Electronic Medical Records and Electronic Health Records: Overview ...

2 downloads 21 Views 255KB Size Report
Electronic Medical Records and. Electronic Health Records: Overview for Nurse Practitioners. Patricia C. McMullen, PhD, JD, William O. Howie, DNP, CRNA,.

Electronic Medical Records and Electronic Health Records: Overview for Nurse Practitioners Patricia C. McMullen, PhD, JD, William O. Howie, DNP, CRNA, Nayna Philipsen, JD, PhD, Virletta C. Bryant, PhD, LICSW, Patricia D. Setlow, DNP, FNP-BC, Mona Calhoun, MS, MEd, and Zakevia D. Green, PhD, MSHA ABSTRACT

Electronic medical records (EMRs) and electronic health records (EHRs) have become essential systems by which nurse practitioners (NPs) communicate vital patient information to other members of the health care team as well as to patients. In this article we examine the important distinctions between EMRs and EHRs; review the genesis of these types of records; summarize applicable provisions of the Health Insurance Portability and Accountability Act from a recent legal case centered around NP utilization of EMRs and EHRs; address open patient access to medical information; and examine threats to security. Suggestions are offered on ways in which NPs can safeguard confidential patient information. Keywords: Affordable Care Act, electronic health records, electronic medical records, Health Information Technology for Economic and Clinical Health, HIPAA Ó 2014 Elsevier, Inc. All rights reserved.


lectronic medical records (EMRs) and electronic health records (EHRs) have become essential systems by which nurse practitioners (NPs) communicate vital patient information to other members of the health care team as well as to patients. In this article we discuss important distinctions between EMRs and EHRs and review the genesis of these types of records. Important HIPAA provisions, a selected legal case, open patient access to medical information, and threats to security are considered. Recommendations are offered on ways in which NPs can safeguard confidential patient information. OVERVIEW

Historically, EMRs were the first electronic sources used to digitize patient information.1 EMRs grew in popularity because of the added benefits they have available that are not present in paper charts, including the ability to easily collate and track sets 660

The Journal for Nurse Practitioners - JNP

of information, monitor changes in patient outcomes after implementation of a new practice or procedure, and determine which patients are due for physical exams, procedures, immunizations, and the like. Unfortunately, EMRs are often practice-specific, making it difficult to transfer information to outside groups of providers, to other health care systems, and to patients.1 Because of such limitations, over time, EHRs were developed and gained popularity. EHRs are able to accommodate all of the functions of the EMR and have important added elements. EHRs are specifically designed for information sharing, not only among various types of providers who may be located in a number of settings (primary care, in-patient, emergency department, abroad), but between providers and patients. In a true EHR system, patients can log onto their own records, read and track test results, communicate with providers, and implement changes that ultimately improve their health.1 Volume 10, Issue 9, October 2014


NPs have long partnered with patients in activities designed to improve care and in efforts to have patients adopt healthier lifestyles. An EHR can strengthen such a partnership. According to Menachemi and Collum,2 the advantages of the EHR can be grouped into 3 outcome categories: clinical; organizational; and social benefits. Clinical outcomes focus on the concept of quality in relation to direct patient-care services and treatments. Studies have verified that EHRs can increase the quality of patient-care services and treatments by serving as a platform for readily available access to complete and accurate patient information. Such information can be used to support health care providers in the planning, delivery, and monitoring of patient responses to the services and treatments provided.2 For example, in 1999, the Institute of Medicine released To Err is Human, a report that presented research findings showing a startling rate of medical errors in United States health care facilities. Communication of important health information, such as current medication use, allergies, health history, and other data, were a prime cause of adverse patient events. EHRs are a valuable tool in reducing such occurrences because they facilitate transfer of important patient information.3 Organizational entities within a health care facility, such as health information management, case management, and health care management, are EHR beneficiaries as well. Utilization of EHRs typically increases medical billing and coding accuracy, improves rates of reimbursement from third-party payers, increases job productivity and satisfaction among direct and indirect users of the EHR, and results in a decline in medical errors.2 EHRs not only improve the quality of care, but such systems can also reduce health care costs by improving outcomes, resulting in better management of chronic illnesses, and eliminate the duplication of services.2 EHRs facilitate research by collecting data that can then be collated into larger data sets, leading to more powerful quantitative research studies, the findings of which are more generalizable to other patient situations. Additionally, studies have www.npjournal.org

