EHRs: New Risk Management Issues and How to Deal with Them

EdwardKeiperEHRs: The Promise to Simplify and Streamline

By Edward Keiper, President and CEO of Velocity

Electronic health records (EHRs) promise to help simplify and streamline many practitioners’ operations. While transitioning to EHRs makes sense for many reasons, including improving patient care and decreasing medical liability, the move to EHRs can also open up some new risk management issues – and almost all of the risk can be attributed to the potential for human error.

As with paper records, the biggest threat to patient care and security involves human error. Just as a piece of paper can be misfiled, a piece of information in an EHR can be entered into the wrong patient’s profile. However, errors in EHRs may be even more problematic because they often go undetected longer, as it may be harder to spot discrepancies on a screen than it is on a piece of paper.

Just as a hard-copy file can be left open on a desk, a user may fail to logout of an EHR, exposing a patient’s medical information to the wrong eyes.

Some of the most dangerous risk management issues may come from practitioners not checking default or autofilled settings for prescriptions.

Build a Culture That Questions

What can practices do to help avoid some of the risks associated with EHRs? A key strategy is to build a company culture that invites questions.

For example, employees should be encouraged to speak up if they notice an odd notation in a record, such as an unusually high dosage or images that don’t seem to align with a diagnosis. Put procedures in place to ensure that all tests, prescriptions and procedures are ceased until the information is verified.

Practices should make employees responsible for noting and following up on any corrections they have to make in patients’ records – especially if they’re unable to input the changes themselves due to restricted access.

Staffers who flag potentially incorrect information should be rewarded, so others will be motivated to keep a sharp eye out for errors as well.

Computers Aren’t Always Right

Practices should remind staffers that EHRs are designed to manage data, not take the place of decision-making. While many EHR systems are programmed to flag dosages that are too high, people shouldn’t rely on them as a fail-safe. Practitioners should double-check questions about dosages – and not assume that just because information appears in the system that it’s correct.

It’s also critical for medical providers to review certain patient information at every exam, rather than cutting and pasting data from previous visits. Otherwise incorrect information from earlier exams could be carried over.

Be Clear About Access

Practices should have a clear security policy that states who is allowed to access different areas. Employee should use secure passwords – and change them regularly. It’s a smart to consider implementing two-factor authentication for certain kinds of access. For example, have people enter a password, and then use a swipe card.

Managers should ensure that employees know how to fully access all relevant parts of the system. Otherwise patients may be treated based on only partial information.

Finally, practices should work with their IT partner to run regular audit reports to find out who has accessed patient logs and when. In addition, medical providers should ask their IT vendor to ensure that any alerts or error messages within the system are timely and accurate. Users are likely to ignore messages that they believe are too frequent or irrelevant.

This article was originally published in the Velocity blog and is republished here with permission.