Electronic Health Records for Care Managers
Electronic health records (EHRs) function as the primary data infrastructure through which care managers access clinical histories, coordinate across disciplines, document interventions, and satisfy regulatory reporting requirements. This page covers how EHR systems are defined under federal frameworks, how they operate within care management workflows, the regulatory obligations that govern their use, and the boundary conditions that determine when EHR access expands or restricts care manager authority. Understanding EHR structure is foundational to roles described in care manager roles and responsibilities and the broader health information technology in care management landscape.
Definition and scope
Under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, an electronic health record is defined as an electronic version of a patient's medical history maintained by a provider over time, including clinical data such as demographics, progress notes, medications, vital signs, past medical history, immunizations, laboratory results, and radiology reports (Office of the National Coordinator for Health Information Technology, ONC). The Centers for Medicare & Medicaid Services (CMS) extended this definition operationally through the Medicare and Medicaid EHR Incentive Programs, which set Meaningful Use criteria governing what data fields must be captured and exchanged.
For care managers specifically, the relevant scope of an EHR extends beyond the clinical encounter record. It encompasses care plan documentation, inter-professional communication logs, referral tracking, and patient-reported outcome fields — all of which feed the coordination functions described in patient-centered care planning. The Office of the National Coordinator (ONC) classifies EHR systems into two primary certification categories:
- Complete EHRs — systems certified to meet all applicable certification criteria as a single product.
- EHR Modules — discrete components certified to meet one or more (but not all) criteria, typically integrated into a broader health IT ecosystem.
Care management organizations frequently operate through EHR modules rather than complete systems, particularly when embedded in payer or community-based settings rather than hospital environments.
How it works
EHR interaction in care management follows a structured data-access and documentation cycle governed by both clinical and administrative logic.
- Patient identification and record retrieval — The care manager locates the patient record using a Master Patient Index (MPI) or linked health information exchange (HIE) query. ONC's United States Core Data for Interoperability (USCDI) standard, Version 3, specifies 42 data element classes that certified EHRs must support for exchange.
- Clinical data review — Active problem lists, medication reconciliation records, and recent encounter notes are reviewed. CMS Chronic Care Management (CCM) billing codes (CPT 99490, 99491) require that a structured care plan exist within the EHR as a condition of reimbursement (CMS Medicare Learning Network, MLN Booklet: Chronic Care Management).
- Care plan documentation — The care manager enters or updates the longitudinal care plan, including goals, barriers, interventions, and follow-up intervals.
- Cross-disciplinary communication — Secure messaging, referral orders, and transition notes are routed through the EHR's communication module to treating clinicians and community partners.
- Outcome and metric capture — Quality measure data points — such as hemoglobin A1c values for diabetes care management or medication adherence flags — are recorded in structured fields that feed population-level reporting.
- Audit and compliance logging — Every record access event is time-stamped and attributed to the accessing user, satisfying HIPAA Security Rule requirements at 45 CFR §164.312(b) for audit controls (HHS, 45 CFR Part 164).
The distinction between read-only access and write access is operationally significant. Physicians, nurse practitioners, and physician assistants typically hold write privileges for clinical orders. Care managers — depending on licensure and organizational credentialing — may hold write access for care plan fields, social history, and communication logs, but not for diagnostic or prescriptive entries.
Common scenarios
Transitional care management (TCM): Following a hospital discharge, a care manager accesses the inpatient record to retrieve the discharge summary, medication list, and pending follow-up orders. CMS TCM service codes (CPT 99495, 99496) require documented contact and care plan activity within defined post-discharge windows, all of which must be logged in the EHR. This intersects directly with discharge planning and post-acute care workflows.
Chronic disease population panels: In a population health management program, the care manager uses EHR registry functions to generate a panel of patients with uncontrolled hypertension. The registry queries structured data fields — ICD-10 diagnosis codes, blood pressure readings, and pharmacy fill records — to produce a risk-stratified list aligned with frameworks in risk stratification in care management.
Behavioral health integration: When an EHR spans both medical and behavioral health records, 42 CFR Part 2 regulations govern confidentiality of substance use disorder records, imposing restrictions that exceed standard HIPAA rules. Care managers working in integrated settings must navigate dual-consent requirements before accessing or disclosing substance use treatment information, as detailed in behavioral health care management contexts.
Pediatric records: Minor patient records carry state-specific consent restrictions that EHR systems must enforce through role-based access controls, directly affecting pediatric care management workflows.
Decision boundaries
EHR functionality for care managers is bounded by four intersecting constraint layers:
| Constraint Layer | Governing Authority | Operational Effect |
|---|---|---|
| Federal interoperability | ONC (21st Century Cures Act, 2016) | Mandates API-based data sharing; prohibits information blocking |
| Privacy and security | HHS (HIPAA, 45 CFR Parts 160/164) | Defines minimum necessary standard; requires audit logging |
| Substance use records | SAMHSA (42 CFR Part 2) | Restricts re-disclosure without explicit patient consent |
| State licensure scope | State medical/nursing boards | Determines which EHR write privileges a care manager may hold |
The 21st Century Cures Act (Public Law 114-255) established information blocking prohibitions enforceable by ONC, with civil monetary penalties reaching $1 million per violation for health IT developers and up to $100,000 per violation for providers and health information networks (ONC, Information Blocking).
A critical boundary condition involves certified vs. non-certified systems: care management organizations using non-ONC-certified platforms cannot satisfy CMS Meaningful Use or Promoting Interoperability (PI) program requirements, which affects reimbursement eligibility for programs like CCM. Care managers in value-based care and care management contracts face particular exposure here, as EHR certification status directly impacts quality reporting compliance and associated incentive payments.
References
- Office of the National Coordinator for Health Information Technology (ONC)
- ONC — United States Core Data for Interoperability (USCDI)
- ONC — Information Blocking
- Centers for Medicare & Medicaid Services (CMS) — Chronic Care Management MLN Booklet
- HHS — HIPAA Security Rule, 45 CFR Part 164 (eCFR)
- SAMHSA — 42 CFR Part 2, Confidentiality of Substance Use Disorder Patient Records
- 21st Century Cures Act, Public Law 114-255 (Congress.gov)
- HITECH Act — HHS Summary