Legal/Compliance

November 17, 2011

Health Information Exchanges and Physicians Share Accountability for Safe Patient Care

The $800 billion 2009 American Recovery and Reinvestment Act (ARRA) set aside $36 billion toward health information technology (health IT) initiatives, including over $500 million for the State HIE Cooperative Program.  This federal program provides funds to each state for the successful planning and development of infrastructure that supports the exchange of electronic health data between physician electronic health records (EHRs), hospital EHRs, lab systems, radiology centers and other clinical IT systems.    For example, in Texas we are using these funds to support the development of local health information exchange entities, called HIEs, across the state and to concurrently develop the policies, standards and infrastructure needed to safely/securely connect these HIEs to each other.     The statewide HIE network will also be built to be compatible with national standards and efforts.      

Each state's effort to develop a network of community HIEs and/or a statewide HIE will be more successful with physicians involved upfront with governance and policy development.   When working with local HIEs most physicians will generally understand and appreciate the importance of protecting the privacy and security of electronic patient health information.  Their inherent knowledge on this issue will help guide policies in the right direction.   A more complex issue for physicians to understand is the relationship between HIEs and patient care.   A heightened awareness of this issue will allow physicians to properly inform HIE policymakers about the need to establish an environment where local HIEs, HIE networks and physicians share accountability for safe patient care.   

To deepen physician's understanding of this issue I encourage them and others to think about an HIE as a tool physicians use as a part of patient care, similar to a surgical tool.   If a patient is harmed by a surgical tool that broke because the physician used it incorrectly, the physician is negligent.  If the physician used the tool correctly but it still broke, but it has only broken 8 times in over 10,000 surgeries and the patient consent explains this remote risk of breakage, then no one is negligent.  However, if it broke and the issue had been reported to the vendor by many physicians on a repetitive basis, but the vendor failed to investigate the issue and fix the problem, or failed to inform physicians and patients of the increased risk in the meantime, then the vendor is negligent. 

This perpsective will help physicians advocate for policies that lead to an environment where HIEs and physicians share accountability for safe patient care.   Effective policies will lead to contracts and agreements which acknowledge that:

  1. HIEs and HIE infrastructure are tools used by physicians during the course of patient care
  2. HIEs are responsible for informing patients and doctors about the inherent risks of  the electronic health information exchange including changes in risks when issues are identified
  3. HIEs have a responsibility to continually monitor for and mitigate risks associated with their services that may impact quality of care provided by physicians

 

Posted at 08:00 AM in ARRA/Stimulus Funds, Current Affairs, EHR, EHR Risks, Health Information Exchange, Leadership, Legal/Compliance, Meaningful Use, Safe EMR Use | | Comments (1) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , ,

|

August 25, 2011

Community HIE decisions are best made in collaboration with local physicians who use EHRs

Physicians who use electronic health records (EHRs) in their offices are increasingly being called upon in their communities to participate in the development of local health information exchanges (HIEs).    During the early stages of HIE planning there are important decisions that are best made in collaboration with local physicians.   As with any health information technology usage, the anticipated benefits of exchanging electronic health data must be balanced against the inherent risks of the technology.   Physicians who use EHRs already have valuable experience with some of the inherent risks associated with electronic health data usage, but may not have experience with the clinical risks associated with the exchange of electronic health data.    The following case scenarios are intended to raise awareness and understanding of key patient safety risks associated with the clinical use of electronic personal health information (PHI) that could be obtained through a community-wide HIE.  

Conflicting data scenario:  A nurse records a penicillin allergy in the hospital EHR when a patient experiences GI symptoms after receiving a penicillin injection.   The next day, the patient is seen by her primary care physician (PCP).   After reviewing the history, the PCP is convinced that the reported symptoms were unrelated to the penicillin injection.   She records “No Known Allergies” in her office EHR.   The local HIE retrieves “allergies” from both EHRs and displays this patient’s allergies as both “no known allergies” and “penicillin.”  

In such cases, the physician will have to reconcile the data by considering the sources, dates, and times of each and decide whether additional investigation is necessary.   

Segmented data scenario (this applies only if the HIE will allow patients to exclude some or all of their data as a part of the consent process):   For privacy reasons an HIV patient decides to exclude his diagnoses from the HIE which results in a problem list so that it does not disclose his HIV status.   He also excludes data from two sources: his psychiatrist and a psychiatric hospital.   This patient had suffered an episode of neuroleptic malignant syndrome secondary to an antipsychotic medication a year ago while under the care of the psychiatrist at that hospital.   Since records from the psychiatrist and hospital are excluded, the HIE will not contain this information.   A physician viewing the patient’s information through the HIE will see no record of the patient’s susceptibility to a life-threatening event from a certain class of medications.  

