We've moved! Our new office space is located at 11000 Broken Land Parkway, Suite 600, Columbia, MD 21044

Electronic Health Record Risk Management Strategies

There is no doubt that, for most health care providers, Electronic Health Records (EHRs) have become one of the central components of any healthcare practice, and so it stands to reason it is more important than ever to manage liability risks that accompany use of EHRs.  In fact, studies show that malpractice claims that are related to an EHR error are on the rise.  Therefore, it is critical that healthcare practices establish effective policies and procedures regarding the use of the EHR system and follow through with consistent training and self-auditing to ensure best practices are being followed.

Some best practices to keep in mind when developing office EHR policies and training:

  • Incorporate entering the progress or office visit note into the patient encounter. While completing the note, acknowledge that you are listening closely even though you are typing into the record.  Set up the treatment room so that the patient can see the screen and see what is being typed.  Consider reading the note and asking, “Do I have it right?”
  • Ensure that each progress or office note is “closed” or “finalized” once completed. Do not leave progress notes “open.”  Most EHR systems do not automatically “close” or “finalize” a progress or office note once completed.  Failure to timely “close” a note can lead to inaccurate time-stamping of entries or having multiple users add to, or revise, a note under one identifier.  Develop written policies that define standards for timely closing and locking of patient encounter notes.
  • Avoid self-populating entries and templates as much as possible. Use free text to describe patient complaints, assessments, and treatment plans.  Where entries are self-populated, review them for accuracy prior to finalizing the record.
  • Avoid using copy and paste to complete progress notes. Overuse of an EHR’s cut and paste option can carry forward outdated and redundant information.  It can also result in outdated medication and treatment orders that are no longer necessary or substantiated.
  • Self-audit EHR records by periodically printing out a note and assessing it from the viewpoint of an auditor or another clinician.
  • Utilize the tracking and tickler systems in EHRs that track orders, missed or canceled appointments, missed test results, and referrals. Develop policies and procedures that ensure effective use of these tracking systems, and develop and run random audits to makes sure they are being used.  Ensure there is clear designation and understanding among staff and clinicians as to who is responsible for tracking and following-up with these tasks.
  • Develop a protocol for documenting after-hours patient encounters. When possible, contemporaneously enter documentation of after-hours patient encounters into EHR system via remote access.  Ensure that the patient’s primary physician is aware of the encounter.  Use reports of after-hours calls generated by the answering service to double check that all calls are followed up and documented.
  • Ensure that you have clear and robust policies regarding cyber and data security, and ensure that staff are well-trained on these policies.

It is critical that healthcare providers of all sizes make it a priority to oversee and manage the utilization of its EHRs.  As part of this effort, providers should review their office policies and procedures and work with legal counsel to ensure that appropriate and effective policies are in place and that staff are regularly trained on these policies to ensure best practices are being followed.

Eric Gunderson is an attorney with the Healthcare Law practice group at Davis, Agnor, Rapaport & Skalny LLC.  If you have questions about this article or other health care law related matters, please contact Eric at 410.995.5800.