Center for Improvement in Healthcare Quality Newsletter
September 2021


Dating, Timing and Authenticating Entries in the Medical Record

By: Kim McGuire
Do you remember when the electronic health record was introduced, and we all thought it was going to be a “paperless system”? Remember when we thought that the EHR would be the cure for the dating, timing and authenticating issues of the paper medical record? Me too!
But now, with many medical records being a hybrid of paper and electronic formats, not only does dating, timing and authentication of entries remain a hot topic from a regulatory perspective, but there are also some unique challenges that arise as well.
Let’s talk a little bit about paper charting first. When staff or providers are documenting on paper, whether it is during a downtime process or perhaps a service line that is not integrated into the EHR, dating and timing of entries, as well as authentication is essential to establishing a timeline of care, including an insight into patterns of behavior and a timeline of patient condition changes. It is also important for patient safety and quality of care. It can also be easily overlooked or forgotten, especially when utilizing a hybrid chart or downtime procedure, and the EHR automatically does this task for the staff member and provider.
Not only is dating, timing, and authentication of entries required per CMS §482.24(c)(1), meeting the requirements for other regulatory standards often depends on proper documentation of the date and time an entry is made in the medical record and authenticated. Some examples include date and time of the history and physical, pre- and post-procedure notes, medication administration and follow up assessment, and many more.
Dating, timing and authentication of entries using the EHR also requires some attention to ensure regulatory compliance. The hospital must establish a method to identify the entry’s author, just like with the paper record. In addition, there must be policies in place to ensure electronic codes for authentication are only used by the author of the entry. With use of the EHR, the hospital must also be able to demonstrate how alterations to entries after authentication are prevented.
Auto-authentication is a process by which a provider authenticates an entry that cannot be reviewed by them, i.e. the entry is not transcribed or the entry cannot be displayed in the EHR. This practice is not consistent with meeting the requirement, as there must be a process to determine that the provider authenticated the entry after it was created. “The practitioner must separately date and time his/her signature authenticating an entry, even though there may already be a date and time on the document, since the latter may not reflect when the entry was authenticated” (CMS, 2020, page 275). If an electronically generated document, prints the provider’s review, including date, time and authentication, this requirement would be met. It is when an electronically generated document only reflects the date and time of the event, such as an EKG printout or lab report, that the provider must either document the review on the printout itself with date, time and authentication or incorporate the review into another document that is dated, timed and authenticated, such as a daily progress note or history and physical.
This also leads into the discussion of dating, timing and authenticating of continuous notes, also known as rolling or running notes. If a note is started by a practitioner and reflects different phases of care, each entry for the different phases of care must have the date and time the entry was entered into the document. This allows the medical record to reflect an accurate timeline of when care took place and it allows for an evaluation of regulatory compliance for each phase of care.
One final consideration when it comes to dating, timing and authenticating entries in the EHR; many documents, depending on the EHR used, can reflect multiple times and sometimes dates. For example, an H&P can have an initiation time, a finalized time, authentication time and edit times. Be aware of what those times mean. Is there a delay with dictation and being able to view the document in the medical record, so authentication may be delayed? Is the document available prior to a procedure and if not, is there alternative documentation to meet regulatory standards? This understanding of the EHR used, and the dating, timing and authenticating documentation may help you understand the flow of documentation more thoroughly and also may assist you when reviewing medical records for regulatory compliance.
Medical records are ever evolving in every healthcare setting and may appear a bit different in each organization, but one thing remains constant – the need to date, time and authenticate every entry made for patient safety, continuity of care and regulatory compliance.


Centers for Medicare and Medicaid Services, (2020). State Operations Manual, Appendix A – Survey Protocol, Regulations and Interpretive Guidelines for Hospitals. Retrieved from
View Other CIHQ-ARS Blog's at