Blogs

I know, and the punch line is well don’t do that, barump ching! In the case of patient records, what hurts or can hurt many is non-compliance to regulatory mandates, especially when something can be done to prevent it. This is an area where I can find 6 people who will say one thing and 6 to say another. There are many opposing views, specifically in relation to the HITECH Act of 2009 where the focus has been on technology and “meaningful use” along with security related to patient records. In discussions I have had since this was introduced, there stills seems to be a division between the clinical and administrative camps. Those in the clinical side of the house look at medical imaging, diagnostics and other information elements related to patient care as the patient records while in the administrative side of the house, all of the previous information elements along with insurance, financial, family, additional non-medical information is viewed as patient records. The short of this is that both are right, it is all part of the larger patient records file.

What amazes me still is that many facilities, while well intentioned, are still not as far along the transition cure to a more digital information management environment as one might have expected. In fact a recent visit to the US Health and Human Services (HHS) site listing reported security breaches now shows 489 listings of security breach reports affecting 500 or more individuals. The range of causes runs from paper based to lost devices and server intrusion. Server intrusion and lost devices are great challenges unto themselves and with the increase in mobile device use, lost devices will become an even greater challenge, but when I see the number of incidents related to paper-based information, I do not understand the reason this is still occurring. There are ways to convert his to a digital form and apply tighter security, access and retention controls over this information, it is called document imaging and it has been around since the mid1980s. (I know, as I was an application pioneer in this field.)

In my view, this is an area where the worlds of Enterprise Content Management (ECM) and Electronic Health Records (EHR) can combine to provide a strong environment designed to accommodate all of the information elements related to patient records. If you consider ECM to be an environment comprised of not just technology but governance, process, people and technology, EHR becomes one of the technology elements - like document imaging and workflow – that enables an organization to establish and maintain higher levels of security and compliance.

It is not an easy step forward and does require teamwork from all sides. As part of the effort, discussions and agreement on definitions like that of patient records must be established. In relation to mobile devices, guidance on appropriate use and the process related remote destruction of missing or lost devices must be considered and included. Regarding paper-based information, formal capture and destruction processes must be designed, defined, taught and refined to ensure no paper is lost or accessed by unauthorized personnel. This includes guidance and procedures related to third party providers who must operate according to your rules and who you have a duty to monitor regularly to ensure compliance. Saying don’t do that will not work. You must plan and take action before the pain gets severe and the fines begin to rise.   

If you are ready to move forward and are finding yourself stuck or unfocused and are not sure where to begin or what to do next, seek professional assistance and/or training to get you started. Be sure to investigate AIIM's Enterprise Content Management training program.