EHR implementations open 'cans of compliance worms'

In case hospitals didn't have enough to do while implementing EHRs in time to earn federal stimulus money, EHRs can open up "brand-new cans of compliance worms," reports AIS' Health Business Daily.

It's well known that the systems they buy have to be certified--according to standards that aren't yet final. And, of course, providers have to demonstrate "meaningful use" of EHRs. That term, likewise, hasn't been fully defined. But the HITECH Act portion of the American Recovery and Reinvestment Act also requires hospitals to define the patient's legal medical record.

"Your decision about what makes up the legal medical record drives what kind of functionality and safeguards and content you have to have," Cheryl Rice, VP and chief corporate responsibility officer for Cincinnati-based Catholic Healthcare Partners. Providers have to come up with a records-retention policy, for example.

Rice also says that hospitals face "four pressing issues" while converting to EHRs: audits and litigation defense--a problem if data aren't structured properly; authentication of orders; cloning--the "copy-and-paste" issue that FierceEMR and FierceHealthIT have addressed in recent weeks; and firewalls to protect specific types of health information.

"Unfortunately, a lot of EHR systems were developed with general access to the medical records," Rice says. If physicians (or other caregivers) are allowed access to the medical record, they can see pretty much anything. That's why firewalls are critical in EHR systems; hospitals must protect the entire medical record and sensitive portions," Rice says of the latter issue.

To learn more:
- check out this Health Business Daily story