Pitfalls of Electronic Medical Records. Marilyn Schatz, Esq. Fager & Amsler, LLP 90 Merrick Avenue East Meadow, New York 11554

Transcription

1 Pitfalls of Electronic Medical Records Marilyn Schatz, Esq. Fager & Amsler, LLP 90 Merrick Avenue East Meadow, New York

2 How is the Medical Record Defined? The designated record set contains all information used in the patient s care and treatment, and billing information, regardless of the source. The covered entity determines what information is included in the designated record set. The most important factor in determining whether or not a document is part of the patient s hospital or office medical record is how the information has been used. 2

3 How is an EMR Different? Generally, paper and electronic records contain the same documents. An EMR includes documentation based on electronic reminders, such as: pop-ups or alerts reminders for immunizations, vaccinations, routine tests appointment scheduling online monitoring tools for disease management Text messages, s and instant messages relative to a patient s care and treatment are also considered part of the medical record. 3

4 Levels of Access to EMR Authorization to access an EMR must be granted only on a need to know basis. Each individual must be allowed access to only the information needed to perform his/her job. A receptionist does not require the same level of access as a physician. Access to patient must be limited to only those individuals who require it. Sanctions must be in place for employees who violate the regulations. Routinely monitor audit trails to detect improper access to patient records, and document the findings. 4

5 Security Concerns Computer screens must not be located where patients and other visitors can view patient information. Access to patient information must be password protected so that each employee s access is limited solely to the information required to do his/her job. Each computer should be set to automatically log off after a defined time period (e.g. 10 minutes after the last use). 5

6 EMR Documentation Problems Lack of documentation in an EMR is just as prevalent as it is in paper records. Documentation in the EMR is often more sparse than in a paper record. Frequently, documentation is limited to completion of templates and check boxes. Space designed for documentation of additional information is often left blank. If all of the check boxes are not completely filled in, it may appear that the blank items were not observed or examined by the provider. 6

7 Error-Free EMR Entries/Transcription Pay attention to spelling and grammar The patient lives at home with his mother, father and pet turtle, who is presently enrolled in day care three times a week. Abbreviations Know your facility s do-not-use list. Do not use personal abbreviations. You may not remember what the abbreviations mean several years later. Do not use texting language or abbreviations. This appears unprofessional, and can create an impression of hurried, incomplete documentation. 7

8 Error-Free EMR Entries/Transcription Review entries for accuracy before signing them. Rectal exam revealed a normal size thyroid. Avoid the use of humor, gratuitous comments or derogatory remarks. The patient was in his usual state of good health until his automobile accident. If the documentation is sloppy and unprofessional, it may be assumed that the care is sloppy and unprofessional. 8

9 Accurate, Prompt Documentation All entries must be dated, timed, and signed or authenticated. Never make entries into the EMR in advance. Documentation must be done as quickly as possible after care and treatment is provided to a patient. If treatment is not documented until several hours later, it can be difficult to determine when the treatment was actually completed. 9

10 Accurate, Prompt Documentation Time should be synchronized throughout the facility. Example: The nursery time system was a few minutes ahead of the Labor and Delivery time system. A baby experienced difficulty at birth, which made accurate timing crucial. The documentation in the baby s medical record made it appear that the baby was born before the Cesarean section began. Thus, the documentation appeared inconsistent and lacked credibility. 10

11 Document Your Own Work! The person responsible for providing the care must carefully review, then sign, date and time the entry. The individual who signs an entry attests to its accuracy. Even if a provider uses an assistant or scribe to enter progress notes into the EMR, he/she is still legally responsible for the content of those records, and must sign the progress notes. Failure to sign entries made by an assistant or scribe is the electronic equivalent of dictated but not read. 11

12 Why is Authentication So Important? Allowing patients improper access to an office or hospital computer may result in patients making entries on their own and/or other patients medical or hospital records. A patient consistently arrived at the clinic well before his appointment, logging on to the office computer system using his username and password. Since the office had not properly assigned levels of access appropriate to the various individuals who were granted access to medical records, the patient was able to access billing, prescription information, and make entries that were authenticated in the patient s name. 12

13 Why is Authentication So Important? Improper authentication may result in allegations of billing fraud and/or professional misconduct. Billing fraud: A nurse practitioner authenticates services that he/she provided, but uses a physician s unique identifier. The patient is billed as if the physician provided the service. Professional misconduct: An unlicensed technician authenticates services that he/she provided, but uses a nurse s unique identifier. The services provided were solely within the nurse s scope of practice. 13

14 Addition/Addendum to the EMR Must only be made in rare instances, relatively contemporaneous (within hours at most), and only when relevant to the patient s future care. The longer the delay, the less credible the entry. Check with the Risk Manager and/or Fager & Amsler, L.L.P., before an addition is made. 14

