The newly proposed HL7 profile identifies key infrastructure functions that support management of electronic health records for business and evidentiary purposes, Dougherty says.
For example, the HL7 guidelines note that legal-record functionality criteria overlap with privacy and security requirements under the Health Insurance Portability and Accountability Act of 1996 as well as state laws. According to the HL7 criteria, a legal EHR system must ensure that the identity of users has been verified and access to the system is under a set of specified controls, that information coming into the system via data exchange is coming from a trusted source, and that any change made by a clinician has a recorded attestation.
If your authentication is weak, then someone on the stand (in court) can say, That wasnt me, Dougherty says.
Another problem area with legal e-health records is EHR system vendors, which have not given the concept of a legal record much priority, according to several sources contacted for this story. Dougherty says, with an attempt at diplomacy, that some IT vendors have not yet fully come to grips with the need for results that can be used in a legal setting.
It wasnt a major focus for vendors because they were focused on clinical care, she says. From AHIMAs opinion, as we looked at (vendors) systems, it was a little bit all over the map. There were some core functions in place. Some were stronger than others. There was a lot of variability would be a good way to say it. And purchasers werent making it a priority.
But, Dougherty says, as more and more healthcare systems have adopted EHRs, some of those early adopters raised flags saying we have problems. We cant get this (record) out to take to court.
Auditing changes to a computerized record is a key concern. You want to have a policy of how you amend a record, she says. In the paper world, there were these business rules. You dont want a record thrown out on a technicality because it had Wite-Out on it, so you use permanent ink. Similarly, with an EHR, You dont want it thrown out because a system allows a record to be overwritten.
One key to defending an electronic record is the metadata, the stuff of audit trails, loosely defined as data about data, Dougherty says. Laying down guidelines for the acquisition, storage and reporting of metadata is one of the issues the work group had to address.
Its information that tells you who created a record and when it was modified, she says. Thats what youre reading in case law in the courts, that metadata creates some security and validity. When you dont have that metadata, the courts make some assumptions you dont want them to make. You cant defend yourself.
If you look at it from a pure record standpoint, that audit report becomes a key component to assure validity, Dougherty says.
Spears, whose day job is with Seattle-based Practice Partner, a vendor of EHR systems thats now a unit of McKesson Corp., says a lot of aspects to the HL7 criteria, such as those about creating and retaining audit trails, are already pretty widely implemented by those vendors that have systems tested by the Certification Commission for Healthcare Information Technology. Achieving compliance with CCHIT security criteria caused anxiety and extra work for more than a few software vendors undergoing their first rounds of testing in 2006 and 2007, several EHR vendors said at the time and Spears confirms in an interview for this story.
It was the first time it was formalized, Spears says. Each vendor had done things their own way with their own mechanism. So there was some time needed to get used to it.
Spears says he sees compliance with the HL7 guidelines as a similar process, with little demand, thus far, being generated by the market.
The customer isnt asking for this stuff on metadata, he says. There is going to have to be some education for the vendors and the providers. Were formalizing things for healthcare IT that we havent formalized before.
Not surprisingly, some of the pushback on the criteria balloting came from vendors saying that the initial profile requirements were too general and interpreted as requiring more than is necessary, Spears says.