Security Issues of the Electronic Ehr and Issues with Converting to an EHR Essay
The digital age is replacing the standard practices at a record breaking pace. With that increase, the need to digitize new medical records and convert existing records is becoming an issue at the top of most organizations “To Do List”. It is important for the organization to realize that both storage practices have the same risks: inappropriate access, record tampering, storage costs, and accessibility.In addition to that, the paper medical record needs to realize and identify the risks of chart legibility, while the Electronic Health Record (EHR) needs to capture that not all computer systems can talk to each other and extensive planning and testing may be required. Once an organization does commit to the EHR migration, it has several obstacles to anticipate, plan and resolve to make the system effective moving forward.
When it comes to record storage, both paper medical records and EHR’s must be diligent in preventing inappropriate access.While the concern exists for both platforms, the security risks are totally different. Some concerns of the paper medical record include: un-authorized staff accessing patient medical records to view and/or copy and the risk of records being stolen or destroyed. With these concerns, larger facilities can isolate the staff’s level of access to the Health Information Services (aka Medical Records) department access. The EHR has other problems to defend against. With the growing movement of digital information comes the increase risk of hackers trying to steal or damage patient information.As far as access from employees, the EHR can be monitored and tracked to see who accesses a chart, this will other prevent unauthorized staff from accessing charts. If the staff member does have access to patient records and has no reason to be in a specific chart, the IT security department can audit the user or the chart to show inappropriate access.
One of the many bonuses of the EHR is the ability to see who accesses a patient chart to ensure the patient’s privacy is protected and secure. In addition, to the patient safety/security, the EHR monitoring and auditing helps the organization avoid federal fines for non-HITECH compliance1.Both forms of record storage can be and are being affected by storage space. The paper medical records need to have physical space to store patient records for a set period of time and then archive storage for the rest of the older records. EHR storage is a different concern; it requires server storage that can be increased and monitored. In addition to the storage, it needs to be setup with built-in contingency resolutions. For example, the storage drives can be setup to write the data to multiple drives to ensure corrupted drives do not affect the patient’s records. Another way to protect the data is daily backups of the data drives.
This will also ensure the data can be recovered in the event of hardware failure. Record tampering, record loss, and legibility can all be affected by the paper medical record, while the EHR has resolved these risk issues. Paper records can be manipulated or lost due to theft, fire, and/or flood. In addition to those risks, even if the record is safe, there is no guarantee that the record is legible, this can leave an organization at great risk in the event of a lawsuit or if a patient needs copies of their medical records. On the other hand, EHR’s auditing tracts and records tampering, or will prevent the entry into the chart.
Additionally, the majority of EHR’s use Computerized Physician Order Entry (CPOE) which allows the providers to click on orders, tests, and documentation. These entries are recorded electronically into the chart. When documenting into the patient chart, the provider will either type directly into the chart or use voice to text dictation software (for example: Dragon, by Nuance). More and more organizations are moving toward the implementation of an EHR. Although it does appear as mature resolution to record storage/access, it does have many hurdles to overcome before enjoying the fruits of their labor.The first steps would be picking an application and having the IT department test and deploy the system.
After that, the health information staff can migrate the paper records to the EHR software by scanning the records and file/identify them into the new digital system. With that new system comes extensive training for the clinical providers, health information staff, and administration. Once the training is completed and the product is ready for the providers to use, it is normal for the providers to see a decrease in performance metrics, due to unforeseen issues and also the learning curve associated with the new process.Metrics should be re-evaluated at approximately 90 days after go-live to give a more realistic view of how the product is being used vs. prior to use2. Once the conversion is complete, facilities can start to capitalize on some of the most important functions of the EHR: the Return on Investment (ROI) that the application can bring in, and remote access for providers.
With the EHR accessing CPOE functionality, it can more accurately bill for services and supplies rendered to the patient.In addition to the billing being streamlined and increased, thanks to federal incentives, most organizations are entitled to financial stimulation as opposed to receiving fines for not moving into an Electronic Health Record3. When the staff is comfortable with the EHR they can begin accessing it remotely to review/complete charting or follow up on a patient. Also, physicians not working in the hospital can access their patient’s chart and test results from their office without requesting charts be faxed and then the waiting period to receive them.
In closing, the implementation of an EHR is a large task for any organization to take on, but once completed, it does offer a wide array of progress, not only for the facility but also for the patient. It removes the risks associated with a paper medical record and provides a secure and more accessible way to store and access patient information, while providing a safer storage solution for the record.References:1 Federal Register /Vol. 74, No. 209 / Friday, October 30, 2009 /Rules and Regulations, page 6. Retrieved from: http://edocket. access. gpo.
gov/2009/pdf/E9-26203. pdf 2 Bell, B. , & Thornton, K. 2011). from promise to reality achieving the value of an EHR. (cover story). hfm (Healthcare Financial Management), 65(2), 50-56.
Retrieved from EBSCOhost. Persistent link to this record (Permalink): http://search. ebscohost. com. lib.
kaplan. edu/login. aspx? direct=true&db=bth&AN=58651790&site=ehost-live 3 Stone, A.
(2011). Government Incentives Will Help With Electronic Health Record Implementation. ONS Connect, 26(4), 26. Retrieved from EBSCOhost. Persistent link to this record (Permalink): http://search. ebscohost.
com. lib. kaplan. edu/login. aspx? direct=true&db=aph&AN=62508585&site=ehost-live