demonstrated that adoption of EHRs improves provider satisfaction, likely due to such factors as ease of access to information, faster charting times (once the system has been mastered), and retrieval of information from multiple sources.2 EHRs not only affect providers and health care agencies, but they enhance the patients’ ability to follow their own medical plans and insure that the information is available to those designated by the patient, whether it be a “significant-other” or a health care provider. EHRs also facilitate a patient’s ability to review and re-review information contained in the record, to absorb medical information at their own pace, to question what is not understandable, to provide additional information that has not been solicited, and to report additional information concerning activities that lead to a healthier lifestyle, such as joining a health club, receipt of acupuncture, or new membership in a weight-management plan.4 A recent study was conducted by Reed and colleagues to determine whether utilization of an EHR system could positively impact health outcomes among over 169,000 patients with diabetes. Study participants who had access to their health care information demonstrated significant improvements in their hemoglobin A1C values, lipid levels, and frequency of monitoring, particularly among those whose diabetes was not previously well controlled.5 Cautions

Although there are many benefits associated with the use of EMRs and EHRs, some concerns remain. Overall, one of the greatest disadvantages of EHRs is the difficulty in maintaining privacy and addressing security risks. More specifically, viable EHR systems must constantly work to prevent unauthorized patient information access that may originate from internal and external pathways. Internal threats to private patient information may result from such things as poor password management, disgruntled and disloyal employees, and transparent physical security measures. External threats include unauthorized access to protected health information by hackers and theft of electronic devices containing health information.6 The Journal for Nurse Practitioners - JNP


In response to concerns raised about the privacy of patient health care records, the US Congress has enacted 3 important pieces of legislation: the Health Insurance Portability and Accountability Act of 1996 (HIPAA)7; the Health Information Technology for Economic and Clinical Health Act8; and the Patient Protection and Affordable Care Act of 2010 (PPACA).9 This legislation was founded on the principle that individually identifiable health information requires some degree of protection; HIPAA “requires that all patients be able to access their own medical records, correct errors or omissions, and be informed how personal information is shared and used. Other provisions involve notification of privacy procedures to the patient.”10 Five sets of rules (security rule, transactions rule, identifiers rule, privacy rule, enforcement rule) determine what types of information is subject to HIPAA, who may access protected health information, and enforcement measures.11 The Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the adoption and meaningful use of health information technology. Incentive payments are paid to eligible professionals, hospitals, and critical access hospitals participating in Medicare and Medicaid programs that adopt and successfully demonstrate meaningful use of certified EHR technology.12 The PPACA strengthened HIPAA privacy protections and added mandates and incentives for EHRs. It requires health plans to adopt and implement secure, confidential EHRs to standardize billing, and to reduce paperwork, administrative costs, and medical errors. It also called for a federal health program to collect and report data to help identify health care disparities so the quality of care and patient outcomes could be improved.13 The PPACA further provided financial incentives to eligible practitioners (EPs) to address the cost barrier to purchasing and implementing an EHR system in their practice. NPs are EPs under the Medicaid program.14 Other concerns have been raised about the use of EHRs. They are not the answer for every patient 662

The Journal for Nurse Practitioners - JNP

population, because utilization of computerized patient systems may negatively impact those underserved patients who do not have access to a computer or those with insufficient knowledge on how to use a computer. In these instances, it has been suggested that a provider should make patient medical notes, lab reports, and procedural and hospitalization summaries available in paper format to address such barriers.6 Other disadvantages associated with implementation of EHRs include cost, design limitations, training, resistance, and fear of failure.6 Given the ubiquitous nature of EMRs and EHRs in the US health care system, NPs and other providers have questioned whether their legal exposure has increased as a consequence of the adoption of electronic records. Fortunately, research by Victoroff and colleagues in Colorado indicates that lawsuits have not increased.15 More specifically, 894 primary-care physicians insured through the COPIC Insurance Company completed a survey on EHR use. There were no significant differences in the rates of liability claims between EHR and non-EHR users, nor was there a change in liability claims rates after adoption of EHRs. The research team concluded that additional research on EHR use across larger groups of physicians and other providers is needed.15 In the present study we performed a Lexis search containing the terms nurse practitioner, electronic medical record, electronic health record, and negligence or malpractice. Over 70 cases were retrieved and most indicated that EMRs and EHRs are used in ways that are similar to paper records—to determine whether or not the NP gave care that complied with reasonable standards of practice. The following section summarizes one such case. EHRs AND NPs: CASE EXAMPLE

