The Path to Paperless

EMR and Legal Issues — Part 1

Ensuring the security of electronic records.

By Peter J. Polack, M.D., F.A.C.S.

As an increasing number of practices go through the transition from paper charts to electronic medical records (EMR) over the next few years, they will face a host of new legal issues.

Critical decisions will have to be made to ensure the integrity of the digital chart as a "legal" record. In addition, there will undoubtedly be some unprecedented curveballs coming your way on matters of compliance, security and privacy, as well as insurance contractual obligations. When it comes to electronic medical records, your best offense is a good defense.

Following are just some of the key issues to consider in the area of documentation and alteration of electronic medical records:

Creating a Legal Document

Remember, when you write out a medical exam on paper and sign it, you have also created a legal document. We've all been taught the importance of proper documentation and the dangers of altering a medical record. The integrity of a paper chart is a fairly simple thing to determine. But an electronic chart is a bit more complicated.

According to the Healthcare Information and Management Systems Society (www.himss.org), an electronic medical record must be maintained in a legally sound manner, otherwise it can be challenged — a poorly maintained record could be considered hearsay and may not be legally valid.

So, why should you care about that? Because if your EMR doesn't meet the federal or state requirements for a legal record, payors may deny a claim or, worse yet, you may face an increased risk of an adverse litigation outcome. Therefore, it is not only important to prevent your electronic medical records from being altered, you must also be able to demonstrate what procedures your practice has in place to ensure that your records are secure.

Preventing EMR Mischief

How do you prevent an electronic record from being altered?

The ideal EMR system should balance the desires of the user (ability to make changes, correct mistakes, etc.) with the integrity of the medical record. Ask the following questions to determine if the security of records can be safely maintained:

► Does your system keep track of who documented what? You don't want your name associated with another user's entry.
► Does it have a strict but not too time-consuming security protocol? Alphanumeric passwords that must be changed periodically or biometric access?
► Does it automatically time out for inactivity?
► Does it "time-stamp" each entry and produce an audit trail — an unalterable record of every entry and event that would prove the validity and the integrity of the record?
► Does it also have a secure yet practical "lock-out" feature? A typical one might allow the doctor to make changes at the end of the day, but after 24 hours the record would be locked. This may seem harsh but actually serves to protect you by preventing unauthorized changes.
► Does it restrict access to certain templates or features? You wouldn't want a front-desk employee changing patients' intraocular pressures.

Next: EMR Legal Issues, Part 2