NORCAL's Risk Management Specialists offer the following electronic health record (EHR) best practices based on lessons learned in litigation.
Scanning
- Train staff on scanning policies and procedures.
- Stress accuracy, not just efficiency.
- Consider periodic chart reviews to ensure that information has been scanned into the correct chart.
Follow-Up
- Utilize a tracking system to ensure receipt and follow-up on labs, referrals, etc.
- Ensure consistent workflow for handling lab reports and other information received from outside the clinic.
- Ultimately, it is the clinician’s responsibility to ensure appropriate follow-up. The clinician cannot delegate this to medical assistants or other staff.
Copying and Pasting
More Information About Optimizing Your EHR to Manage Risks
- Optimize Your EHR to Manage Risks: Case Studies and Best Practices
- Issues with Identical and Default Text When Using EHR Efficiency Tools
- Pasted and Template Text In an EHR Leads to Problematic Medical Records
- Uncorrected Default Text in an EHR Leads to Defamation Suit
- EHR Integration Problems Contribute to Delayed Diagnosis of Lung Cancer
- The Problem with EHR Workarounds
- Identify and Remedy EHR Liability Risk Issues: Risk Management Strategies
- EHR Best Practices — Lessons Learned in Litigation
- Parental Access to Adolescent Patient Portals
- Solutions to Reduce EHR Burdens and Decrease Physician Burnout
- Create a copy and paste policy and train everyone on it.
- Consider periodic chart reviews to look for inappropriate use of copying and pasting.
- Use an EHR audit trail to track any changes made to the record.
Security
- Create and educate staff and enforce policies on:
- Use of their own username and password to access the EHR system
- Timeframes for when patient encounters must be signed off on and locked
- Confidentiality and security (notify patients of this policy as well)
- Employees who access patient information without a legitimate business reason to do so
- Create appropriate levels of access restrictions in the system.
- Ensure that computer screens are not visible to the public.
- Never leave a computer that you are logged into unattended without being locked.
- Never share your password with other staff.
- After data entry or record review, close the patient’s record.
- Ensure that you have the proper level of encryption and HIPAA-required security in your EHR.
- Create a back-up and disaster recovery plan.
- Ensure that your EHR can produce an audit log.
Data Integrity
- Watch for inaccurate chart entries as a result of templates or copying/pasting.
- Review all data to ensure its accuracy before signing off.
- Consider periodically printing out chart entries to see if they are accurate and easy to understand.
Prescribing From An EHR
- Be careful when using drop-down boxes or pre-populated doses of medications.
- Find out if the EHR software recognizes off-label doses. If not, work with the vendor to modify the system.
- Ensure that only one chart is open at a time.
- Adjust EHR alerts to make sense for your clinic.
- Do not bypass alerts without a process.
- Document the rationale for any bypass in the EHR.
- Ensure that interfaces with outside systems are working properly.
Additional Resources
American Health Information Management Association (AHIMA): Sample policies and procedures for members at library.ahima.org. (accessed 6/20/17)
SAFER EHR Guides (created by Office of National Coordinator for Health IT): Self-assessments, worksheets and tips to optimize EHRs at healthit.gov. (accessed 6/20/17)
This content originally appeared in Claims Rx, our claims-based learning publication. Many releases are available for download in the Claims Rx Directory. For select releases, eligible insureds will also find instructions for obtaining CME credit.