4 HIPAA and EHR Risks You Need to Know
Orthopedic practices have a great deal to lose if they violate HIPAA regulations. Simple items such as keying in misinformation on a patient’s chart or sharing a password with a colleague who’s forgotten his can lead to disastrous and far-reaching consequences. One strong defense of these issues is to have a specialty-specific EHR platform to help make sure that you have the lowest possible threshold to getting the information correct. Even with advanced technology, it is still best to take caution against some of the more commonplace HIPAA oversights.
Input Errors
Misinformation that is added to patient records increases the chances of unsatisfactory care and could lead to legal ramifications. The Department of Veterans Affairs noted that there was an average of 7.8 mistakes on each patient’s record with 84 percent of patient records affected. Some of the most common mistakes include fields that were auto-filled with incorrect information, notes that were unsigned and a lack of supporting documents for services performed.
Sharing Identities
For an orthopedics practice that is small with a feeling more like a family rather than an employer, sharing passwords helps streamline processes. At least that’s the thought process behind this common practice. Sharing online identities — in which two or more people use one password to sign into one account — fails to provide safety parameters when it comes to figuring out who is inputting which information. This can lead to controversy in the office and lead to pointed questions if a malpractice situation arises. Even in a close office group, it is best to keep password sharing to a minimum. Also, it is wise to advise regular password updates for regular users of the EHR system.
Incorrect Historical Information
In the name of efficiency, it’s tempting to copy and paste patient information that seems like it should be static, which could lead to the transfer of data that is incorrect or outdated. This could also add to the clutter of information about a patient and make it more difficult to identify those items that are most important. In a malpractice situation, the patient’s attorney could point to this as evidence that the physician wasn’t fully engaged in the patient’s care.
Records That Leave the Office
While you can control the security of medical records while they’re in your office, it’s more difficult to do so when records leave there. Establish a strict policy regarding the procedure that must be followed when employees take work home with them. This policy should address the employees who have clearance to remove patient records, the length of time these records can be removed from the office, where the records can be stored and the security measures that must be followed while the records are in the employee’s possession.
HIPAA compliance starts with a strong EHR platform, one that is designed specifically for orthopedic practices and has their unique challenges in mind. Exscribe EHR was built from the ground up by orthopedic surgeons, for orthopedic surgeons. Contact us today to learn how we can partner with you to streamline processes while ensuring HIPAA compliance.