2013 HCCA: Hidden Liabilities in the EHR

Online Tech is exhibiting HIPAA hosting solutions at booth #919 at the Health Care Compliance Association (HCCA)’s 17th Annual Compliance Institute Conference April 21-24 in National Harbor, MD. The conference draws in healthcare compliance professionals, risk managers, privacy officers, healthcare CFOs and CEOs, and more.

Hidden Liabilities in the EHR
Speakers: Catherine Gray, Director Corporate Compliance, Vidant Health
Yolanda Whichard, Medical Internal Auditor, Office of Audit and Compliance, Vidant Health

Catherine stimulated thought on some of the pitfalls and issues of EHR (electronic health record) systems within hospitals and physician offices. Vidant Health systems works with ten hospitals from small to full-fledge academic hospitals, serving 29 counties in North Carolina.

The biggest pitfalls she points out with some EHR systems are:

Data is in multiple locations, lots of duplications, readers may miss new information just because there is so much information in so many places.
Most nursing documentation is captured in flow sheets that carry multiple dropdown boxes. With dropdown boxes, it becomes very hard to capture unique health items for the patients.
Academic medical institutions occasionally carry forward notes that were made by medical students.
User login and user electronic signature should link to credentials, but don’t necessarily do so each time a care provider logs into their EHR systems. Some programs also won’t recognize credentials when an order is placed. If this happens, Medicaid will deny the order until they receive the care provider’s credentials through the system.
Some patients see EHR as a barrier between patients and their physicians. Particularly it is a long-term doctor-patient relationship, the patient may not feel as if the doctor is listening if they are continuously entering data in a computer.
EHR systems are easier, not necessarily faster when shifting through medical information for a patient.
There is a certain amount of fear with fields that auto-populate. The information must be evaluated before it’s finalized and sent anywhere or carried forward.
Copy and paste features should be used for information that is consistent. Some information that is copied and carried forward in a patient’s EHR file may be coming from information outside of the EHR.

The information is meaningful and reflects the quality of care you give. Patients have access to their information now more than ever; it is key to make it meaningful for them.

The second speaker, Yolanda went on to discuss contractual landmines that may arise in purchasing an EHR system. You cannot trust every contractor of EHR systems you run across. You need to be sure you have covered the following areas in your contract with your EHR provider:

Liability shift
Data ownership
Indemnifications
End user license agreement
Fees (future upgrades and enhancements/ support and maintenance)

Interoperability is key to have between all EHR systems. It has been documented in certain cases, where a patients medical information was deleted from one section of an EHR system, but was not deleted from another section of an EHR. The particular case that was discussed, resulted in unnecessary surgery for one patient.

For a complete guide to HIPAA technical, administrative and physical security, read our HIPAA Compliant Hosting white paper. This white paper explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.