Moving to electronic record-keeping system won’t make legal issues vanish
Moving to electronic record-keeping system won’t make legal issues vanish
Don’t overlook potential legal conflicts
It’s easy to assume that once a health care provider moves to a completely electronic medical record system, there will be major time efficiencies and improvements in record access that will help to improve clinical care, as well as coding.
However, what HIM professionals need to remember is that electronic records can create a variety of unique problems that might cause regulatory and confidentiality breeches.
"A lot of times, the people who are developing an electronic system have no background in health information management," says Harry Rhodes, MBA, RHIA, director of HIM products and services for the Chicago-based American Health Information Management Association (AHIMA). The people creating an electronic record system may not know about existing state and federal regulations governing how medical records should be established and maintained, Rhodes says.
"Information technology [IT] people know what the technology will do," Rhodes says. "But they may be totally ignorant of the health care environment and how it is different."
For example, from an IT perspective, it makes perfect sense to have a record that a person can re-enter and change as needed. This ensures that the record is up to date and prevents the time-consuming task of having to rewrite the entire set of background information that must be put in each record.
But when it comes to health care records, this type of efficiency will not work in the same way because there are legal rules of evidence that will not permit a medical record to be submitted as evidence if it has been altered or tampered with, Rhodes explains.
Likewise, it might make sense to permit a physician to sign an entire day’s worth of documents with a single keystroke, but this also will not work in health care because regulations require physicians to sign each document individually.
"So conflicts exist between what the technology will allow and the limitations on the records by laws and regulations," Rhodes says. "Just because you can go in and delete files with a keystroke or back-sign 30 documents at once, that doesn’t mean the law will allow you to do this."
When designing or revising an electronic record system, Rhodes says it’s a good idea to pay close attention to the following six areas:
1. Authentication.
This pertains to putting a signature on an electronic document.
"There are laws that tell you how things should be signed and that each document should be signed," Rhodes says.
An electronic record system that is designed to satisfy a law that requires doctors to sign each document individually may have a cursor that the doctor will have to move from the top of the electronic page to the bottom before the doctor can sign.
Also, the system could make certain that only the doctor could sign by requiring a special password code that cannot be shared with anyone.
These types of requirements constrain the use of IT in health care record-keeping, because the technology makes it easy for a physician to sign 30 operative notes with one keystroke, Rhodes explains.
"But the state and federal regulations say, No, the doctor has to go back to each of the 30 documents, read through each document, and sign at the bottom,’" Rhodes says. "That’s an accountability issue."
Make arrangements for record storage
2. Retention.
"What you see happening now is that people are in a big hurry to develop an electronic medical record, and they don’t realize that state laws and federal regulations say they need to keep the document for six years," Rhodes says.
As an electronic medical records system grows, it will require more record management, as well as long-term storage space with access information and an index for retrieving the information, Rhodes explains.
"As people define electronic medical records, they often don’t think about how with a traditional computer you can delete files and archives, but with medical files you must keep records for a certain length of time," Rhodes adds.
3. Confidentiality.
Because so many different health care professionals may need access to health records, it is commonly assumed that the solution is to make the electronic medical record easily accessible.
"But now we’re facing HIPAA [Health Insurance Portability and Accountability Act] mandates to have access controls in place and minimum guidelines in place where people only can view records according to their jobs and roles," Rhodes says.
This is a big difference from the way medical records currently are being accessed, and it could cause health providers problems with controlling access, especially when particular employees need to have access to certain parts of an electronic medical record, but not the entire document.
"There are no easy answers to the administrative burden, and some would call it an administrative nightmare," Rhodes says.
4. Content requirements.
State licensure regulations, federal guidelines, and accreditation standards dictate what should be in medical records, so providers should carefully review these requirements before completing an electronic medical record.
"They may not realize that state law requires them to have a certain type of information in a certain fashion, and they go ahead with the record until they find out [through an audit] that they were supposed to capture this information and didn’t," Rhodes says.
5. Amendment and correction.
Patients now have the right to correct their medical records when mistakes occur, and doctors may need to amend or correct data.
"Because this medical record is a legal document, you can’t have people going in and altering it," Rhodes says. "Normally a document created someplace else and submitted as evidence is considered hearsay, so in order for the medical records to be exceptions to hearsay, they have to follow certain guidelines."
For instance, the record must be made by the person with first-hand knowledge of the case, and the record must be protected from alteration or tampering, Rhodes says. Thus, clinicians cannot simply open an electronic file and delete and change information as they might with a normal word processor file.
The ASTM and Health Level 7 have guidelines for how to make a correction. For instance, the original document always should be saved unaltered in the electronic record. Subsequent versions can be made and saved, but these will show a message that says where the original document is located, and the revised versions need to be identified as amendments or corrections. Also, these changes can only be made by the person who made the original entry.
"So there’s always a control to prevent the record from being altered or tampered with," Rhodes says. "But a lot of times the people building the electronic system don’t build these controls into it when they’re creating it."
Now with HIPAA, there’s the additional requirement that providers must permit patients to request an amendment or correction.
"If you refuse to allow them to make the changes, then the patient can still write a statement as an objection, and that goes into the record now, and the facility can write a rebuttal to the patient’s statement," Rhodes explains.
For example, suppose a physician wrote in the original medical record that the patient is an alcoholic, but the patient objects to that description and requests that it be removed from the record. The physician would respond in writing that this cannot be done because the patient clinically had been diagnosed as an alcoholic. If the patient continues to object, the patient has the option of writing an objection statement that explains why the patient disagrees with the physician’s diagnosis, and this statement will be put in the medical record.
6. Patient control.
Under HIPAA privacy regulations, patients have a lot of control over the record and can restrict access to certain people, Rhodes says. "If it’s a reasonable request, you have to oblige them and place access restrictions on certain files that they do not want shared with certain people."
Providers are required to give patients information about when the record has been released and who has had access to it. So all of these issues have to be designed into the computer application, Rhodes says.
"It will require you to do internal audits and see the names of everyone who has had access to records and what they’ve looked at," Rhodes says. "You’ll need to know who the records were released to, and this information will need to be available for six years."
The solution to reconciling regulatory requirements with the need for electronic medical records is for HIM professionals and others in the health care field to be aware that health records are different from other types of records. There’s not one single authority to govern what can and cannot be done with the records. HIM professionals will need to look at state and federal regulations, as well as accreditation standards.
"When I worked in a facility, we decided to use an electronic signature, and we bought the office system and allowed the radiologist to back-sign all radiology reports," Rhodes says. "We found out that state law wouldn’t allow that, and so we had to go to the manufacturer and ask for a revision so that we’d be in compliance with state law."
These types of changes cost a great deal of time and money, so it’s a better policy to anticipate these issues before a system is either purchased or created, Rhodes recommends.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.