Informing the viewing physician that the patient has excluded some data from the Problem List and some data from both a physician and a hospital may prompt important additional questions and dialogue with the patient that could prevent an avoidable adverse event.  

 Clinical Risk Management

Community-wide HIE initiatives are increasingly turning to local physicians who use EHRs to assist with assessments of both the benefits and risks associated with the clinical use of electronic health data shared across their community.  The clinical risks outlined in these scenarios can be managed through the following principles: 

1.  An HIE must provide physicians access to the source, date and time for all displayed data

 2.  An HIE must alert clinicians when data or data sources are excluded  

  • The alert should specify the type of data (“lab results”) or type of source (“hospitals”) that have been excluded from the HIE through the patient consent process

3.  An HIE must inform physicians about:

  • The patient consent policy used by the HIE (and of policy changes when they occur
  • A list of the specific types of data they are generally able to access through the HIE
  • A list of the specific sources of data that the HIE exchanges with

Posted at 08:00 AM in Current Affairs, EHR, EHR Risks, Health Information Exchange, IT Physicians, Legal/Compliance | | Comments (1) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

|

July 13, 2011

Modifications to the HIPAA Privacy Rules Under HITECH Will Burden Small Physician Practices

The HITECH Act requires HHS to revise the HIPAA Privacy Rule to remove the exclusion for Accounting of Disclosures for treatment, payment and health care operations to the extent that the disclosures are made through an EHR.    In addition, it requires HHS to determine what information is to be collected and then included in these disclosures.    In 2010 HHS published a Request For Information (RFI) to seek comments on individual’s interests in learning of disclosures, the burdens on Covered Entities in accounting for these disclosures and the capabilities of current technologies to facilitate disclosures.    The resulting proposed rule is an attempt by HHS to balance the individual’s privacy rights against the burdens on Covered Entities.    HHS is accepting comments on this proposed rule up until August 1, 2011. 

At a high level, it appears that the proposed rule primarily does two things:

  1. Provides individuals a right to request a new "Access Report" that lists who has accessed their PHI in an electronic designated record set (which is basically medical records, billing records, or other electronic information that is used for payment or treatment decisions) for any purpose including for treatment, payment and health care operations.    The proposed rule limits the information in an Access Report to content which is already required by the Privacy Rule to be collected.    The assumption is that limiting content in this manner will enable a more automated process by which Covered Entities could produce an Access Report and that this would therefore ease their burden.
  2. Makes changes to "streamline" the Privacy Rule's current Accounting of Disclosures provision, such as limiting the types of disclosures that must be accounted for.     As with the Access Report, HHS showed consideration to the burden placed on Covered Entities by making a number of changes to the individual's existing right to an Accounting of Disclosures that would make it easier for Covered Entities to comply with the requirements.   

Despite these positive changes, the proposed rule significantly underestimates the burden on small physician practices.    Although I agree that these changes do, in general, ease some of the burden on Covered Entities, it is primarily the large healthcare systems that will be able to leverage these changes to their advantage.    I do not believe that these changes sufficiently ease the excessive burden on providers in small practices who do not have the resources to leverage the changes to their advantage.    

HHS uses the assumption that limiting content in the Access Report to that which is already required to be collected [i.e. in an EHR] will enable a more automated report and therefore ease the burden on Covered Entities when an individual requests a report.  This assumption is misleading because it assumes that all Covered Entities have the resources necessary to produce a report that meets all the requirements.   According to the proposed rule, the Access Report must meet certain specifications as defined in the rule, must consolidate content from multiple systems if they exist, must allow individuals to limit their requests to specific time periods or persons, and must be made available in an electronic format as requested by the individual if possible.    Although the information in the Access Report is limited to content already required to be collected, EHR vendor products are not required to provide an automated process to produce an electronic report that meets the proposed rule’s requirements.     Therefore, it will not typically be a simple automated process to produce the report.     Instead, the Covered Entities will have to produce the report through a manual process in which some technical skills are needed to design and configure the report to meet the proposed rule’s specifications, to consolidate content from multiple systems, to customize the report to meet requested limitations and/or to re-format the report.   