15 Addition/Addendum to the EMR Alteration or falsification of a medical record is considered professional misconduct. Never amend a medical record after it has been requested by an attorney or government agency or a lawsuit is commenced or the patient has died. 15

16 Addenda to the EMR Create a new entry, identify as late entry. The EMR will time stamp the date and time the entry was actually created. Refer to the date the original note was written. Add the new information, state how the information was obtained. Review of notes dated 6/19/12 reveals an omission relevant to the patient s care. Sign the new/late entry. 16

17 Corrections to the EMR The person who created the entry is the only person who may modify it. The only exception to this is a provider who is permanently unavailable. Before an entry is signed or authenticated, it may be corrected. After an entry is signed, a new entry must be created and noted as a correction or late entry. Enter the correct information and document why the correction was made. Sign/authenticate, date and time the new entry. 17

18 Use of Cut and Paste Used carefully, cutting and pasting can save time. Many times, cutting and pasting is performed improperly, resulting in erroneous and even fraudulent information in the medical record. Information can be pasted in the wrong place, either in the same patient s medical record or in another patient s record. 18

19 Use of Cut and Paste Each individual is responsible for all of the information he/she enters into a patient s medical record. Carefully review the medical record before the entry is authenticated to be sure that the information is completely accurate, current, and relevant to that patient s condition. Even the presence of one incorrect word can change the entire meaning of the entry. 19

20 Improper Cutting and Pasting Pasting documentation originally entered by another individual can be risky. Improper cutting and pasting may result in inclusion of information that is: No longer accurate or current, Irrelevant to the patient s condition, or Actually applies to a different patient. 20

21 Outdated Information A medication list or treatment note that is pasted in a new entry without adding new or deleting outdated information results in an inaccurate medical record. It may appear that the patient s condition has not improved since the last hospital admission, or even that the provider took no action to address the patient s medical condition. 21

22 Use of Templates/Canned Text The purpose of these tools is to support clinical care, not to simplify documentation. Hospital and office record documentation is enhanced if: Templates are used as they were designed, noting both positive and negative findings. All templates are completed consistently and completely. Blank sections of a template indicate that parts of an examination were missed. 22

23 Use of Templates/Canned Text Inappropriate use of templates and canned text will result in a hospital or office record that is inaccurate, not credible or even fraudulent. If a template is used that does not correlate with the patient s treatment or condition, the record may not make sense and will lack credibility. Failure to complete the template properly may indicate that the physician did not examine the patient or perform a specific procedure. 23

24 Use of Templates/Canned Text The record may appear too good to be true because it reflects a higher level of services than those that were actually provided. Extensive use of template default settings may indicate that the patient s condition and history were extensively reviewed when they really were not. Potential for allegations of insurance fraud (upcoding). Such allegations frequently result in serious criminal and or/governmental repercussions. 24

25 Carry-Over Function The purpose of the carry-over function is to save time by repeating certain information on every page of the patient s EMR. When a patient s chief complaint or presumptive diagnosis is entered into the EMR, it is often carried over to each subsequent page. This information may not be visible on the screen when the provider documents subsequent visits. 25

26 Carry-Over Function When the EMR is printed, the chief complaint or presumptive diagnosis may appear on every page of the printed record. It is important for providers to know how to discontinue use of such automatic functions when appropriate. Further, the provider must document that the original complaint or diagnosis has been resolved. 26

27 Recent Case/Carry-Over Function The patient was seen in the E.D. with complaints of chest pain. The physicians and nurses documented the patient s cardiac symptoms, test results and condition. The chest pain disappeared and the laboratory results were normal. The patient was discharged home. Three hours later, the patient returned to the E.D. by ambulance, and was dead on arrival of a massive heart attack. 27

28 Recent Case/Carry-Over Function After reviewing the printed EMR, the family s attorney commenced litigation against the hospital and providers, primarily due to repetition of the presenting complaint (chest pain) on every page of the EMR. None of the providers had properly resolved the patient s chief complaint in the EMR. All of the E.D. providers testified that the patient was asymptomatic and stable before discharge. The printed version of the EMR undermined the providers testimony. 28

29 Alert Fatigue Many EMRs include a steady flow of alerts and notifications such as allergies, medication interactions, reminders regarding vaccinations and immunizations, and alerts for scheduling routine tests such as mammography. The volume of alerts, and the fact that many of them do not apply to every patient, may cause the provider to ignore them. However, if a provider ignores an alert or notification without a good reason, patient injury and enhanced liability are possible results. 29

30 Printed Copies of EMR Documents A provider may request a paper copy of a portion of the EMR, e.g. a test result or consultation report. If the provider makes any notes on the printed document, he/she must initial and date the document, then it must be scanned into the EMR. If the document is not scanned, and the paper copy surfaces at a later date, the existence of two versions of the same document will destroy the provider s credibility. 30

