When the Writ Hits the Fan



Similar documents
Guidelines for Defining the Legal Health Record for Disclosure Purposes

WILL THE REAL ELECTRONIC DOCUMENT MANAGEMENT SYSTEM PLEASE BE INSTALLED!

Electronic Records Management Guidelines

Presenter. Deborah Kohn, MPH, RHIA, CHE, CPHIMS Principal Dak Systems Consulting San Mateo, CA

September Tsawwassen First Nation Policy for Records and Information Management

Non-Profit Records Management Tool Kit

Institute for Advanced Study Shelby White and Leon Levy Archives Center

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

University of Louisiana System

Issues in Electronic Health Records Management. Document and Record Management

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007

Scotland s Commissioner for Children and Young People Records Management Policy

FROM PAPER TO ELECTRONIC RECORDS MANAGEMENT MANAGING THE TRANSITION

COLORADO COMMUNITY COLLEGE SYSTEM SYSTEM PRESIDENT S PROCEDURE ELECTRONIC COMMUNICATIONS MANAGEMENT AND RETENTION PROCEDURES

Management: A Guide For Harvard Administrators

Larry Patterson, City Manager

NCI-Frederick Safety and Environmental Compliance Manual 03/2013

One of the first steps in managing information in today s

POLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL ( ) SYSTEMS

The Next Frontier. for Records Managers. Retention and Disposition of Structured Data:

RUTGERS POLICY. Approval Authority: Executive Vice President for Academic Affairs and Senior Vice President for Administration

Union County. Electronic Records and Document Imaging Policy

Electronic Record Management Guidelines for Arkansas State Government. Developed by the Arkansas Records Retention Workgroup

GENERAL GOVERNMENT ADMINISTRATION EXECUTIVE RECORDS RETENTION AND DISPOSITION SCHEDULES (ERRDS) ERRDS, DIVISION OF VOCATIONAL REHABILITATION REPEALED

Glossary of Records Management Terms

State of Montana Guidelines

How To Preserve Records In Mississippi

UNIVERSITY OF MANITOBA PROCEDURE

ELECTRONIC HEALTH RECORDS

LEGAL HEALTH RECORD: Definition and Standards

Discovery Technology Group

AHIMA Curriculum Map Health Information Management Associate Degree Approved by AHIMA Education Strategy Committee February 2011

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S

Records Retention & E-Discovery. Preserving Electronically Stored Information for Litigation

ACCESS, PRODUCTION AND RETENTION OF CITY RECORDS

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT PROGRAM. Revised January 15, 2014

Life Cycle of Records

Electronic Records Management Guidelines

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

The E-Discovery Process

SOUTH EASTERN SCHOOL DISTRICT

INSTITUTE OF TECHNOLOGY TALLAGHT RECORD MANAGEMENT & RETENTION POLICY

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

The legal admissibility of information stored on electronic document management systems

How To Manage Records And Information Management In Alberta

Document Management Glossary

ELECTRONIC RECORDS MANAGEMENT

Code - A Date Approved: July 24/01

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12)

Electronic Data Retention and Preservation Policy 1

Presentation Topics. What is a record? Hawaii State Archives Presentation December 14, 2010 ABC S OF RECORDS MANAGEMENT ACHIEVING BASIC CONTROL

Enterprise Content Management. A White Paper. SoluSoft, Inc.

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008

AHIMA Curriculum Map Health Information Management Associate Degree Approved by AHIMA Education Strategy Committee February 2011

LibertyNET: A flexible document management solution that reduces costs by automating tasks

E-Discovery Quagmires An Ounce of Prevention is Worth a Pound of Cure Rebecca Herold, CISSP, CISA, CISM, FLMI Final Draft for February 2007 CSI Alert

Preservation and Production of Electronic Records

PARCA Certified PACS System Analyst (CPSA) Requirements

FRONTIER REGIONAL/UNION#38 SCHOOL DISTRICTS. Records Retention Policy for Electronic Correspondence

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

MODERN TRENDS AND TECHNIQUES ON MEDICAL RECORDS

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

Managing Records: Retention, Destruction and Disposal

InstaFile. Complete Document management System

Chapter RECORDS MANAGEMENT Sections:

How To Use A Court Record Electronically In Idaho

PRESERVATION AND PRODUCTION OF ELECTRONIC RECORDS

Streamline Enterprise Records Management. Laserfiche Records Management Edition

Laserfiche for Federal Government MEET YOUR AGENCY S MISSION

Integrated archiving: streamlining compliance and discovery through content and business process management

