Resource Center

Maintaining Privacy and Security with Electronic Medical Records

The United States federal government is placing a priority on healthcare organizations transitioning from a paper medical records system to an electronic medical records system. Federal regulations have been implemented for compliance with transitioning to an electronic record-keeping system. Further, the Federal regulations also stipulate compliance with existing privacy and security guidelines. Proper risk management and assessment is needed to ensure organizations properly implement electronic record systems while maintaining patient information privacy and security.

Electronic Medical Records Management

Why Do Electronic Medical Records Matter?

A plethora of changes to the healthcare field has occurred as a result of The Affordable Care Act. One such change pertains to patient health record maintenance. The Affordable Care Act is incentivizing healthcare organizations to adopt electronic medical records (EMR) systems because EMRs:

  • ::  Are more efficient, cost-effective, and accessible than paper-based systems.
  • ::  Reduce healthcare costs.
  • ::  Contribute to the prevention of medical errors.
  • ::  Improve the quality of healthcare.

EMR Incentives

If the potential lower costs and easier access isn't enough motivation to transition to using EMRs, then another appeal may be the federal incentives and penalties. For example an incentive such as the Health Information Technology for Economic and Clinical Health (HITECH) Act stipulates that physicians can qualify for $44,000 or more in stimulus payments by adopting and implementing certified EMR systems between 2011 and 2015. The incentives vary based on provider; for example, Medicaid incentives can be as high as $63,750 over a period of 10 years.

Organizations that neglect to adopt EMRs by 2015 will be subject to reduced Medicare reimbursements, which can add up over time. Given that it can take up to 2-4 months to implement an EMR system and 6-8 months to qualify as a meaningful EHR user, it is important for doctors to transition earlier in the incentive period than later.

Meaningful Use & Other EMR Regulations

The Centers for Medicare & Medicaid Services (CMS) Incentive Program define the standards that constitute meaningful uses of EMR systems, which are a set of objectives to be met for eligible entities to receive federal incentive payments. The first component of achieving MU is the adoption of a certified EMR. Certification is governed by the Office of the National Coordinator (ONC) Health Information Technology (HIT) Certification Program. Once an EMR is certified, then it must be meaningfully used. There are three stages of meaningful use, each of which has specific requirements and objectives that must be met. Aside from incentives, the benefits of meeting MU standards are:

  • ::  Complete and accurate patient information: Providers have access to more patient information and health history before beginning an examination, which allows for a more meaningful patient / practitioner interaction.
  • ::  Better access to information: Information can be shared more readily among practitioners across health systems thus improving coordination of care.
  • ::  Patient empowerment: Patients are able to receive electronic copies of their health records and play a more active role in their personal and family care.

Additional benefits to patients and physicians of using EMR systems include:

  • ::  Information processing: Doctor's notes will be more legible, chart data will be increasingly accessible, and the transcription costs will be minimized.
  • ::  Multi-User Access: A single chart will be viewable by multiple entities simultaneous. Imagine a doctor needs to consult a specialist; provided both physicians had legal access to the file, the specialist and physician could both review the file simultaneously to discuss the patient's condition.
  • ::  Automatic Access to Results: X-ray and lab results will be uploaded to a patient's chart / file automatically. This advent will also help expedite the doctor's access to reviewing such results and providing information to the patient.
  • ::  Less Invasive Testing: EMRs with patient medical and testing history will help doctor's know if a test has already been conducted and the results of that assessment, which could eliminate the need to repeat a test.
  • ::  Emergency Care Facilitation: It is unpredictable where a person will have a medical emergency and need immediate care; an EMR system can provide unfamiliar providers with critical patient information in a timely manner.

EMR Systems: Concerns & Approaches

While the list of advantages to adopting EMR systems is ongoing, there are also potential concerns. The concerns relative to making the transition to an EMR system are varied. Aside from implementation issues, the main concern relative to EMR systems is maintaining privacy and security. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes privacy rules that cover protected health information (PHI) and security rules that cover electronic PHI (ePHI). These laws:

  • ::  Regulate how entities can disclose patient information that is either received or created.
  • ::  Grant patient's rights to their PHI.
  • ::  Establish civil penalties for the unauthorized release of patient information.
  • ::  Impose administrative requirements for covered entities.

Implementation Issues

There are a number of implementation issues to be considered namely, choosing an efficient EMR implantation specialist/team, costs associated with implementation, technical issues to name a few. For example, rural hospitals and small practices may find it more challenging to meet EMR "meaningful use" (MU) requirements. Also, most doctors prioritize patient care, not records management, and there are layers of information relative to properly abiding by MU regulations when implementing an EMR system. Thus, to facilitate the shift from paper-based to electric systems, entities of all sizes will need knowledgeable, flexible and adaptive administrative staff.

Security Risks

Compliance with HIPAA laws bolsters patient-physician relationships by fostering a culture of trust. Even unintentional release of PHI can compromise such bonds. Relative to EMRs, the security of the technology used to maintain patient records and the know-how of the stewards of that technology are of critical importance.

The HIPAA Security Rule flexibly allows organizations to create solutions that comply with the Privacy Rule that mold to the individual entity's size, cost, and infrastructure parameters. Administrative entities tasked with the maintenance of EMRs must conduct risk assessments that consider a system's vulnerability to external intrusion.

Management Strategies

Additional safeguards that administrators should implement for EMR systems management adhering to the Security Rule are:

  • ::  Mitigating security measures, which may include: hiring designated security personnel depending on organizational need.
  • ::  Designating authorized entities within an organization to have access to ePHI or to the EMR software.
  • ::  Creating written policies for and train staff on systems usage.
  • ::  Assessing the system continuously for potential risks and making modifications where needed. Establishing safeguards to ensure unauthorized access during ePHI transmission;

A robust EMR risk management system compliant with federal regulations is something that doctors cannot handle alone. Healthcare administrators with valid expertise are in high demand to ensure healthcare organizations abide by federal privacy and security laws and properly implement and maintain certifiable EMR systems according to federal standards.

Utica College is an accredited institution of higher education that offers a progressive Online Master of Science in Health Care Administration with a curriculum that emphasizes fulfilling healthcare organizations' administrative needs. Students will engage in learning the practical uses of their education by creating solutions to handle real-world issues, such as those relative to establishing and managing EMR systems while complying with federal security and privacy laws. The program's online format facilitates students' ability to earn a career-launching degree while continuing to be active members of the workforce. Utica College Online is a perfect fit for those interested in enacting meaningful change and leading advancements in healthcare administration.