Many hospitals and healthcare organizations say they’re committed to moving to a paperless or paper-light environment. Greater document digitization is key to a more seamless flow of information within the healthcare enterprise, increasing worker productivity and reducing costs while also enhancing patient data security and ultimately improving quality of care.
Electronic health records (EHRs) are viewed as a foundational component of this strategy. In 2016, more than 95 percent of all eligible and critical access hospitals demonstrated meaningful use of certified health IT including EHRs, according to Health IT Dashboard. The conventional wisdom would lead some to expect subsequent decline in paper usage, but quite the opposite is happening.
Studies have shown that despite the growing adoption of EHRs and other digital technologies, paper in the healthcare enterprise remains prevalent – and is even growing. Experts say hospitals are seeing as much as an 11 percent increase in their annual print volumes driven by the Meaningful Use program, the Affordable Care Act, ICD-10, and the adoption of electronic record-keeping.
Why is this happening? Sometimes we find that physicians to not yet fully trust EHRs. Approximately 27 percent of a doctor’s time is spent with patients, the rest being spent on office work, documentation and EHRs – a common source of physician frustration. Also, disjointed processes of gathering paper-based information from a variety of points within a facility lead to delays in uploading this information to the EHR – leading to physicians keeping copies of patient files on hand.
EHRs alone are not enough to decrease the mountains of paper in hospitals and healthcare facilities. Organizations should consider augmenting EHRs with the following capabilities:
Integrated Document Workflows
Even healthcare organizations that have achieved late-stage meaningful use continue to print and process high volumes of paper for assorted reasons – from patient admissions and discharge, to belongings and consent forms, to prescriptions and pharmacy records. The benefits of EHRs can only be achieved insofar as they are integrated with digitally-based document workflows – the series of electronic steps by which a process is executed.
Consider physicians submitting prescriptions to pharmacies. When the EHR is directly integrated into this process, it can be automatically flagged if the patient is on another medication or has an existing condition which could cause an adverse reaction. If the EHR is not integrated, the entire process is disjointed and not as seamless and safe as possible. Or, consider the discharge process – when the EHR is integrated, discharging physicians have immediate access to patient files and charts – negating the need to print this information. Furthermore, studies show that “hybrid” paper-electronic workflows are ripe for error.
Guest post by Chris Strammiello, Vice President of Global Alliances & Strategic Marketing, Nuance.
The growing use of smart devices at the point of care exacerbates the dual, yet contradictory, challenges confronting hospital IT directors and compliance officers: Making patients’ health information easier to access and share, while at the same time keeping it more secure.
A major problem is that there are just too many touch points that can create risk when sharing protected health information (PHI) inside and outside of the hospital. In addition to securing communications on cell phones, tablets and laptops, these tools can send output to smart multi-function printers (MFPs) that not only print, but allow walk-up users to copy, scan, fax and email documents. This functionality is why the Office of the National Coordinator for Health Information Technology now defines MFPs as workstations where PHI must be protected. These protections need to include administrative, physical and technical safeguards that authenticate users, control access to workflows, encrypt data handled on the device and maintain an audit trail of all activity.
Accurate, Effective and Secure Use of Patient Information at Point of Care
Hospitals need to adopt an approach that automatically provides security and control at the smart MFP from which patient information is shared and distributed. This approach must also support the use of mobile computing technologies, which are helping to bring access to patient information and electronic health records (EHR) to the point of care. Advanced secure information technology and output management solutions can help hospitals protect patient health information as part of achieving HIPAA-compliant use of PHI with software by adding a layer of automated security and control to both electronic and paper-based processes. These solutions can minimize the manual work and decisions that invite human error, mitigate the risk of non-compliance and help hospitals avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
With this approach, vulnerabilities with capturing and sharing PHI are reduced with a process that ensures:
Authorization — only authorized staff can access specific devices, network applications and resources with password or smartcard based authentication. Network authentication is seamlessly integrated with the document workflow and to ensure optimal auditing and security, the documents containing PHI are captured and routed to various destinations such as email, folders, fax and EHR systems.
Authentication — user credentials must be verified at the device, by PIN/PIC code, proximity (ID), or by swiping a smart card access documents containing PHI. Once authenticated, the solution controls what users can and cannot do. It enables or restricts email or faxing and prohibits documents with PHI from being printed, faxed or emailed.
Encryption — communications between smart MFP’s and mobile terminals, the server and destinations, such as the EHR, are encrypted to ensure documents are only visible to those with proper authorization.
File destination control — simultaneously monitors and audits the patient information in documents, ensuring PHI is controlled before it is ever gets to its intended destination.
Content filtering — automatically enforces security policies to proactively prevent PHI from leaving the hospital by filtering outbound communications and intercepting documents – rendering misdirected or intercepted information unreadable to unauthorized users.