E-DISCOVERY: A Primer

Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)

E-Discovery in Practice: A Roadmap for Financial Institutions

Electronic documents questionnaire

HL7 EHR-S Records Management & Evidentiary Support Functional Profile

State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN. January 2010 December 2012 DECEMBER 31, 2009

State Records Guideline No 15. Recordkeeping Strategies for Websites and Web pages

Digital Records Preservation Procedure No.: 6701 PR2

Managing Shared Electronic Workspace

Scanning Guidelines. Records Management

Defining the Core Clinical Documentation Set

Regulatory Compliance Policy No. COMP-RCC 4.17 Title:

E-Discovery: A Deposition for your Electronic Health Record

CA Records Manager. Benefits. CA Advantage. Overview

Transcription:

When the Writ Hits the Fan The Importance of Managing Electronic Health Records Your healthcare facility is digitally capturing information at a staggering pace. But if a subpoena showed up tomorrow, could you produce the information you need? by Deborah Kohn, MPH, RHIA, CHE, CPHIMS While mounds of analog paper and film continue to overwhelm most healthcare organization record and film libraries, the fact is that today healthcare organizations increasingly are creating more electronic records than analog records. Every minute, servers log thousands of network interactions, staff members create hundreds of e-mail messages, and databases record gigabytes of information. This surge in electronic activity will only increase. Without exception, healthcare organizations realize that health information will be fully digitized in the future. Digital records may take up far less physical space than their paper and film predecessors, but they remain business documents that may be subpoenaed for medical malpractice lawsuits or other legal actions. As such, their collection and retention requires the same rigorous management principles applied to paper and film records. Unfortunately, technology is outpacing policy in organizations both within healthcare and throughout all industries. Nearly half of companies (47 percent) do not include electronic records in their retention and destruction policies. 1 Now that journals and seminars have explored much of the planning and implementation activities surrounding the electronic health record (EHR) and most healthcare organizations have undertaken the process in some fashion, it is essential that organizations address the new challenges involved in the ongoing maintenance and management of the EHR. Healthcare organizations require strategies to determine the best course of management for these challenges, and health information management (HIM) professionals require the knowledge and leadership capabilities to help shape and deploy the strategies. How Things Change and How They Stay the Same It has been many years since, as an HIM professional and designated custodian of records (CoR), I acknowledged subpoenas for patient records in medical malpractice lawsuits or other legal actions. But the process was memorable. During the 1970s one could not reproduce analog paper and photographic film to send to the courts because rudimentary paper and film copy machines had just been introduced into healthcare organizations and courts still required the delivery of original source documents and records. Consequently, upon receiving subpoenas for patient records, I took a large cardboard

box and collected from each department the original source documents and objects required by the subpoenas: related paper-based patient financial and medical records, including film-based diagnostic images, tape-based medical dictation and ECG waveforms, and pathology slides. Fast-forward to the early twenty-first century. HIM professionals still manage the important, enterprise-wide release of information (RoI) function, not only acknowledging subpoenas but acknowledging a plethora of patient record requests by users, including patients, who demand and, in most cases, are entitled to every piece of documentation connected to an episode of care. The good news is that, like healthcare organizations, more and more courts have entered the digital world. Today, secured electronic files of original, electronic source documents and records as well as copies of original, electronic source documents and records are admissible in courts as long as the healthcare organization can substantiate (1) the trustworthiness of the system(s) used to store and retrieve the documents and records; (2) the accuracy of the organization s records management policies and procedures; and (3) the documents and records were not created just for a court case. (It is important, of course, to verify the courts acceptance of digital records on a state-by-state basis.) Large cardboard boxes have been replaced by organizational intranets and Web portals, single points of personalized access through which to find and deliver electronic information, applications, and services. As such, in either hybrid or fully EHR environments, designated CoRs, RoI professionals, or even patients after rigorous authorization and authentication processes merely click on hyperlinks, instantaneously retrieve original electronic source documents and objects required by subpoenas or other requests, and securely transmit them to the requesters. Given that virtually every activity within healthcare organizations involves the use of computers, the list of possible electronic records can be daunting. The following are examples of original electronic source records that could potentially be included in the designated record released to the courts, authorized users, and patients: All related digital (electronic) patient financial records from financial data repositories All related digital patient medical records from clinical data repositories such as acute care, ambulatory care, long-term care, and mental health care records, including all related: Digital conversations, including e-mail messages, voice-mail messages, e- annotations (the equivalent of electronic Post-it notes), instant messages, and digitized telephone consults Digital diagnostic images from diagnostic image repositories, including digital X-rays as well as CT, MR, and nuclear medicine Cine, including cardiac catheterization and ultrasound images (video files) from video repositories Digital medical dictation (audio files) from audio repositories Medical transcription (text files) from text repositories Waveforms (signal trace or graphic files) from signal trace repositories, including ECGs, fetal traces, and output from other electronic, bedside medical devices

