Skip to Content

Authenticating health care records – Ohio Rev. Code Ann. § 3701.75

Link to the law
This will open in a new window

All notes, orders, and observations entered electronically into a health care record must be authenticated by the individual who made or authorized the entry; authentication using an electronic signature is permissible if the following conditions are met:

  • The entity responsible for the record adopts a policy permitting the use of electronic signatures on electronic records, which prescribes the following:
    • A procedure by which each user must certify in writing that he will follow the confidentiality and security policies maintained for the system;
    • Penalties for misusing the system; and 
    • Training for users, including an explanation of the system and consequences for not complying with confidentiality and security policies.
  • The entity’s electronic signature system utilizes either a two-level access control mechanism that assigns a unique identifier to each user, or a biometric access control device;
  • The entity takes steps to safeguard against unauthorized access to the system and forgery of electronic signatures; and
  • The system includes a process to verify that the individual affixing the electronic signature has reviewed the contents of the entry and determined that the entry contains what that individual intended.

Current as of June 2015