For example, programming skills will be needed to create an Access Report from a typical EHR that produces an automated audit log that only shows the User’s ID when a record is accessed, but not the individual’s name as required for the Access Report.    In that case the report must be re-configured to map the actual name of the individual in place of the recorded User ID.    As we know, when one change is made in an electronic report, other changes may be needed to accommodate the change.    In this example, mapping content from the NAME field to the USER ID field might also require the report writer to increase a character limit in the USER ID field so as to not cut off long names.    This second change could cause the report to extend beyond the set margins of the report’s design, therefore requiring the report writer to change the design of the report.    A small practice will not typically have someone with the expertise to program such a report and will therefore have to hire an IT consultant.

Covered Entities must utilize the time and effort people who have the needed technical skills to meet the proposed rule’s reporting requirements.    The difference between small practices and large providers is the availability of technical expertise to do this manual work.     Most large healthcare systems and some large physician practices have an IT Department or employ IT personnel who have the expertise and skills needed to design, configure and format reports.    For large entities, the Access Report does not create a significant new burden because they already have the expertise to produce their reports. But very few small physician practices have the resources necessary to do this.     So in order to produce an Access Report, a small practice will have to hire outside resources to design, configure and format the reports at variable costs.    The actual cost will be dependent on the complexity of each report and the IT consultant’s hourly rates ($100-$250/hour).     As the proposed rule is currently written, a small practice will typically have to hire external resources, at their own expense, to write the report and then be required to provide the report at no cost to the requesting individual.

As acknowledged in the proposed rule, the Accounting of Disclosure is recognized by HHS to be more complex and will require a “manual, expensive, and time consuming process for Covered Entities and Business Associates.”   One purpose of the new Access Report is to be an alternative to Accounting of Disclosures in order to mitigate this known burden of disclosures.    Nevertheless, the Access Reports will still require “manual” work that involves technical skills and will be a significant burden on small practices.    Also, since the Accounting of Disclosure reports are more complex they will require more manual work and technical skill than Access Reports.    The burden of disclosures on small practices will therefore be much greater than for large systems that already employ the technical expertise to design, configure and format the reports.

 In summary:

  1. The proposed rule requires small practices to provide requesting individuals with a new Access Report which places excessive burden on small practices at an unreasonable cost.    The burden of producing an Access Report should be on the vendor’s EHR product and not on the physician.     The proposed rule should be modified to require small practices to provide the system’s automated audit log, as configured by the vendor, if available, from any of their systems that store PHI.    The burden should be placed on the vendors to configure their products to produce automated reports that meet the specifications and requirements.    If a small practice has to hire IT consultants to design and configure or modify an Access Report, they should be allowed to charge the individual for the actual costs incurred.
  2. This proposed rule also requires small practices to provide requesting individuals with an Accounting of Disclosure which also places excessive burden on small practices at an unreasonable cost.    The burden of producing Disclosure reports should be on the vendor’s EHR product and not on the physician.    The burden should be placed on the vendors to configure their products to produce automated reports that meet the specifications and requirements.    If a small practice has to hire IT consultants to design and configure or modify an Accounting of Disclosure report, they should be allowed to charge the individual for the actual costs incurred.

Posted at 11:56 AM in ARRA/Stimulus Funds, Current Affairs, EHR, Legal/Compliance, Meaningful Use, Physician Adoption | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

|

April 01, 2011

Private E-mail Communications Between Physicians and Patients—Identity proofing, Authentication and Encryption

Case study:   A plaintiff claims that his physician sent him an e-mail with poor medical advice that led to an adverse medical event.  The defendant physician agrees that the e-mail in question provides grossly negligent advice, but claims that she never sent such an e-mail.   Unfortunately, the physician had been using her own, personal home e-mail program to communicate with patients without using encryption or authentication software.  A costly investigation eventually proved that the e-mail had originated from an unknown third-party spammer who used a technique called “spoofing” to insert the physician’s e-mail address into the "From" field in the e-mail that was sent to the patient.

