Every Physician and Medical Practice Should Be Aware of These Common Risks and Safeguards for EHRs – Are You? (Part 1)

Guest post by Allan Ridings and Joseph Wager, senior risk management and patient safety specialists, Cooperative of American Physicians.

Part 1 of a two-part series.

Introducing an electronic medical records system into the practice helps the physicians and staff provide more efficient healthcare by making medical records more accessible to all health care team members. It also brings some risks. In this two-part article, CAP Risk Management and Patient Safety identifies 10 areas of risk exposure and provides some brief recommendations in each area.


Know your system.  Electronic Medical Record is the term most often used for the electronic system now holding the medical records of the physician’s patients. If patients’ medical data is shared electronically with other facilities, locations, caregivers, and/or billers, the term Electronic Health Record is more accurate. The terms are often used interchangeably. Most articles are using the words “Electronic Health Record.”

Provide updated/additional training periodically, especially after software updates and enhancements.

Security Levels and Passwords

Confidentiality must be maintained in an electronic system just as with paper records.  Administrators and/or the physician in charge should assign the levels of security clearance for the EMR for each staff member based on their individual job function.  Prevent staff access to physician progress notes and prescription templates to avoid the creation or alteration of these areas for their own purposes. Avoid a visit from the DEA, because of the fact that staff are ordering prescriptions for sale in the community. Each person should have their own password and the practice’s policy should forbid sharing of those passwords. Immediately delete the password of any employee who leaves the practice.

Weights and Medications

Confusion in this area may adversely affect medication doses. The amount of medication will be dramatically different based on a patient’s weight of 160 lbs. (pounds) versus 160 kgs. (kilograms). The physician should seek vendor assistance in choosing and securing either a metric or a United States format for weight measurements. Insist on one or the other. Limit your selections electronically. 

If choosing a United States format, employees must play close attention to conversion calculations for medication dosages. Set an expectation that two employees check weight, conversion calculations, and dosage prior to administration to avoid mistakes. This can be especially critical in a pediatric practice.


Employers have responsibility, under Federal law, to train employees in the protection of protected health information (PHI). Each physician’s practice must have privacy and security policies that address patient privacy, preserving the security of data, and confidentiality of patient information. HIPAA violations may occur with EMRs when employees:


Electronic-prescribing (e-Rx) is helpful if it saves the information to the patient’s medical record. To be eligible for incentives, physicians should migrate to all-electronic prescription systems.

Know the source of the EMR’s drug and clinical decision support information.  Continual updates are important if needed to defend the adherence to a specialty’s clinical standards of care or show knowledge of FDA updates and/or drug alerts for medications ordered.

Never order dispensable drugs/supplies from a foreign country for dispensing to patients, this is an FDA violation.

All medication refill requests should be processed through the electronic system.  Care must be taken when the dose of a medication is a change, a “Taper,” or a “Sliding Scale.” It is often necessary to enter these as separate orders.  As a result, at the patient’s next visit, the EMR may only show the last dose, not the progressive order.

One comment on “Every Physician and Medical Practice Should Be Aware of These Common Risks and Safeguards for EHRs – Are You? (Part 1)”

Write a Comment

Your email address will not be published. Required fields are marked *