31 Scanned and Faxed Documents The EMR will be incomplete if all of the paper records are not scanned. When scanning double-sided records, be certain that both sides of each page are scanned. Check to see that each page scans straight and that all printed material on the paper copy appears on the scanned copy. Once a paper record is scanned, and it is verified that the scanned copy is identical to the paper copy, there is no need to retain a paper copy. Retain a faxed document, even if a copy is later received by mail. Both copies must be scanned into the EMR. 31

32 Certified Copies of an EMR Certified copies of a medical record are often required for court proceedings, Workers Compensation hearings, or entities such as OPMC. If the provider or facility can not certify that the entire record has been reproduced, the result may be allegations of spoliation of evidence, deviation from the standard of care or even a cover-up. Does the printed record capture all of the information in the EMR system? Attorneys have successfully requested a court to grant access to a provider s computer system for inspection. 32

33 Printing Electronic Records Compare the printed record to actual screens where information is entered to confirm that the record is complete. Does the facility use more than one computer system? Is all of the information visible on the screen also on the printed sheets? Have all screens been printed? Is the printed record in chronological order? Are there any blank pieces of paper? Does the printed version of the EMR accurately convey the meaning of the assessments? 33

34 Hybrid EMR A hybrid medical record is maintained both in an EMR and on paper. If a complete copy of the records is requested, both the EMR and paper components must be released. If the paper component is not released, the result is an incomplete record. This is particularly important when a hospital or practice is asked to certify that the information provided is a complete copy of the patient s medical record. 34

35 Metadata Metadata is data that provides information about computer-generated documents. This information includes, but is not limited to: How the data was created. Why the data was created. The time and date the data was created. Who created the data. Who accessed the data after it was created. The time and date that the data was accessed. 35

36 Metadata Metadata can be a serious litigation hazard. The date, time and identify of the individual(s) who access a patient s EMR can be very important in the defense of a medical malpractice case. The date/time stamp for order entry may result in questions about whether a provider really was present for an entire procedure. If changes (additions or deletions made after a record is authenticated) are tracked, it will be easier to determine the identity of the individual who made the alteration, and when it was actually made. 36

37 What if There is a Power Outage? The provider or facility must have a written policy in place to deal with unanticipated breakdowns and power outages. Whenever the EMR system is unavailable, a temporary paper record must be created for each patient visit. When the EMR system is back in service, the paper records must be scanned into the computer. Check to be sure that all pages of the paper record were scanned and are visible in the EMR before paper copies are destroyed. Consider an off-site back up system to protect the records and avoid loss of critical information. Back up must be consistently performed and the information must be safely and properly stored. 37

38 Key Points to Remember You are responsible for all entries attributed to you. Document as contemporaneously as possible. Check spelling and grammar. Avoid all unapproved abbreviations. Check each entry carefully before authenticating it. Use cut and paste, templates and canned text carefully to avoid an inaccurate or fraudulent record. If you should not do something in the paper record, you should not do it in the electronic record either! 38

39 Electronic Communication Exchanges All patient-related correspondence on mobile devices must be included in EMR. texting instant messaging electronic tablets 39

40 Risks of Mobile Devices (BYOD) lost devices HIPAA violations virus IT management of multiple devices texting PHI discoverable trigger breach notification laws, data destruction laws, litigation holds malpractice criminal liability 40

41 Tips for Electronic Communication Conduct risk analysis Identify mobile device risk management strategy Develop policies and procedures Include: - mobile device management - using your own device - restrictions on use - security Training 41

42 Social Media Facebook Twitter YouTube LinkedIn Texting Instant Messaging 4Square Blogging Skype Interactive Websites 42

43 Risks of Social Networking misuse HIPAA violations blurred professional boundaries medical malpractice distraction professional misconduct 43

44 Social Media Risk Reduction Avoid use for practice of medicine, or for confidential data. Use separate device for personal exchanges. Protect confidential texts with auto-lock and remote wiping functions. Use technical safeguards and secure portals for HIPAA compliance. 44

45 The Duty to Preserve Evidence Spoliation, Trigger Events and Litigation Holds 45

46 You Must Retain Patient Medical Records Patient medical records must be maintained Physicians: at least 6 years or until one year after the minor patient reaches the age of 18 (NY Educ. Law 6530(32) Hospitals and nursing homes: 10 NYCRR ; ; 42 CFR , We recommend retention to satisfy statute of limitations: 10 years from date of last payment (for minors, until age 20 ½ if longer) 46

47 There is a Legal Duty to Preserve all Legally Relevant Evidence You must preserve evidence in your possession which is likely to be used in pending or future litigation or investigations Alteration, loss or destruction of evidence can result in the imposition of sanctions for spoliation of evidence Evidence may be paper or electronic, or even tangible items 47