Although this physician avoided a malpractice suit, she bore the financial burden of a technical investigation to prove the e-mail was not from her. This is only one example of a number of privacy and security issues with physician-patient e-mail. But these problems are avoidable and e-mail can be safely used if the physician can be sure of four things:

  1. They are using the authentic e-mail address of the patient
  2. A message received from the patient has actually been sent from their authentic e-mail address
  3. Each message (sent or received) has not been changed while traversing across the Internet
  4. Only the physician and the patient are able to read each other’s e-mail messages

E-mail encryption programs and secure messaging programs both provide safeguards that ensure this level of privacy and security needed for physician-patient e-mail.   From a legal perspective, these technologies, when combined with appropriate procedures of use, make it very difficult for someone to successfully repudiate (deny sending or receiving) an e-mail in a legal situation.   As noted in this case, regular home and business e-mail programs do not typically include such safeguards.

The Texas Medical Board (TMB) specifically requires physicians to “authenticate” patients prior to initiating e-communications, and to only use e-communications with established patients.   Although the TMB does not specify how this is to be accomplished, the procedure typically involves “identity proofing” patients during an office visit.   Patients physically present themselves to an office staff member who is authorized to register new “users” into the physician’s secure e-mail system.   After being registered in the system, the patients will receive the “credentials” that allow them to receive and send messages through that system.  The type of e-mail system used by the physician determines the type of “credentials” the office will provide.  The credentials may be a password, a biometric feature (i.e. finger print), or a physical device such as a CD, smart card, or thumb drive that contains a password “key”.

After the patient is identity proofed, secure e-mail systems are able to use built-in “authentication” technologies to ensure:

  • a message received has actually been sent from the credentialed patient’s mailbox
  • a message sent or received has not been changed while it traveled over the Internet
  • a message sent can only be received and decoded by the credentialed patient.

Taking care to set up authentic e-mail accounts with identified patients and using an e-mail program (encrypted e-mail or secure messaging) that includes "authentication" technologies are necessary to establish the trust needed when engaging in private medical conversations.   In addition, these work flow procedures and technologies will help the physician stay within HIPAA regulations that require encryption when PHI is sent over the Internet.

Posted at 05:07 PM in Current Affairs, E-mail, EHR, EMR products, Legal/Compliance, Meaningful Use | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , , ,

|

November 30, 2010

Physicians Use E-mail With Patients Safely By Avoiding Misuse, Mishandling and Medicolegal Issues

Effective communication is a hallmark of patient satisfaction with their physician as well as with quality outcomes.  It is not surprising that surveys reveal more than 90% of patients desire to e-mail their doctors.  Physicians, however, are tentative about moving forward. In a 2009 survey by the Texas Medical Association, only about 20% of physicians reported the use of e-mail with their patients.

Those of us who do successfully use e-mail with patients know that we must be attentive to the risks involved to use e-mail safely. We also recognize that in order to use this technology efficiently we have to think about our work flow and be smart about redesigning it.  The risks of using e-mail with patients can be categorized into misuse, mishandling and medicolegal issues.

Misuses of physician-patient e-mail include:

  • seeking or providing new diagnoses/treatments
  • using e-mail with new patients with no previous face-to-face encounter
  • communicating on sensitive matters such as HIV, sexually transmitted infections, genetics and mental health
  • using e-mail for urgent or emergent issues
  • writing long, complex messages
  • using e-mail attachments with formats that patient’s computers may not be able open and read
  • forwarding e-mails from patients without their consent
  • advertising or promoting goods and products through e-mail

Mishandling issues with physician-patient e-mail include:

  • problems with e-mail triage or distribution within the office such as failure to adhere to established protocols or meet expected turn-around times for actions/replies
  • physicians using their personal e-mail accounts to send e-mail to patients
  • misunderstandings by patients/office staff regarding over who actually received, sent or replied to messages (authorship issues)

Medicolegal, privacy and security issues include:

  • failure to properly identify patients and verify e-mail addresses
  • privacy breaches
  • security problems with the e-mail system or related computer systems
  • not getting e-mail communications into the patient’s medical record
  • repudiation issues (i.e. patient denies sending or receiving an e-mail)
  • accountability issues
  • legal e-discovery issues
  • medical liability associated with diagnoses/treatment
  • failure to follow Texas Medical Board rules, HIPAA regulations or other on privacy/security regulations

These issues are certainly not insurmountable.  With an awareness and understanding of the rules, regulations and guidelines published by one’s state medical board, HIPAA, professional societies and other professional organizations such as the AMA, a physician can develop a set of policies and procedures to safely and efficiently use e-mail with their patients.  The procedures should include oversight mechanisms, adequate training of staff, adherence to privacy and security regulations, appropriate identification and authentication of each patient who consents to the use of e-mail and patient education to clarify what the physician will allow e-mail to be used for.  Patients should also be educated on how the office will manage e-mail messages and on what the expected turn-around times for replies will be.

