Electronic health records and patient privacy go beyond technical security practices
Gone are the days of paper files and hastily tracking patient care on the backs of tongue depressors and other medical paraphernalia. With the shift to electronic health records (EHRs) well underway at assisted living and long-term care communities, patients, clinical staff and administration alike have much to look forward to with the digitization of medical records.
With the convenience of centralized patient health records and increased transparency in patient care come privacy concerns and security risks associated with the use of endpoints such as tablets, smartphones and laptops.
As an administrator or director, have you considered the impact the transition will have on your clinical staff, and ultimately, on resident and patient privacy? Does your staff know how to operate the new devices, and are they accurately inputting patients' personal information? Do you manage who can access patient records, and will you have the right management and training measures in place before the transition to electronic records is complete?
As the transitions come to fruition, one of the first obstacles communities are facing is the learning curve associated with the use of mobile devices and laptops. The clinical staff is traditionally accustomed to paper files and manually tracking patient care. Because they've never been required to use such devices in their professional lives, they not only need to learn the new EHR software, but many times they also need to learn basic skills to operate the devices. To effectively manage the transition, communities need to understand that there is a level of new learning required to get the staff up to speed. Some technology providers managing the transition offer training courses for staff and a 24/7 help desk, ensuring that patient records can be updated effectively and on time, despite the learning curve.
The second major challenge communities face is ensuring the devices are being used properly – specifically, that the devices are being used as care is administered. Because paper files were difficult to manage, there was no way of knowing when or how patient information was tracked. One of the key benefits of electronic health records is more accurate management of patient medical information. Communities can implement tracking services that monitor how staff are entering data – ensuring that patients are receiving medication on time and patients and residents are receiving the appropriate level and frequency of care.
Security practices of clinical and administrative staff creates a third challenge confronting long-term care and senior living communities. On top of security requirements, such as mandated encryption for files stored on mobile devices, staff need to be trained to use authentication systems. Despite layers of technical security that may be in place, patient files are only as safe as staff security practices.
Life Enriching Communities, best known for its Twin Towers and Twin Lakes senior living communities in the Cincinnati, OH metro region, is an example of a family of communities taking the extra step to ensure the privacy of patient records. Dual authentication, which is a process now mandated in Ohio and likely to follow in other states, requires two levels of security to access the network and protected patient files. To comply with the regulation, Life Enriching Communities requires its clinical staff to use a password to access the network and an employee access card must be scanned in order to log into software that manages private patient information.
Recognizing that security needs to be more than a two-step process, Life Enriching Communities requires that employees be trained in how to use the devices, and how to manage personal access to the systems. In an effort to protect the employees and patient records, Life Enriching Communities makes it a priority to help its employees understand the security implications of loaning out passwords and employee access cards. Since the system is tracked by user passwords and employee access cards, the company requires its employees to participate in training that covers the repercussions that can be involved in loaning credentials, regardless of how harmless the intent may be.
Presbyterian Senior Living, a network of senior living and long-term care communities located across Pennsylvania, Maryland and Delaware, started the transition to electronic health records nearly five years ago. The company attributes the successful implementation to the progressive technology framework already in place, and its commitment to educating its staff on keeping resident health records safe and private.
While many training programs cover standard HIPAA messaging and guidelines, Presbyterian Senior Living requires annual training for its staff, including material tailored to the organization's policies. Presbyterian Senior Living believes successful implementation is two-fold and needs to go beyond annual training for its staff. Policies need to be put in place that not only educate but also include consequences for willfully compromising the integrity of patient health records.
Because Presbyterian Senior Living staff have ongoing training to use the technology and adopt safe and secure practices when accessing private patient information, the staff act as safety officers protecting the integrity of the network. Those most familiar with the systems can recognize a potential security breach and are trained to bring it to the attention of Presbyterian Senior Living management, or their technology providers, Prelude Services.
Security and patient privacy are top concerns for long-term care and senior living communities as they move toward electronic health records. But, to ensure that security practices are penetrating every layer of the organization, these communities need to understand that security goes beyond the implementation of new technologies. Long-term care and senior living communities like Life Enriching Communities and Presbyterian Senior Living are providing staff with the tools and training they need to enforce sound security practices. Making the extra investment goes a long way in ensuring patient and resident records remain safe and private.
Dennis Stufft is the president at Prelude Services.