A guide to mitigating audit log-related risk in medical professional liability cases.
Journal
Journal of healthcare risk management : the journal of the American Society for Healthcare Risk Management
ISSN: 2040-0861
Titre abrégé: J Healthc Risk Manag
Pays: United States
ID NLM: 9305245
Informations de publication
Date de publication:
Oct 2023
Oct 2023
Historique:
received:
14
04
2023
accepted:
13
06
2023
medline:
23
10
2023
pubmed:
24
7
2023
entrez:
24
7
2023
Statut:
ppublish
Résumé
Following the American Recovery and Reinvestment Act in 2009, use of electronic health records (EHRs) has become ubiquitous. Accordingly, one should expect most medical professional liability cases to involve review of patient records produced from EHRs. When questions arise regarding who was involved in care of a patient, what they knew and when, or the meaning, completeness, integrity, validity, timeliness, confidentiality, accuracy, or legitimacy of data, or ways that the EHR's user interface or automated clinical decision support tools may have contributed to the alleged events, one often turns to the EHR and its audit log. This manuscript discusses lines of defense incorporated into the design, development, implementation, and use of EHRs to ensure their integrity and the types of EHR transaction logs (e.g., audit log) that exist. Using these logs can help one answer questions that often arise in medical malpractice cases. Finally, there are "best practices" surrounding EHR audit logs that health care organizations should implement. When used appropriately, EHRs and their audit logs provide another source of information to help hospital risk managers, legal counsel, and EHR expert witnesses to investigate adverse incidents and, if needed, prosecute or defend clinicians and/or health care organizations involved in the patient's care.
Types de publication
Journal Article
Langues
eng
Pagination
37-47Informations de copyright
© 2023 American Society for Healthcare Risk Management of the American Hospital Association.
Références
Health IT.gov. Certification Standards and Regulations. Accessed 7.18.2022. https://www.healthit.gov/topic/certification-ehrs/certification-standards-and-regulations
Department of Health and Human Services Administrative Data Standards and Related Requirements. CFR § 164.312.b Audit Controls. Accessed 6.16.2022. https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C/section-164.312
ASTM E2147-18 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems. Accessed 6.15.2022. https://www.astm.org/e2147-18.html
Sittig DF, Wright A. Identifying a clinical informatics or electronic health record expert witness for medical professional liability cases. Appl Clin Inform. 2023.14(2):290-295. PMID: 36706791. https://doi.org/10.1055/a-2018-9932
Code of Federal Regulations 45 CFR § 164.310 Physical safeguards. Accessed 4.4.2023. https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
Sittig DF, Gonzalez D, Singh H. Contingency planning for electronic health record-based care continuity: a survey of recommended practices. Int J Med Inform. 2014;83(11):797-804. Epub 2014 Aug 7. PMID: 25200197. https://doi.org/10.1016/j.ijmedinf.2014.07.007
Sittig DF, Singh H. A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl Clin Inform. 2016;7(2):624-32. PMID: 27437066; PMCID: PMC4941865. https://doi.org/10.4338/ACI-2016-04-SOA-0064
AHIMA. Disaster Planning and Recovery Toolkit. 2020. Accessed 5.1.2023. https://bok.ahima.org/PdfView?oid=302895
HealthIT.gov §170.315(d)(13) Multi-factor authentication. Accessed 4.6.2023. https://www.healthit.gov/test-method/multi-factor-authentication
de Carvalho Junior MA, Bandiera-Paiva P. Health information system role-based access control current security trends and challenges. J Healthc Eng. 2018;2018:6510249. https://doi.org/10.1155/2018/6510249
HealthIT.gov §170.315(d)(3) Audit report(s). Accessed 4.6.2023. https://www.healthit.gov/test-method/audit-reports
Samaritan GA. Correcting errors in the electronic medical record. Risk Rx Archives. 2014;11(1) January- March.
Code of Federal Regulations § 164.308. a.1.ii.D Administrative safeguards. https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C/section-164.308
Tariq RA, Hackert PB. Patient confidentiality. StatPearls. StatPearls Publishing; 2023. Accessed 4.6.2023. https://www.ncbi.nlm.nih.gov/books/NBK519540/
HIPAA Journal. Two employees fired for Jason Pierre-Paul HIPAA breach. HIPAA J. 2016. Accessed 5.8.2023. https://www.hipaajournal.com/two-employees-fired-for-jason-pierre-paul-hipaa-breach-8303/
Department of Health and Human Services. 45 CFR Parts 170 and 171 RIN 0955-AA01 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program; Federal Register/Vol. 85, No. 85/Friday, May 1, Accessed 7.5.2023 2020. https://www.federalregister.gov/documents/2020/08/04/C2-2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification
Whitehead NS, Williams L, Meleth S, et al. Interventions to improve follow-up of laboratory test results pending at discharge: a systematic review. J Hosp Med. 2018;13(9):631-636. PMID: 29489926; PMCID: PMC9491200. doi:10.12788/jhm.2944
Center for Medicare and Medicaid Services. Medicare Claims Processing Manual Chapter 1 - General Billing Requirements. 2023. Accessed 5.8.2023. https://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/Downloads/clm104c01.pdf
