EHRs could leave organizations unprotected in court

April 1, 2006

Electronic Health Records (EHRs) are the future of health information management, and today the calls for a massive industrywide transition to EHRs are even louder.

Electronic Health Records (EHRs) are the future of health information management, and today the calls for a massive industrywide transition to EHRs are even louder.

The early development and implementation of electronic medical record (EMR) and EHR systems have been focused on time-saving features that can offset the cost of the systems and enhance revenue opportunities. However, the basic and well-established elements necessary to create and maintain a valid medical record for clinical, administrative and legal purposes have been overlooked.

First, we have to understand the concept of a "legal" medical record. By "legal" we mean a record that will stand up in a legal proceeding or court of law. Sound principles grounded in case law allow a medical record to be recognized as a legal record instead of hearsay, while basic rules exist for the legality of electronic records. To develop and maintain a "legal medical record in electronic form," these standards must be applied.

DANGEROUS ASSUMPTIONS

Why have these systems been developed and sold in this manner? Many have wondered the same question, especially following HIPAA and the implementation specifications mandated by the Security Rule, as well as increased scrutiny by Medicare.

Most organizations rely on their vendors to sell a compliant product. Others are waiting until the Certification Commission for Healthcare Information Technology (CCHIT) issues standards. However, the proposed standards do not fully address these issues. Until there is a well-publicized court case or governmental audit that exposes the flaws, organizations will proceed with day-to-day business, unaware that they may be generating medical records that do not hold up in court or in a third-party payer audit.

PROTECTING YOUR ORGANIZATION

How can you prevent purchasing an EHR system that does not produce legally valid documentation? The first step is to contact the vendor and ask about the basic functions. The next step is analysis or due diligence to test the EHR system before purchase or after-the-fact if an organization already has an operating EHR system.

You will need to ascertain if the system has a functional audit system that cannot be manipulated and is easy to operate, for example, to obtain accurate reports. This step will go a long way in supporting an EHR's documentation. Next, run tests to determine whether the system accurately documents who performed what documentation, when, where and how. Were "smart keys" or "shortcuts" used to document an entire encounter with one keystroke? Can this shortcut function be "seen" in the audit trail?

The audit trail will reveal what has happened in the record. Once we have the ability to see what has occurred within the system, we will be able to support our documentation both administratively and legally.

Once identified, many issues can be addressed by simply turning on or off certain functions and by implementing policies, procedures and training to prevent the use or misuse of some functions. Adhering to the basic principles of a medical record will go a long way in supporting an organization and its EHRs in court.

Patricia Trites is CEO of Healthcare Compliance Resources, a firm that provides compliance auditing and training services to healthcare organizations. She is also the president of Advocates for Documentation Integrity and Compliance and the author of the Healthcare Organization and Medical Office Compliance Program Guide.