As most NPs will recall, the majority of cases filed against NPs are based on malpractice. Malpractice is classified as a tort, or a civil wrong. To prevail in a malpractice case, an injured patient or his/her representative (the plaintiff) must establish the presence of 4 elements: duty; breach of duty; causation; and damages. Duty is a legal relationship between the plaintiff and the NP, who is usually a defendant in the Volume 10, Issue 9, October 2014

malpractice case. Breach of duty considers whether the NP complied with reasonable standards of care under a given set of circumstances. Evidence, including information in an EMR or EHR, is used to determine whether the care the NP gave was reasonable, thereby complying with reasonable standards of care. Other types of evidence, such as expert opinion, scholarly publications, and the like, may also be employed to determine if the NP’s care complied with accepted standards of care. The causation element refers to whether the actions or inaction of the NP led to the injury of the patient as well as whether the injury was reasonably foreseeable. Finally, the damages element considers whether the patient suffered some type of compensable harm because of the NP’s breach of the standards of reasonable care.16 The case of Joey Wright ex rel. K.B. v United States of America17 provides a useful example of how an EMR was used to determine whether an NP and other providers should be liable for malpractice. K.B. was born at the Choctaw Nation Health Center on December 28, 2008 with undiagnosed hydrocephalus. Over the course of 20 months following her birth, K.B. was seen on 27 occasions by 8 different health care providers, both for well-child care and for a variety of complaints, including frequent vomiting, nasal congestion, bronchiolitis, gastroesophageal reflux disease, fifth’s disease, an upper respiratory infection, and in turning of her right foot. During most of these visits, her head circumference was written, but not plotted on the electronic height/weight/head circumference chart. After discontinuing treatment at the Choctaw Nation Health Center, she was evaluated by 2 other providers before her hydrocephalus was diagnosed. K.B. subsequently underwent a successful shunt placement and at the time of trial she was exhibiting normal growth and development. K.B.’s EMR was introduced into evidence, and it was noted that the height/weight/head circumference chart had not been completed. When her head circumference measurements were plotted, it was apparent that her head circumference had grown disproportionately. The court found that failure to recognize this disparity was a breach of the standard of care. However, the case was dismissed because the plaintiff www.npjournal.org

failed to establish that K.B. suffered permanent damage as a consequence of this breach.17 RECOMMENDATIONS

Current trends and laws support the prediction that the availability and everyday use of EHRs and EMRs will increase significantly over the next 10 years.18 It will become increasingly important that NPs and other health care providers consider the following recommendations when delivering patient care that is supported by computerized health information systems: 1. Patient information that is of a sensitive nature should never be transferred by e-mail or text, unless it can be guaranteed that the intended receiver is the only one with access to the account.19 2. Before disclosing patient information of any kind where the recipient’s identity cannot be guaranteed, use predetermined passwords or identifiers.19 3. Get informed consent to use patient data for audit and management purposes.19 4. Use an “opt-in system” rather than an “optout system” and get informed consent from patients to convert their paper records into digital files.19 This system should include the impact on payment, where EHRs are required for third-party payment. 5. Inform patients of the level of risk involved in using EHRs and that their privacy cannot be guaranteed.20 6. Provide mandatory ongoing professional development for all health care workers on maintaining patient privacy in an electronic environment.21 7. Follow-up with the reporting agency in the event any information is deemed incomplete or in error.19 8. Ask questions and verify the accuracy of any information that can identify individual patients, including the 18 personal identifiers in HIPPA’s Privacy Rules, unless it is mandated.19 9. Avoid transmitting any information that can identify individual patients, including the 18 personal identifiers in HIPAA’s Privacy Rules, unless it is required.22 The Journal for Nurse Practitioners - JNP



1. Inquire about whether your practice uses an EHR and, if so, whether the EHR is covered by a health care provider or health plan that is bound by HIPAA. Reassure the patient that their personal information will be carefully guarded.20 2. Federal and state laws are in place to safeguard patient privacy, but patient confidentiality cannot be completely guaranteed when EHRs are used. Reassure all patients that providers must strictly adhere to current HIPPA Security Rules to help safeguard all electronic health information.19,23 3. Encourage all patients to express any concerns they have regarding the protection of their personal information. POLICY RECOMMENDATIONS