Posted at 10:31 PM in E-mail, Legal/Compliance, Safe EMR Use, Work Flow | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , ,

|

October 26, 2010

Enhance Safe Use of EHRs By Aligning Implementation To Quality Goals

Safe use of electronic medical records (EMRs) is enhanced when physicians focus their EMR implementation on quality of care improvements.  Effective communication among the staff about these key goals creates a positive environment that serves as a catalyst for successful use of the EMR.  In addition, large healthcare systems and small physician offices are both less likely to encounter patient safety issues when they align their health information technology (IT) strategies to quality of care goals.  

Case Study:  Several years ago the leadership of an Accountable Care Organization (ACO) formed between a local healthcare system and a multi-specialty physician group began working collaboratively on a common vision for patient safety excellence.  System-wide integration and use of medication reconciliation were top priorities.  The EMR used by the hospitals have an ambulatory component that meets all of the critical requirements determined by the physician board members.  If implemented, the ambulatory and hospital EMRs could be integrated and share the same master patient index, drug formulary, medication index, allergy index and set of clinical decision support rules.  However, the physician board, influenced by several leading opinion-makers who favored an alternative EMR, convinced ACO leaders to allow the physicians to purchase their own ambulatory EMR and use system resources to purchase and develop a data repository that could send/receive (bi-directionally) and store data between multiple sources.  The vendors involved promised they could provide the infrastructure and tools necessary to capture and manipulate the data.  Two years later a patient suffers a severe anaphylactic reaction after receiving an antibiotic injection in one of the physician offices.  An investigation reveals that although the EMR had properly displayed the allergy, the antibiotic order had not triggered an allergy alert.  Further research reveals multiple ways for an allergy to be entered into their customized, bi-directional medication reconciliation tool that would successfully display the allergy in the ambulatory EMR, but not trigger an alert during the ordering process.  Their conclusion is that the use of different EMRs with multiple drug formularies, multiple medication and allergy indices and different clinical decision support rules is more complex than anticipated.  They suspended use of the medication reconciliation tool until they could determine whether they could more effectively execute their current strategy.

Key Points:  Effective organizational characteristics and a focus on quality of care are important catalysts for safe EMR use.

Cultivating a culture of safety, promoting transparent communications and alignment of strategic planning with prioritized goals to improve quality of care are examples of organizational characteristics that facilitate safe EMR use.  In this case the organization did well creating a shared vision with common goals/priorities regarding quality of care.   However, organizational alignment fell apart when the unbalanced interests from one part of the organization created the perceived need for an alternative strategy.   Although the new strategic plan was plausible, the organization did not have the resources or organizational discipline to effectively execute plans that were considerably more complex.   It will be paramount for ACOs to effectively manage such issues in the future.  Similarly, even the small, individual physician practice is more likely to be successful with an EMR implementation when they develop a strategy to improve quality of care through the implementation of an EMR.  

Posted at 12:40 PM in EHR, EMR Implementation, EMR products, EMR Risks, EMR Selection, Legal/Compliance, Meaningful Use, Safe EMR Use | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , ,

|

September 24, 2010

"Think Simple" When Developing Order Sets and Clinical Content Screens for EMRs

Physicians would prefer that an EMR computer screen emulate a tri-fold flow sheet that inspires a "gestalt feel" for the whole clinical situation.   Instead, data split among multiple screens with the need for numerous mouse clicks and excessive scrolling in order to see all the information tends to frustrate clinicians.  The frustration comes as a result of the fragmentation of our thought processes and patterns which have developed over time.    In addition, "user interface" issues can become a patient safety risk.  The following case study provides an example of such an issue.   

Case Study:   A small practice had their EMR vendor develop a custom report called the Patient Summary that “pulls in” EMR data including lab and radiology results.  This report is useful while on-call because they can remotely access it from home over the Internet.   Over one weekend the on-call physician discovered that some of the lab results for one of his patients did not show up on the Patient Summary.    He checked several other patients and found another example of missing results.   He decided that this report was unreliable and that he would not use it until the issue was understood.  The EMR vendor was notified on Monday.   They quickly determined that the report was working normally and no data was missing.   They suspected the doctor forgot that this report displays a little <+> symbol at the bottom of the screen if there are additional lab results that will not fit in the space provided.   At that point the physician realized that he had used his new iPhone for the first time and that the small viewing display had made it very difficult to for him to see the small <+> symbol.

