical docume­nta­tion, coding, and quality measur­ement, examples of which include the coding guidelines refere­nced, conformity with applicable regulatory and docume­ntation standards, or the source of a quality measure.