At the core of the lawsuit behind the request is the plaintiff's allegation that NorthShore emergency room personnel failed in 2004 to diagnose and treat in a timely manner a patient with sepsis and septic shock, according to King. The records request for the patient's subsequent 63-day stay consumed about eight reams of copy paper and filled multiple bankers' boxes, she said.
“Epic is not in the business of producing a paper record,” King said. As a result, she said, the printouts the EHR generated were absent page headers, page numbers and some records contained only a single line of print on an otherwise blank sheet of paper.
Donald Mon, vice president of practice leadership at AHIMA, led a group discussion on AHIMA policy going forward, including whether the association should lobby the industry on including certification of the ability of EHRs to produce legal records as part of the “meaningful use” requirements now being defined under federal rulemaking pursuant to the American Recovery and Reinvestment Act of 2009.
Mon said that the EHR system, when it was first developed, “was positioned as a physician's tool. There was never any intention that the EMR should stand as the legal record.” Should we say strongly to the industry the EMR has to be more than a physician's tool, it has to be a legal record?
Mon said that there are standards in place on how to maintain the paper record as a record for legal business and disclosure purposes, but a lot of those are not uniformly reflected in EHRs on the market.
“There are some systems on the market today that allow you to write over your previous documentation,” Mon said. “If you do that, you'd obliterate what the previous doctor wrote. There are systems out there where you could be the person to enter data in a record and the record will show it was created by the last person who touched it. Right now, there is no uniformity on the market.”
This is not just an AHIMA issue, Mon said in an interview after the panel discussion. “All of the stakeholders here are advocating that those standards should be incorporated into those systems.”
All of the vendors' systems have some form of an audit function, but not all audits are equal, Mon explained.
Application-based audits track changes in the content while system audits store and retrieve who was the author, the data and the time the record was accessed, Mon said. A discussion is under way within the healthcare IT industry on “how deeply do we go with this auditing,” he said. “Some systems go to the record level but not the data element level. It is not clear in the ARRA what level is required.”
Auditing also affects patient privacy rights under the stimulus law, which expanded the requirement that physicians and hospitals and other so-called “covered entities” under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, provide patients on request with an audit of disclosures of their information. The audit requirement now extends to include disclosures for treatment, payment and other healthcare operations.
Rebecca Williams is a registered nurse and a lawyer who specializes in HIPAA and privacy issues at the firm Davis Wright Tremaine, Seattle. A case of medical identity theft there illustrates the point.
Williams said it involves a physician with a drug abuse problem who wrote prescriptions in the name of patients who came through the emergency room of the hospital Williams represents. Williams said she's been asked to track down the movement of the fraudulent prescriptions.
“The intent is to go back to SureScripts, to go back to the pharmacies; the hope and the intent is to go back to people to clean up the record,” Williams said. “When you're looking at one record, you have a fighting chance. Once it exchanges or is being used for data-mining or other purposes, you'd be hard pressed to find out where this piece of information floats. You don't know where it is. It's like trying to unscramble eggs.”
How's it going so far?
“Check back with me in a couple of months,” Williams said.
Debra Nelson, health information management director at the three-hospital Trinity Health System, Minot, N.D., said the system took a low-tech approach to protecting psychotherapy notes, which were granted special protection under HIPAA and must be kept separate from the general medical record.
“With an electronic record, how can you do that?” Nelson asked rhetorically. “How can you be assured they are never released? What we did with them is we kept them in paper so they absolutely positively can't go anywhere. I lost some sleep over it because I knew what I had to do, but didn't want to do it.”
Read more on AHIMA's legal e-health record conference.
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.