 

Key Points:

  • Displaying medical data on a computer screen in a manner that meets the cognitive challenge at hand is difficult and can fragment a physician’s thought processes

 Since tri-fold computer screens are not a practical solution today, physicians need to involve themselves in the development of the EMR content screens that they will be using on a day-to-day basis.  For most EMR products these screens can be configured and used in various ways.  In this case the small display inherent to smart phones was inadequate when viewing the report.   But this is because it was not designed with the small viewing area and resolution of a smart phone in mind.  If presenting this data on a smart phone is a requirement for this physician, a new report will have to be developed in order to meet that new need.  

  • “Think simple” when developing EMR screens that clinicians interact with

Complexity makes EMR use even more difficult and less safe.   Most EMRs allow modifications to some EMR screens that physicians interact with such as documentation templates, reports, orders and order sets.   Good advice to those who develop these screens is to “think simple”.   For example, if six gastroenterologists decide to each create their own list of 25 order sets to accommodate personal preferences, their EMR order set screen will display 150 order sets.   Creating a screen that displays 125 choices for physicians has a pre-determined fate.  They would be better served by collaborating on 25 evidence-based order sets to share.   The result will be less frustration, less variation from evidence-based medicine and less work when annually reviewing the content of order sets.

Posted at 04:30 PM in EHR, EMR Implementation, EMR products, EMR Risks, Legal/Compliance, Safe EMR Use | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , ,

|

September 17, 2010

Successful Training Strategy for Staff, Clinicians Facilitiates Safe Use of EMRs

Inadequate training of staff and clinicians is a common problem encountered when an electronic medical record (EMR) is implemented.  The following case study illustrates how poor training can impede the operations of the physician's office and even lead to patient safety issues.   A successful training strategy will avoid these types of problems by ensuring the staff and clinicians are knowledgeable about proper EMR use and that the staff who are responsible for configuring and maintaining the EMR are skilled and working as a team.    

Case Study:   A multi-office practice has used an EMR for 18 months.   Mary, an office manager with project management and IT experience, is the primary caretaker of the EMR.  She has struggled with two other office managers who want to have the same access she has to configure the EMR.   Their argument is that they know what’s best for their offices and that Mary is too busy to meet their needs.   Mary argues that she is not too busy, but that instead it takes time to properly test and manage changes made to the EMR.  Their arguments are taken to the physician’s EMR oversight group who ask Mary to just “let it go” and provide the access those office managers need. 

One week later Mary was suddenly inundated with trouble calls.  Physicians were unable to enter diagnosis codes and their staff unable to work claims.  Mary called the two office managers who swore they had not done anything wrong.  One of them, whose office was having no problems, admitted that she did add several diagnosis codes to a template because her doctor wanted them.  Mary subesequently discovered that she had failed to link all of the other physicians to the new template which is why her office was the only one with no problems.  Mary fixed this issue, but then decided to run an audit to see if any other changes had been made to the EMR without communication or notices.  She indeed discovered a change the other office manager made to a parameter called “Allergy Severity Default” with the default answer changed from “Severe” to “Mild”.  Mary knew about a “quirk” with this EMR whereby it fails to trigger an allergy alert if the allergy is entered as “Mild”.  She had previously taken the issue to the physician oversight group who determined that the answer in this field must default to “Severe” when physicians enter an allergy.  They felt it was a patient safety risk if every time a physician entered an allergy they also had to actively change the default answer to “Severe”. 

When Mary explained this, the office manager replied that her physician claimed a “Severe” allergy is one where anaphylactic shock occurs and that he was tired of always changing the answer from “Severe” to “Mild”.   Mary changed the default answer back to “Severe”, asked the EMR physician oversight group to re-educate the physicians and began working with the EMR vendor to completely remove “Mild” as an available answer.  The vendor complied promptly.

Key Points:

• The most common source of problems with using EMRs is inadequate training

Case studies of EMR implementations, whether successful or failed, consistently list “training” as a key factor for success.   Ongoing educational reminders, especially for “work-arounds” and unique issues as exemplified in this case, are often useful.

Be wary of “work-arounds”

“Work-arounds” are encountered because people creatively develop ways, especially manual ones, to work around technology when it obstructs them from doing something.   Be wary of EMR work-arounds and make sure they are the best solution to the problem. In retrospect, completely removing “Mild” as an option in this case would have been a better initial solution instead of the work-around that was developed.

