Electronic Health Records
An Overview of the Risks and Risk Management Advice
Choosing An EHR System
Risk Management Issue: To ensure physicians are able to meet the obligations to maintain records in a confidential and secure manner, physicians need to understand exactly where their EHR data will be stored (during and after the contract period with the vendor), who will have access to the data, and for what purpose
Risk Management Tips:
- Ensure the applicable issues addressed above are resolved adequately in the vendor contract.
- Understand applicable state law requirements for EHRs.
- Understand the HIPAA regulations, particularly the Security Rule and Privacy Rule.
- Covered providers under HIPAA should have a Business Associate Agreement with the vendor; noncovered providers should have a similar confidentiality agreement.
- Understand the specific eligibility requirements for governmental funding assistance under the Recovery Act.
- Approach “click and agree” online agreements with caution. Make sure you understand what you are agreeing to before accepting the terms by simply a point and click.
- Seek legal advice to facilitate compliance and for review of contracts with vendors.
Resources To Review Prior To Signing
The AMA has an excellent checklist – 15 questions to ask before signing an electronic medical record or electronic health record agreement. Additional resources include:
- AMA (Home >> Physician Resources >> Solutions Managing Your Practice >> Health Information Technology)
- APA (Home >> Psychiatric Practice >> Quality Improvement >> Electronic Health Records)
- AAFP (American Academy of Family Physicians): Center for Health IT at the AAFP
- AAN (American Academy of Neurology): (Home >> Practice >> Health Information Technology >> Electronic Health Records)
- The Joint Commission Sentinel Event Alert 42 Safely implementing health information and converging technologies
Operating An EHR System
Risk Management Issues:
- To gain improvements in clinical care and patient safety, the various technology components have to be used.
- To be used, the various technology components, such as clinical decision support features, have to be relevant to physicians.
- The vast amount of metadata created in an EHR could be used against the physician defendant.
- Information created by an EHR has to be accurate and useful.
- The confidentiality, security, and integrity of the patients’ electronic records have to be maintained.
Risk Management Tips:
- Utilize appropriate clinical decision support tools, including alerts, guidelines, tracking, and reminder functions.
- If you choose to override or ignore an alert or reminder, document briefly the clinical justification.
- Avoid cutting and pasting.
- Ensure appropriate, applicable templates; understand the automatic populating features and default language.
- Ensure appropriate data input and retrieval.
- Periodically print out a patient record and evaluate for adequacy. Would another clinician (such as a subsequent provider or an expert witness) be able to understand what happened in treatment and why?
- Understand metadata – and the fact that the user’s every key stroke will be tracked and recorded.
- Ensure appropriate security protections on hardware (including portable devices) and software; an example is an automatic lock-out after a specified period of inactivity.
- Ensure compliance with federal and state confidentiality law, including confidentiality agreements with those third parties accessing your EHR.
- Prevent inappropriate access and disclosure; appropriate employee training is key.
Find This Article Useful?
Request More Information from The Program!
You can request additional risk management information, as well as coverage information, to be delivered to you at no cost!Submit Information Request
Do You Know Enough About HIPAA?
To help you learn how HIPAA affects you and your practice, The Psychiatrists' Program offers the HIPAA Help section to make you more familiar with these new regulations.View HIPAA Help