RM Services
Frequently Asked Questions
Office Practice Risk Evaluations
 Arbitration
Self-Evaluation Toolkit
RM Articles
CAPsules Editions
CME Program/Schedule
RM Questions
RM Materials / Forms
RM Alerts
Case Of The Month - Past Issues

 

SETTING THE RECORD STRAIGHT - THE PHYSICIAN’S LEGAL OBLIGATIONS IN USING ELECTRONIC MEDICAL RECORDS
by Thomas C. Hughes, M.D.,
FACOG, OB/GYN Fullerton, CA.

ELECTRONIC MEDICAL RECORD PHYSICIANS, BY LAW, HAVE DUAL OBLIGATIONS TO:
  1. PRESERVE INTEGRITY AND
  2. SAFEGUARD CONFIDENTIALITY OF THE MEDICAL RECORD
As an OB-GYN in an ever-expanding, eight physician practice, the decision to convert to electronic medical records was borne of necessity. In a growing practice such as ours, paper records simply became impractical. Not only did we face problems associated with limited storage capacity, but it became increasingly difficult to quickly access the medical record, making a task as simple as returning a patient’s phone call both inconvenient and time-consuming.

Now, when I return calls or examine a patient, I have immediate access to the patient’s entire medical record, including patient history, progress notes, and recently ordered labs and pathology reports. There is no more searching, waiting and rifling though the medical record for crucial information. Ease of access, efficiency, and continuity of care are the obvious benefits to physicians, staff and our patients.

That’s the good news! However, a lot of research and effort went into getting our office where it is today.

Legal Obligations: Data Integrity and Patient Confidentiality

Selecting an EMR program for your practice is a personal choice based on your individual practice needs. Nonetheless, there are some general features that any physician considering change to an EMR must consider because physicians, by law, have dual obligations to:

  1. preserve the integrity of the medical record, and,
  2. safeguard confidential patient information.
For the purposes of this article, we will refer to the State of California requirements for clinics, health facilities, etc., which implement the use of EMRs 1 . While these requirements do not refer specifically to physicians’ offices, they still serve as useful guidelines for physicians who wish to implement electronic record-keeping.

Preserving the Integrity of the Medical Record

As it relates to electronic information, preserving integrity involves two distinct goals (1) guarding against loss, and 2) ensuring that once data is entered, it is unalterable.

The California Health & Safety Code delineates several practical measures to guard against loss and alteration:

  • Medical records stored on an electronic medium should also have an off-site back-up storage system. Off-site storage is recommended in addition to onsite storage as crucial data can be lost due to hardware or software malfunction. NOTE: Any part of a medical record that cannot be stored electronically must be maintained in its original form.
  • Electronically stored records must be printable in response to a patient’s request for a copy of the medical record. Moving to the EMR does not relieve a physician of his or her obligation to ensure patients’ access to medical records.
  • Anti-virus software and office policies regarding restrictions on putting new software on office computers help prevent the corruption of medical records.
  • The EMR system should contain a mechanism that produces an image of patient signature documents to record patient consent, authorization or other written requests. A hard copy of an Arbitration Agreement, however, must be kept as proof that the patient signed an Agreement containing the state-mandated red print.
  • If, in a lawsuit, a patient’s attorney questions the integrity of the medical record, the physician must then attempt to prove that the electronic medical record was never altered. A mechanism to ensure that once data is entered, it is unalterable will make the physician’s electronic medical record much more defensible. Many programs deny a user re-entry after “signing off” or after a limited time allotted for review of entries. Those programs, however, usually also include an “append” function that allows later corrections and/or additions and records the actual date and time the changes were made.

NOTE: Some physicians, in their eagerness to consolidate paper records, attempt to simply copy medical records onto CDs. The assurance of unaltered records is difficult to prove when medical records are copied to unprotected CDs – a Risk Management concern!

Safeguarding Confidential Patient Information

In the age of HIPAA, protecting personal health information is a priority. The prudent practitioner will implement strict policies and procedures in the office practice, and enforce them, to guard against access of medical information by personnel who have no “need to know.” Here are some practical guidelines.

  • Protect access to the electronic medical record by having policies regarding password use. Your EMR should have an automatic log off function that turns the computer off if left alone for any extended period of time.
  • “Tiered-access” to the medical record restricts staff access to specific portions of the medical record on a “need to know” basis.
  • Alerts that highlight “sensitive information” cautions staff and help prevent the inadvertent release of information that is specially protected under California law (e.g., HIV tests, mental health records).

It Does Make a Difference!

Virtually every task in my office is now streamlined and simpler. For example, we receive laboratory results and pathology reports electronically through encrypted transfer. Abnormal labs and reports are highlighted on the computerized report, ensuring that critical values are seen first. And, once reviewed by the physician, the physician’s name, date, and time of review is automatically logged.

Contemporaneous documentation during the patient encounter is also made easy. In our office, each examining room is equipped with a computer terminal where the physician can document during or immediately following the patient exam. In this setting, confidentiality is preserved through triple password-protected access and a timed, automatic log-off function. As an additional measure, we’ve attached privacy screens to every computer monitor in our office.

These are but a few of the features that we value in our practice. Although implementation and adaptation are not without problems, making the change was definitely a worthwhile decision.

Further articles and helpful information about implementing the EMR is available on the California Medical Association’s web site at: www.cmanet.org.


1 CA Health & Safety Code §123149

Back to top of page

 

All contents of this Website © 2003 Cooperative of American Physicians, Inc./ Mutual Protection Trust