• Resolving EMR-related patient safety issues is a shared responsibility between the physician and EMR vendor

Work collaboratively with the EMR vendor and prioritize issues for them.  If ten issues are reported but only one of them is a patient safety issue, prioritization will focus the vendor’s resources on the important issue.   Mary immediately notified and educated the vendor about the patient safety issue in this case.

• Proactive management of EMR changes will reduce the number of EMR-related problems

There are standardized “change management” practices that minimize the risk of unexpected EMR problems.  These proactive practices ensure that each change is adequately tested, approved and communicated in advance.  Advance communication of an EMR change should indicate who, what, where, when and why changes are being made. This provides an opportunity for critical feedback.

• Effective communication is essential for safe patient care

Poor interpersonal relationships and the lack of effective communication among staff directly contributed to the problems in this case.  Discussion of the proposed changes would have allowed Mary or others to intervene and avoid the problems entirely.

Posted at 01:45 PM in EHR, EMR Implementation, EMR Risks, Legal/Compliance, Safe EMR Use | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , ,

|

August 26, 2010

Safe and Meaningful EMR Use Requires Control and Oversight of Clinical Content and Vocabulary

 

Case Study:   During the failed resuscitation attempt of a premature newborn in a neonatal intensive care unit (NICU) a nurse discovered the child was receiving 100 times the proper dose of heparin.  An immediate review of all 35 NICU patients revealed three others had heparin IV overdoses running.  These were stopped and those patients suffered no adverse effects.  An immediate investigation by the hospital’s Sentinel Event Rapid Response Team discovered a series of missteps that unfortunately aligned despite the presence of multiple preventative systems and processes including computerized physician order entry (CPOE).  The critical error turned out to be an erroneous heparin overdose order in a “Neonatal Admissions” order set.  Order sets that include medication orders at this hospital must be approved by the Pharmacy and Therapeutics Committee (P&T).  P&T had previously approved the order set, but on the morning of the incident the Medical Director of the NICU had called IT and requested that several non-pharmacy orders immediately be added to the order set.  The purpose of these new orders was to capture additional data needed for a monthly neonatology quality report that is electronically sent to a national database and used for quality benchmarking.  The clinical IT analyst did not think the order set needed to go back to P&T because there were no new pharmacy orders.  However, this EMR requires the analyst to re-enter the entire order set when making any changes.  The analyst made a decimal point error when keying in the Heparin order.  No other clinician reviewed, tested or reviewed the change.

 

Key Points:

 

  • Inaccurate or inconsistent clinical content in an EMR is a risk to patient safety and automation can propagate such errors to multiple patients before being discovered and corrected

Physicians and their staff will develop or customize clinical content for parts of their EMR such as order sets, documentation templates, physician orders and discharge instructions.  This case serves as a brutal reminder for the need to be very attentive to the accuracy of clinical content in an EMR.  The tragic outcome in this case was initiated by a type of human error (a “typo”) that can be anticipated and prevented by oversight processes.  

 

  • Physicians should oversee the processes used to manage and monitor the development of clinical content

Physicians will usually be called on to be the “authors” of EMR clinical content for items they are most knowledgeable about such as the documentation templates and order sets they will use.  Ideally the physician will develop content that is evidence-based and collaborate with others in the practice to avoid conflicting content and to reduce variations in care.  But physicians should also oversee the processes used to manage and monitor the development of other clinical content as well.  Similar to the hospital P&T committee, a physician or physician group should review and approve new or changed content before it is put into their EMR.  Content should also be reviewed by the authors at least annually to keep it up-to-date.

 

  • Physicians should work with their EMR vendor to assure that the clinical content in their EMR meets the emerging state and federal vocabulary standards for content

Vocabulary standards define how an EMR “encodes” clinical data which facilitates the ability of EMRs to reliably exchange that data with other systems.  In other words, if two EMRs use the same definition of “Gestational Age” and encode that measurement in the same way, those EMRs will be able to exchange that data (“talk” with each other) reliably.  In this case the neonatologists were adding an order to capture “Gestational Age” in the EMR to meet a new vocabulary standard determined by their specialty’s national quality benchmarking entity.  Some state and federal vocabulary standards exist, but more are forthcoming with the HITECH “meaningful use” requirements driving them forward.

