|California State Senator Mark Leno|
SB 850 would require providers to automatically record any change or deletion of electronically stored medical information and identify who made the change. Furthermore, the bill would make it possible for patients to see the changes if they requested their medical records. By contrast, pending federal requirements would allow patients to request a list of people who had accessed medical records, but there is no requirement to disclose transactions that alter a medical record.
“Changes to an EHR (electronic health record) can go unnoticed and can be harder to trace than changes made to paper records,” said Sen. Mark Leno, D-San Francisco, the author of SB 850.An attorney for the family of a woman whose medical records were altered after a 2009 fatality noted that medical records are extremely easy to manipulate when they're in electronic form and the difficulty for patients to pursue discovery if records of changes are not kept.
Some in the health care industry contend that requiring every adjustment to be noted in the medical record itself would impose a heavy and costly administrative burden on already stretched health care resources. They also contend that current systems lack support for such functionality, requiring a round of expensive upgrades or re-architecture of existing systems.
However, it's not clear whether the lack of functionality refers to the lack of necessary reporting capability or from the lack of transaction recording ability related to additions, deletions, and modification of patient records. While reporting capability may be lacking, the ability of EHR applications to create shadow patient records reflecting changes and edits is known to exist in several current or upcoming versions. Instead, the problem may be an inability of existing vendor tools to easily access and present patient data outside of standard reporting scenarios without extensive modification of the application.
Is there a way to balance patient rights versus the administrative burdens for health care organizations? Instead of expensive EHR system upgrades, the answer may lie in providing an alternative to integrated EHR vendor reporting tools. These tools limit the ways in which medical record transactions can be reported and the ways staff can view changes to patient records. At best, they require involvement of the IT department to manipulate tabular data and to write custom reports, diverting IT staff from other operational work. However new intelligence applications, designed to manipulate and analyze unstructured data, can import raw data from the conventional relational models of EHR systems and analyze patient record transactions in ways not possible until now. These new analytical intelligence solutions provide health care compliance and privacy personnel the ability to easily adapt to new reporting requirements imposed by changing regulatory requirements. SaaS-based intelligence applications remove the need for diverting IT personnel to installation, configuration, and custom development of site-deployed software.
Veriphyr Identity and Access Intelligence for HIPAA provides effective verification that user activity corresponds with approved policies and authorized behavior, including modifications of patient records. Veriphyr analyzes identities, privileges, and user activity to detect violation of access control down to the record level to deter snooping into sensitive data or alteration of records.If you liked this story, follow us on Twitter by clicking on the Twitter icon below.
(a) Bill would require 'track changes' on electronic medical records - California Watch - June 13, 2011
(b) EHR Security Measure Might Have Hidden Consequences - California Healthline - May 12, 2011