Digital photographs, including those taken from pathology digital cameras on a stick While the good news is that courts will accept these electronic records, the not-so-good news is that many HIM professionals, CoRs, privacy officials, and others have yet to master the challenges of managing electronic documents and records. No one doubts that the EHR has successfully resolved myriad records management problems, but if it is not managed with new knowledge and skills it can cause its own set of problems. For example, without rigorous electronic records management policies and procedures, e-mail messages that contain protected health information or that are related to patient care may be mishandled. Or HIM professionals retain both hard copy and digital records because they doubt the legality of electronic records and the reliability of their computer systems. Electronic Records Electronic records encompass information recorded on any digital medium such as magnetic tape, optical disk, CD, or DVD, as read-only or rewritable file formats. Today, almost all digital storage media have the same legal effect as analog storage media (paper, analog photographic film, stone). In addition, most electronic records are evidence of transactions or events that have legal or business value (i.e., they reflect the business objectives of the organization, such as receiving reimbursement for services provided). Also, most electronic records are evidence of transactions or events that indicate an intention to be memorialized. Because most of the electronic records created in healthcare organizations are evidence of these two factors, their electronic records are considered to be official, corporate, or business records. For purposes of this article, the term business records will be used. 2 In the minds of attorneys, almost all types of electronic records in healthcare organizations are considered business records electronic patient medical records, electronic patient financial records, electronic departmental administrative records, electronic employee records, and even some reproductions of electronic records. The only difference between these business records is the content: patient medical records contain patient health information, patient financial records contain patient financial information, and so forth. Typically, HIM professionals manage healthcare organizations electronic patient health records EHRs from paper to barely hybrid, to hybrid, to fully electronic, which, like all business records, are subject to evidentiary discovery. EHRs that are not considered business records and therefore are not created as evidence of transactions or events that have legal or business value might include: Reproductions of the electronic records that are provided by the organization to an individual or another healthcare organization for convenience Ad hoc or draft electronic record documents, such as some e-mail, some voice mail, some e-annotations, instant messages, work sheets, work lists, works-in-progress, and database manipulations

Electronic records such as personal health records, which are patient owned, managed, and populated and may include copies of the healthcare organization s business record files. However, there is a very important caveat here. Such records do become business records if they are subsequently used by the healthcare organization in evaluating or treating the patient, such as providing care, reviewing data, and documenting observations, actions, or instructions. This might include patient-owned, managed, and populated tracking records, such as electronic medication tracking records, glucose and insulin tracking records, etc. 3 Electronic Records Management Electronic records management (ERM) is the process by which electronic records are created and preserved for evidentiary purposes. The ERM process requires astute decision making throughout the life cycle of electronic records. The life cycle spans from record creation, receipt, indexing, search, retrieval, routing or distribution, storage, maintenance, and security to the ultimate disposition of being purged, archived, or destroyed. Decision making includes, but is not limited to, what electronic records to keep and for how long, the assignments of authorities and responsibilities, the design and administration of the process, and the audit and review of the process. This means that HIM professionals must establish ERM policies and procedures for EHRs (i.e., electronic health record management) that assist in: Creating and maintaining EHR retention and disposition schedules based on administrative, legal, fiscal, and historical requirements Establishing documented procedures for the scheduled destruction of obsolete EHRs and retaining proof of such destruction Developing, implementing, and maintaining efficient EHR filing systems Quickly locating and organizing EHRs Training organization personnel in the use and function of EHR management processes Ensuring the confidentiality, security, and integrity of the information in the EHRs Monitoring the completeness and accuracy of the EHR content The following healthcare organization line-of-business information systems are examples of computer systems that are capable of creating electronic records and then processing, distributing, maintaining, storing, retrieving, archiving, and destroying the records: Patient billing and accounts receivable systems Healthcare information systems Clinical information systems Picture archiving and communications systems Cardiology, laboratory, radiology, and pharmacy information systems Digital dictation systems and voice recognition systems Word processing (i.e., transcription) systems Electronic document management systems Report, print, and output management systems (e.g., reproduction systems) E-mail systems (e.g., Microsoft Outlook)