Posted at 10:45 AM in EHR, EMR Implementation, EMR Risks, Legal/Compliance, Meaningful Use, Safe EMR Use | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , ,

|

August 03, 2010

How to Shame or Acclaim the Same EMR Through Work Flow

It is not uncommon to find physician groups who use the same version of the same electronic medical record (EMR) product but with significantly different degrees of satisfaction.  How can this be?  The following case study illustrates how successful EMR implementations leverage the capabilities of the EMR to streamline work flow and achieve specific goals.  This is the second of six case studies being used to describe the safe use of EMRs.

Work Flow and Communications Case Study:

A pediatric group in the final stages of selecting an EMR product sent their “physician champion” on site visits to two similar practices who had implemented identical versions of the same EMR.  At the first site visit the physicians are very pleased with the EMR and describe how clinical decision support tools help them achieve their goals.  For instance, during an 8 month-old Well Child visit the EMR defaults in a developmental history template that prompts age-appropriate questions.  With a single click on the order button an order set with routine orders for an 8 month-old Well Child visit displays.  The orders are completed in 30 seconds.  The pediatricians proudly tout the weight-based dosing option that calculates medication doses based on the patient’s current weight.

At the second site the physicians, parents and staff grumble about “going electronic” and complain about how long it takes to enter orders.  The visiting physician gains much insight while observing an 8 month-old Well Child visit.  The physicians rarely make eye contact with the parents as they struggle to find age-appropriate developmental screening questions from a long pick-list of questions they had built on a single developmental history template used for all patients.  They order each immunization, test and prescription separately.  Each test requires at least 5 clicks, three screens and a lot of scrolling.   They also manually calculate medication doses and type them onto the e-prescribing screen.   It takes several minutes to complete the orders.   When you ask why they don’t use the EMR’s weight-based dosing option, they reply that they discovered the weight-based dosing function is not safe to use.

Key Points:

Successful EMR implementations leverage the capabilities of the EMR to streamline work flow and achieve specific goals

Most EMRs have at least some features that can be designed and configured to work in different ways, or not used at all, such as order sets, documentation templates, health care maintenance tools and other clinical decision support tools.  Understanding these capabilities and designing optimal ways to leverage them are critical for successful EMR implementations.  The first group knew their goals and designed the EMR to achieve them.  They were particularly adept at leveraging the EMR’s capabilities to streamline work flow.  The second group, on the other hand, is floundering with poor work flows and no apparent goals for the EMR other than “going electronic”.

Automation of inefficient paper-based processes is a common risk to avoid

In the first office the physicians consider weight-based dosing to be a real time-saver and patient safety enhancement, but the second office considers it to be a patient safety risk.  It turns out that in the second office the nurse opens up and uses a single documentation template to enter documentation during the entire patient visit just like she did with paper records.  She keeps this template “open” because it takes too much time to submit part of the documentation, then re-open it to document more, then submit, re-open and so on.  So when the physicians used the weight-based dosing option, “today’s” weight would not display because the nurse had not yet submitted that data.  Thus, their poor work flow design and lack of synchronization not only slowed them down, but created a patient safety issue if the weight-based dosing option was used.  In the first office they avoided this by designing a “Vital Signs” template that the nurse used at check-in.  After the vital signs were entered into the template and “submitted” by the nurse the next logical documentation template conveniently popped-up to use. This group had used an IT consultant to help them redesign their work flow to take advantage of a paper-less environment.

• EMRs can interfere with physician-patient and physician-nurse communications

The lack of eye contact noted by patients in the second office is an example of how EMRs can impede communications in healthcare settings. It is prudent to be aware of the potential for such communication problems and to consider ways to avoid them.

I am using six case studies to illustrate that most EMR-related problems, even those involving hardware and software, can usually be traced back to some controllable factors.   The safe and meaningful use of EMRs is facilitated by leveraging these controllable factors to minimize these problems.  

Posted at 10:00 AM in EHR, EMR Implementation, EMR products, EMR Risks, EMR Vendor Selection, Legal/Compliance, Meaningful Use, Safe EMR Use, Work Flow | | Comments (1) | TrackBack (0)

Technorati Tags: , , , , , , , , , , ,

|

Next »

Sponsored Listing

Recent Posts

Categories

Search

Bookmark and Share

Twitter Updates

    follow me on Twitter

    Enter your email address:

    Delivered by FeedBurner

    Archives

    More...

    Add me to your TypePad People list