48 Penalties Spoliation of Evidence A court has the discretion to impose penalties for spoliation of evidence when a party who has control over relevant evidence intentionally or inadvertently fails to preserve it, and when it results in prejudice to the other side The more important the evidence, the more severe the possible sanction 48

49 Penalties Proof required when sanctions are requested: The party in control of the information had an obligation to preserve it; It was destroyed with a culpable state of mind The destroyed evidence was relevant to the other side s claim or defense. Note that even simple negligence ( oops! ) is enough to establish a culpable state of mind 49

50 Sanctions Possible sanctions include: Fines, including the payment of attorneys fees; A missing document or spoliation charge to the jury, allowing the jury to draw an adverse inference against you; A preclusion order which prohibits you from introducing evidence at the trial An order striking a pleading, which essentially results in a default judgment. 50

51 What is an Adverse Inference Instruction? The judge tells the jury, just before the jury retires to deliberate, that they are entitled (but not required) to believe that the missing evidence would be damaging to your case, and that the destruction of evidence casts doubt upon your position at trial. Most commonly used if the lost evidence is important, but not crucial to the case 51

52 Most Severe: Striking a Pleading Example: a retired physician did not make any arrangements for storage of his medical records, and they were lost. Plaintiff was unable to obtain the records for a malpractice action. Since the loss of evidence was critical to the plaintiff s case, the judge struck the answer and entered judgment for the plaintiff. Herrera v. Matlin, 303 A.D.2d 198 (1 st Dep t 2003) 52

53 When Does the Duty Arise? Duty will arise if there is a credible probability that you will become involved in litigation. When you know, or should have known, that the evidence may be relevant to litigation. when you seriously contemplate litigation, or if you actually take steps in preparation for litigation. 53

54 This Duty May exist before litigation is commenced Exists whether the litigation is going to be brought by you or against you Applies to government investigations as well 54

55 Determining the Trigger Knowledge by employees will be imputed to the organization. Vague rumors, off hand remarks or statements which are not credible may not be enough Demand for compensation may trigger duty Letter from attorney telling you to put your liability carrier on notice will generally trigger the duty 55

56 Consider, for Instance. A simple request for medical records is not likely to trigger the duty, even if sent by an attorney. BUT it might be enough if coupled with other facts, such as you notified the patient of a data breach; there a complication in care or unanticipated outcome; a clinical error occurred; you received a complaint letter from an unhappy patient, OPMC, or Department of Health. 56

57 How Do You Decide? You must make a determination if the legal duty to preserve has been triggered. Factors to consider include: The nature and specificity of the complaint or threat, and whether it is direct or implied Credibility of the party making the claim The relationship between you and the other party The merit of the claim Other similar claims, or prior experience with that type of event Press coverage of the issue or event 57

58 Litigation Hold If you decide that the duty to preserve HAS been triggered, you must implement a litigation hold on your information. Information may be in paper form, electronic or tangible items or equipment Especially important with electronically stored information (ESI) which is transient and easily modified, deleted, overwritten, erased 58

59 Locate Your Data! Know Where it Resides! Electronic information exists in many different places and formats EMRs, billing systems, file servers, messaging systems, laptops, smart phones, tablet computers, pagers, removable media (CDs, DVDs), thumb drives and medical equipment Don t forget hosted applications or cloud servers Third party vendors may have information as well 59

60 Identify Key Personnel Personnel who have relevant information, or those who are likely to know where it is and how it can be retrieved. Healthcare providers, personnel in IT, records management, HR, billing, or technicians who work with medical equipment. Engage forensic experts, when necessary, to handle the collection, retrieval, preservation and monitoring of data 60

61 Suspend all Routine Information Destruction Suspend your document destruction policy Suspend any auto delete functions in electronic systems Employees must avoid any actions that might cause alteration or loss of original data. Be vigilant about actions that cause overwriting, erasing, reformatting, or alteration of electronic data. 61

62 Involve Your Corporate Attorney! A proper litigation hold needs the guidance of legal counsel Court decisions state that it is insufficient to vest total discretion in employees A litigation hold notice should be in writing and authored by an attorney. This preserves the attorney client privilege and privilege for work product in litigation. 62

63 Develop Policies Have a process for reporting probable litigation (help line, staff agenda items) Develop a tool to identify if the duty to preserve has been triggered, looking at all the factors Have a process for data identification and retrieval that is consistent and repeatable Always involve your legal counsel in any litigation hold 63

64 Questions? 64

65 65

66 66

67 67

68 68

69 69

70 70

71 71

72 72

73 73

74 74

75 75

76 76

77 77

78 78

79 79

80 80

81 81

82 82

83 83