Collaboration systems (e.g., project extranets and online conferencing systems) Dynamic Web site systems with online forms, transactions, and metadata Automated ERM functions embedded in line-of-business information systems are helpful to HIM professionals because such information system functionality can assist HIM professionals in establishing and executing EHRM policies and procedures. Automated ERM functions include but are not limited to: Record capture, where a predefined set of metadata is established supporting accurate representation of the record with disciplined disposition and retention actions Record classification, where appropriate categories of records are established with applied rules Record preservation format, where a format, such as extensible mark-up language (XML) or portable document format (PDF), is established for retrieval and crossdepartmental interchange Record retention calculation, where triggers automatically save electronic documents or Web content as records according to pre-established business rules Record disposition control, where rules provide electronic notifications to managers that certain records or documents have met their retention dates and require manual confirmation to delete, save, or destroy Record deletion and destruction and suspension of record deletion and destruction to support litigation. 4 Currently, most of the above automated ERM functions are not embedded in the above line-ofbusiness information systems. Consequently, HIM professionals and their IT colleagues must work with their existing vendors to develop required automated ERM functionality. In addition, for each new information system acquired, HIM professionals must work with employees to develop simple rules so that they know what to retain and what to purge before the new systems are implemented. HIM professionals must also work with information-system acquisition teams to make certain that the following, sample verbiage is included in future requirements specifications: A information system shall allow users to create folder hierarchies, wherein users can place electronic documents or records that contain protected health information. A information system shall be capable of automatically applying classification and retention schedules that are established by the healthcare organization. A information system shall be capable of taking Web site snapshots, allowing users to record the sequence of the screens encountered during a Web site transaction. A good general strategy with which to start is to establish a comprehensive plan for the life cycle management of the organization s electronic business records. Indicate in the plan what the business value is and what strategic or tactical business benefits the organization will achieve. To the extent possible, centralize the plan, incorporate the plan into the organization s IT strategic plans, and then dictate the plan to the users. For example, establish new employee training and ongoing refresher courses at all levels. The less computer literate will need support not only in using electronic systems but also in changing their mindsets in accepting electronic records as the norm. Also, do not forget to establish solid communications programs to assist all users in adopting electronic record best practices.

Short-term recommendations include developing EHR policy and procedure guidelines such as those for EHR retention the task will not get easier as more electronic content is created and preserved. Establish policy and procedure guidelines first for the existing information systems that are most heavily used for EHR purposes, and insist on developing EHR policy and procedure guidelines before buying new EHR technologies. From a more technical perspective, first identify all existing enterprise-wide repositories that securely store EHR records and documents which merit evidentiary handling. This allows HIM professionals to oversee and focus on the many digital EHR-based repositories inside and outside their existing domains. Then, work with IT professionals to move all inactive or semi-active files to separate, secure storage. Implement a regular sweep of EHR information to ensure that the archive is kept accurate and up to date. Trawl the archive and assign retention flags to information. Destroy unflagged files from the archive. Work with network administration professionals to manage large files and file types for security purposes. Given the potential consequences, there is a major need for heightened awareness of ERM concepts and practices in healthcare. Managing electronic health records requires attention from an organization s highest levels. The most important success enabler is management s proactive and ongoing commitment to ERM. However, success also calls for a troika of experts corporate attorneys, IT professionals, and the subject matter experts, HIM professionals. These partnerships will breed success if the challenges are addressed now. Notes 1. Williams, Robert F. Electronic Records Management Survey: A Call to Action. Available online at www.merresource.com/whitepapers/survey.htm. 2. Tomes, Jonathan P. Retaining Healthcare Business Records. Journal of AHIMA 73, no. 3 (2002): insert. 3. Kohn, Deborah. Records Management Redux: The Digital Dilemma. For The Record, November 4, 2002, 26 28. 4. Ibid. Deborah Kohn (dkohn@daksystcons.com) is the principal of Dak Systems Consulting in San Mateo, CA.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information