Question

You are the privacy and security officer for your facility; your background is HIM and you are an RHIA with the Certified in Healthcare Privacy and Security (CHPS) credential. You are part of a team that is reviewing the RFPs received from various EHR vendors. Your emphasis in the review will be the privacy and security issues. You know that there are many privacy requirements, some of which are policy related; however, many impact the functionality of information systems. You are in the process of reviewing the RFPs that were returned to you be various EHR vendors. One of the RFPs states that they are HIPAA compliant, so you decide to comapare their product to the HIPAA security regulations to determine if this is true.

1. What privacy functions should you look for in the EHR?

2. What security functions should you look for in the EHR?

3. Is the fact that the vendor claims to be HIPAA compliant adequate for the system you choose?

Answer 1

1). Electronic health record (EHR) – The patient's information in an electronic record, which conforms to nationally recognized interoperability standards and, which can be created and accessed by authorized medical professionals from more than one healthcare organization.

To avoid the issues of operating and maintaining electronic health records, the following measures can be considered.

1). Train the medical staff and physicians to access the electronic health records appropriately. This must also include the skills of identifying unauthorized access.

2). The staff that is not associated with providing the direct patient care must not access the patient information. Accessing such information is considered as breaching the patient's privacy rights.

3). Safe storage of information from time to time in an external drive is always suggested to avoid the data loss due to unexpected data loss.

4). Using barcode system can be an effective method to avoid abuse and also errors that occur while applying the information to a particular patient.