Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

ARRA Accounting for Disclosures

Posted on October 2, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been reading some things about ARRA’s changes to HIPAA. I’ve heard a number of times the phrase that “ARRA has now given teeth to HIPAA.” I’ve also heard grumblings about a change in the HIPAA requirement that an EMR account for disclosures. I’ve been trying to get a number of experts on HIPAA to do a guest post on these various changes with no success, but I’ll keep trying.

However, I recently heard that the accounting for disclosures is even more stringent than I had thought about before. From what I’ve heard, the law will now require that you are storing and able to report on the disclosure of a patients health information to both internal and external sources. The external sources is something that we’ve done forever and is really not a problem. The challenge is accounting for the internal disclosure of the HIPAA information. Not to mention displaying that information in a nice report.

Let’s say for example, a nurse pulls up a list of patients during a search for a patient by last name. Does the EMR need to know all of the people that were in that list that could have been seen by the nurse? Do you need to audit how long the nurse had that list open? I’m sure there are more situations like this that seem to be required by the new HIPAA laws.

I actually saw a demo of a hospital EMR that recorded this type of granular auditing. I have a feeling many EMR software aren’t even close to this type of tracking.

I’m also reminded of my post talking about the number of users who legitimately access a patient’s chart. In that post I talk about the number of people who can mess up the chart. Now let’s think about the audit logs that will be required for all of those people who are accessing each granular part of a patient’s record.

I’d love to hear people’s thoughts on this subject and any clarifications on things I’m misunderstanding. No doubt we’re going to hear more about this in the future.

Number of People Who Can Screw Up a Patient Chart

Posted on May 9, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A company called FastComany (most notable for famous Microsoft blogger, Scoble having worked there-Yes, I’m showing my geek) wrote an article a while back on EMR and technologies impact on healthcare. It’s an interesting read since it’s kind of an outsider/tech magazine look at healthcare.

One thing that really struck me in the article was the following quote:

In the meantime, Geisinger continues to compile success stories, including that of CEO Steele, who became patient No. 86 in the ProvenCare CABG program. “I was in and out of the hospital in two-and-a-half days,” he says. Casale, who was Steele’s surgeon, says the case opened his eyes to how complex a routine operation really is: “Two weeks after, the head of our IT group called me and said, ‘Al, I just looked through [Steele’s] chart, and I want to send you a list of everybody that accessed the medical record from the time he was seen in the clinic to two weeks post-op.’ There were 113 people listed — and every one had an appropriate reason to be in that chart. It shocked all of us. We all knew this was a team sport, but to recognize it was that big a team, every one of whom is empowered to screw it up — that makes me toss and turn in my sleep.”

113 people legitimately accessing the patient chart in an EMR. The most apparent item here is that it’s a lot of people that could screw up the patient chart. However, that’s not what interested me. What I find most interesting is that an EMR enables us to know that 113 people accessed the chart and exactly what each one did. Think about a paper chart. Any of those 113 people could have made a change and it would be difficult to know who.