Department of Health and Human Services. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. Federal Register Vol. 85, No. 85, May 1, 2020. https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf
Epic Systems. EHI Export Schema. Accessed 4.6.2023. https://open.epic.com/EHITables/GetTable/_index.htm
AHIMA, AMIA, EHRA Electronic Health Information (EHI) Task Force. Defining EHI and the Designated Record Set in an Electronic World. 2022. Accessed 4.6.2023. https://www.ahima.org/media/vxwhhcti/ehi-task-force-report-revision-final.pdf
Overhage JM, McCallie D Jr. Physician time spent using the electronic health record during outpatient encounters: a descriptive study. Ann Intern Med. 2020;172(3):169-174. Epub 2020 Jan 14. Erratum in: Ann Intern Med. 2020 Oct 6;173(7):596. https://doi.org/10.7326/M18-3684
AHIMA. Fundamentals of the legal health record and designated record set. J AHIMA. 2011;82(2):expanded online version. Accessed 4.6.2023. https://library.ahima.org/doc?oid=104008#.ZC9DJXbMK3A
CMS Quality Payment Program. Promoting Interoperability: Traditional MIPS Requirements. Accessed 4.7.2023. https://qpp.cms.gov/mips/promoting-interoperability
Miller RA, Waitman LR, Chen S, Rosenbloom ST. The anatomy of decision support during inpatient care provider order entry (CPOE): empirical observations from a decade of CPOE experience at Vanderbilt. J Biomed Inform. 2005;38(6):469-85. Epub 2005 Oct 21. https://doi.org/10.1016/j.jbi.2005.08.009
Payne TH, Graham G. Managing the life cycle of electronic clinical documents. J Am Med Inform Assoc. 2006;13(4):438-45. Epub 2006 Apr 18. PMID: 16622169; PMCID: PMC1513669. https://doi.org/10.1197/jamia.M1988
Office of the National Coordinator for Health Information Technology. Frequently asked questions. (Accessed 83.31.2023) https://www.healthit.gov/faq/what-onc-authorized-testing-and-certification-body#
Cohen G, Brown L, Fitzgerald M, Somplasky A. To Measure The Burden of EHR Use, Audit Logs Offer Promise-But Not Without Further Collaboration. Health Affairs Blog. February 28, 2020. https://www.healthaffairs.org/do/10.1377/forefront.20200226.453011
Horsky J, Kuperman GJ, Patel VL. Comprehensive analysis of a medication dosing error related to CPOE. J Am Med Inform Assoc. 2005;12(4):377-82. Epub 2005 Mar 31. https://doi.org/10.1197/jamia.M1740
Vawdrey DK, Wilcox LG, Collins S, et al. Awareness of the care team in electronic health records. Appl Clin Inform. 2011;2(4):395-405. https://doi.org/10.4338/ACI-2011-05-RA-0034
Microsoft Support. Create a pivot table to analyze worksheet data. (Accessed 3.31.2023) https://support.microsoft.com/en-us/office/create-a-pivottable-to-analyze-worksheet-data-a9a84538-bfe9-40a9-a8e9-f99134456576
Rule A, Chiang MF, Hribar MR. Using electronic health record audit logs to study clinical activity: a systematic review of aims, measures, and methods. J Am Med Inform Assoc. 2020;27(3):480-490. https://doi.org/10.1093/jamia/ocz196
Abitbol L, Tenedero CB, Sepiashvili L, et al. Routine T4 No More? Reducing excess thyroid hormone testing at a pediatric tertiary care hospital. J Pediatr. 2021;236:269-275.e1. Epub 2021 May 11. https://doi.org/10.1016/j.jpeds.2021.05.010
Sittig DF, Lakhani P, Singh H. Applying requisite imagination to safeguard electronic health record transitions. J Am Med Inform Assoc. 2022;29(5):1014-1018. PMID: 35022741; PMCID: PMC9006683. https://doi.org/10.1093/jamia/ocab291
Ehlers A, Dyson RL, Hodgson CK, Davis SR, Krasowski MD. Impact of daylight saving time on the clinical laboratory. Acad Pathol. 2018;5:2374289518784222. PMID: 30023429; PMCID: PMC6047237. https://doi.org/10.1177/2374289518784222
UTC Time Zone Converter. Accessed 2.22.2023. https://www.utctime.net/utc-time-zone-converter
HIPAA Security Series. Chapter 4 Security Standards: Technical Safeguards. 2007. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
Mishra P, Kiang JC, Grant RW. Association of medical scribes in primary care with physician workflow and patient experience. JAMA Intern Med. 2018;178(11):1467-72.
Walsh T, Miaoulis WM. “Privacy and Security Audits of Electronic Health Information (2014 update)”. J AHIMA. 2014;85(3):54-59. (Accessed 6.16.2022) https://bok.ahima.org/doc?oid=300276#.YqtcoXbMJPY
Department of Health and Human Services Administrative Data Standards and Related Requirements. CFR § 164.312.a.2.iii Technical safeguards. Accessed 6.16.2022. https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C/section-164.312
Levinson DR. Not all recommended fraud safeguards have been implemented in hospital EHR technology. 2013; OEI-01-11-00570. Accessed 5.2.2023. https://oig.hhs.gov/oei/reports/oei-01-11-00570.pdf
Graber ML, Siegal D, Riah H, et al. Electronic health record-related events in medical malpractice claims. J Patient Saf. 2019;15(2):77-85. https://doi.org/10.1097/PTS.0000000000000240
Sittig DF, Ash JS, Singh H. The SAFER guides: empowering organizations to improve the safety and effectiveness of electronic health records. Am J Manag Care. 2014;20(5):418-423. PMID: 25181570. (Accessed 7.5.2023) https://www.ajmc.com/view/the-safer-guides-empowering-organizations-to-improve-the-safety-and-effectiveness-of-electronic-health-records