Every Physician and Medical Practice Should Be Aware of These Common Risks and Safeguards for EMRs – Are You? (Part 2)

Guest post by Allan Ridings and Joseph Wager, senior risk management and patient safety specialists, Cooperative of American Physicians.

Part 2 of a two-part series.

Introducing an electronic medical records system into the practice helps the physicians and staff provide more efficient health care by making medical records more accessible to all health care team members. It also brings some risks. In this two-part article, CAP Risk Management and Patient Safety identifies 10 areas of risk exposure and provides some brief recommendations in each area.

Diagnostic Testing

Tracking of laboratory and diagnostic orders and results is more efficient and timely when all orders are processed through the EMR with a bi-directional interface.  If possible, also set up to receive all results back through the system. If fax or paper reports are received, scan and index reports into the system the same day. The EHR system may also be used as a “tickler file” for verification of orders and paper reports. Physicians should see all diagnostic testing whether normal or abnormal.

Confidentiality of HIV/Drug History/Psychiatric Records

Some patient information is protected by law at a higher level. Your electronic record system should maintain this sensitive and legally protected patient data in an additional password-protected, secure area of the electronic records system. This will prevent the accidental copying of this information when a patient’s record request is received.  Again, the vendor can assist in this area. Designate specific staff members who may input and retrieve those reports or data. Tracking is a must for sensitive information.

Telephone calls

Document all communications of physicians or staff with patients in the EHR system.  Personal, non-patient, conversations between staff, however, should not be input into the patient medical record system as they could accidentally be added into “open” records.  All members of the healthcare team need to document patient interactions related to care.

Devise a protocol to assure that after-hours phone calls (between patients, hospitals and the licensed professionals) are entered into the system the following business day to ensure a complete medical record. Offer the patient portal system for staff/patient interaction for administrative functions, appointment requests, email and referrals etc.

Data is NEVER Gone

Electronic medical records save all information into background files that cannot be deleted. This is to meet regulatory requirements and provide data security. Background files tell the story behind the story and may be helpful or hurtful to the physician. These files, also called “metadata” provide information about various aspects of the data – the who, what, when, and where. For example:

•           Did the physician view the alert giving a contraindication for a specific medication?

•           How long did he view the alert before rejecting it and ordering the medication anyway?

•           Was the physician’s note really entered on the date stated – or added a week later?

Selecting the “Delete” or “Remove” key may make everything on the screen disappear. It DOES NOT remove it from the background data files. In other words, data is NEVER gone.

It may be subpoenaed in professional liability cases or in an allegation of a HIPAA violation.


Optimally, patients’ entire paper record is scanned and indexed for easy accessibility. While this is preferred, it is not always possible. The important thing is to develop a policy of how much of the medical record is captured and follow it consistently. Some physicians choose to scan the most recent 18 to 24 months into the active system while the older records are scanned into archive files. Each physician must determine the most pertinent data necessary in providing the best quality of care. Make sure not to overlook documentation of phone calls or medication refills. The scanning of outside medical records becomes crucial with the continuation of care from other physicians and hospitals. Verify that all scanned documents are dated and authored within the system after scanning.

During scanning, periodically test the print/view function to make sure it captures everything entered.

Additionally, once scanned, ensure that the original paper documents are properly stored, offered to patients, or destroyed.

Write a Comment

Your email address will not be published. Required fields are marked *