1. Expand the authority and resources of the Office of Civil Rights to manage HIPAA infractions and penalize the offending health care entities who violate HIPPA.21 2. Patients should be able to continue to maintain their ability to limit medical disclosures. However, health care providers should have electronic alerts that inform them that the patient has elected to withhold information that could potentially impact the patient’s care.24 3. In emergency situations, if the patient is unable or unwilling to provide sensitive information, an EHR should have a 1-time access feature built in to allow the provider access to the complete record, which will no longer be available after the emergency is resolved.24 CONCLUSION

Available literature indicates that EMR systems have the potential to improve the quality of care delivered to patients in a given health care system. Contemporary research indicates that the utilization of EMRs and EHRs will lead to improvements in the health care organization’s patient workflow efficiency, provider satisfaction, comprehensiveness of care, as well as the overall quality of care provided.25-27 Studies focusing on the content of EHRs are needed, particularly in the areas of NP practice and 664

The Journal for Nurse Practitioners - JNP

patient self-documentation. One future research area is to compare the documentation of different health care professionals in terms of core information solicited by research or public health authorities. A challenge for both communication among caregivers in the same city and for health record projects worldwide is to take into account all the different types of EHRs and the needs and requirements of different health care professionals and consumers during the development of EHRs to encourage optimal interoperability. A further challenge is the use of international terminologies to achieve semantic interoperability so that EMRs and EHR information can be utilized regardless of where critical health information in needed. References 1. Garrett D, Seidman J. EMR vs HER—what is the difference? Office of the National Coordinator for Health Information Technology (ONC). http://www. healthit.gov/buzz-blog/electronic-health-and-medical-records/emr-vs-ehrdifference. Updated January 4, 2011. Accessed May 12, 2014. 2. Menachemi N, Collum TH. Benefits and drawbacks of electronic health record systems. Risk Manag Healthc Policy. 2011;4:47-55. 3. Institute of Medicine. To Err is Human. Washington, DC: National Academy Press; 1999. http://www.iom.edu/w/media/Files/Report%20Files/1999/ToErr-is-Human/ To%20Err%20is%20Human%201999%20%20report%20brief. pdf. Accessed August 1, 2014. 4. Institute of Medicine. Key Capabilities of an Electronic Health Record System: Letter Report. Washington, DC: National Academy Press; 2003. http://www. iom.edu/Reports/2003/Key-Capabilities-of-an-Electronic-Health-RecordSystem.aspx. Accessed August 1, 2014. 5. Reed M, Huang J, Graetz I, et al. Outpatient electronic health records and the clinical care and outcomes of patients with diabetes mellitus. Ann Intern Med. 2012;157(7):482-489. 6. Amatayabul MK. Electronic Health Records: A Practical Guide for Professionals & Organizations. 5th ed. Chicago, IL: American Health Information Association; 2011. 7. Public Law 104-191. The Health Insurance Portability and Accountability Act of 1996. August 21, 1996. http://aspe.hhs.gov/admnsimp/pl104191.htm. Accessed August 1, 2014. 8. Public Law 111-5. The Health Information for Economic and Clinical Health (HITECH) Act. February 17, 2009. http://www.hhs.gov/ocr/privacy/hipaa/ understanding/coveredentities/hitechact.pdf. Accessed August 1, 2014. 9. Public Law 111-141. The Patient Protection and Affordable Care Act. March 23, 2010. http://www.gpo.gov/fdsys/pkg/PLAW-111publ148/pdf/PLAW111publ148.pdf. Accessed August 1, 2014. 10. HIPAA101.com. HIPAA 101 Guide to Compliance Rules and Laws. http://www. hipaa-101.com. Accessed August 1, 2014. 11. Office for Civil Rights. The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment. http://www.hhs.gov/ocr/ privacy/hipaa/understanding/special/healthit/safeguards.pdf. Accessed August 1, 2014. 12. U.S. Department of Health and Human Services, Centers for Medicare & Medicaid Services, Medicare and Medicaid Programs. Electronic Health Record Incentive Program. http://www.dhcs.ca.gov/Documents/OHIT/EHR% 20FINAL%20RULE.pdf. Accessed August 1, 2014. 13. U.S. Department of Health and Human Services. Key Features of the Affordable Care Act by Year. http://www.hhs.gov/healthcare/facts/timeline/ timeline-text.html. Accessed August 1, 2014. 14. U.S. Department of Health and Human Services, Centers for Medicare & Medicaid Services. Regulations and Guidance: Eligibility. http://www.cms. gov/Medicare/Quality-Initiatives-Patient-Assessment-Instruments/pqrs/index. html. Accessed August 1, 2014. 15. Victoroff MS, Drury BM, Campagna EJ, Morrato EH. Impact of electronic health records on malpractice claims in a sample of physician offices in Colorado: a retrospective cohort study. J Gen Intern Med. 2012;28(5):637-644.

Volume 10, Issue 9, October 2014

16. Schwartz VE, Prosser WL, Kelly K, et al. Prosser, Wade and Schwartz’s Torts, Cases and Materials. 12th ed. St. Paul, MN: Foundation Press; 2010. 17. Joey Wright, as next of kin for K.B., a minor, Plaintiff, v United States of America, Defendant. Case No. 12-CIV-320-RAW. 2014 U.S. Dist. Lexis 44523 (U.S. Dist. Ct. Ed. OK, 31 March 2014). 18. Lobach DF, Detmer DE. Research challenges for electronic health records. Am J Prev Med. 2007;32(5 Suppl):S104-S111. 19. Lowth M. Confidentiality in the modern NHS: Part 2. Practice Nurse. 2013;43(11):49-52. 20. National Health Service of Great Britain. Confidentiality: NHS Code of Practice. http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/codes/ confcode.pdf. Accessed August 1, 2014. 21. Jacques LB. Electronic health records and respect for patient privacy: a prescription for compatibility. Vanderbilt J Entertainment Technol Law. 2011;13(2):441-462. 22. U.S. Department of Health and Human Services. Office of Civil Rights. Guidance Regarding Methods for the De-identification of Personal Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. http://www.hhs.gov/ocr/privacy/ hipaa/understanding/coveredentities/De-identification/guidance.html. Accessed August 1, 2014. 23. Polito J. Ethical considerations in internet use of electronic protected health information. Neurodiagnostic J. 2012;52(1):34-41. 24. Grady A. Electronic health records: how the United States can learn from the French dossier medical personnel. Wisc Int Law J. 2012;30(2): 374-400. 25. Wang SJ, Middleton B, Prosser LA, et al. A cost-benefit analysis of electronic medical records in primary care. Am J Med. 2003;114(5):397-403. 26. Shepard J. Using electronic medical records to increase the efficiency of catheter-associated urinary tract infection surveillance for National Health and Safety Network reporting. Am J Infection Control. 2014;42(3):e33-e36. 27. Zheng NT, Rokoske FS, Kirk MA, Lyda-McDonald B, Bernard SL. Hospices’ use of electronic medical refords for quality assessment performance improvement programs [published online ahead of print March 15, 2014]. J Pain Symptom Manage. http://dx.doi.org/10.1016/j.jpainsymman.2013.11.010.


Patricia C. McMullen, PhD, JD, CRNP, FAANP, is dean and ordinary professor at the Catholic University of America in Washington, DC. William O. Howie, DNP, CRNA, is a nurse anesthetist at the R. Adams Cowley Shock Trauma Center in Baltimore, MD, and can be reached at [email protected] ummm.edu. The remaining authors are employed at Coppin State University in Baltimore, MD. Nayna Philipsen, JD, PhD, RN, LCCE, FACCE, is a professor at the Helene Fuld School of Nursing; Virletta C. Bryant, PhD, LICSW, is an assistant professor of social work at the College of Professional Studies; Patricia D. Setlow, DNP, FNP-BC, is an assistant of professor at the Helene Fuld School of Nursing; Mona Calhoun, MS, MEd, RHIA, FAHIMA, is chairperson of the Health Information Management Program; and Zakevia D. Green, PhD, MSHA, LHRM, RHIA, is an assistant professor at the College of Health Professions School of Allied Health and Health Information Management. In compliance with the national ethical guidelines, the authors report no relationships with business or industry that would pose a conflict of interest. 1555-4155/14/$ see front matter © 2014 Elsevier, Inc. All rights reserved. http://dx.doi.org/10.1016/j.nurpra.2014.07.013

The Journal for Nurse Practitioners - JNP