NR 512 HealthIT Topic of the Week and Impact on Practice
NR 512 HealthIT Topic of the Week and Impact on Practice
I selected the topic of the safety and security of EMR (electronic medical record). Since we are now required to use EMR’s in all healthcare industries and they hold such private and confidential information I consider the security of them to be very important and needed topic of discussion. We live in a technological society where we hear about security breaches from the IRS, major department stores, social media, etc. With all of the security breaches out there the thought of having EMR’s breaches is devastating. EMR’s are the future of the healthcare industry and have truly changed the way in which we operate. EMR’s offer us means of storage and retrieval of legible medical information from anywhere at any time. EMR’s have given us additional safety mechanisms for prescriptions, labs results, medications and vital signs as well as decision support software to offer suggestions. Electronic records allow for instant retrieval of history and physical, lab results, diagnostic results, and progress notes from anyone who has provided care to the patient. These records contain was has been referred to as “a life” (Ozair et al., 2015). What is being done to protect them? Is it enough? Computer hackers may look at breaching an EMR as a golden prize which contains personal, financial, medical, and physical information about any one person. Will we be able to protect this confidential information that we require from our patients from getting into the wrong hands? While EMR’s are now the norm for the future of healthcare the cyber-security mythologies should also be thoroughly understood before moving forward (Kruse et al., 2017). This affects me as a human who has a right to confidentiality as well as my future as a nurse practitioner and my patient’s right to confidentiality. When these breaches happen, they can shut down entire networks and make vitally needed information unobtainable and inaccessible. These breaches can ruin countless lives and create mistrust of the healthcare community, which can lead to people not seeking needed care.
Kruse, C. S., Smith, B., Vanderlinden, H., & Nealand, A. (2017). Security Techniques for the Electronic Health Records. Retrieved March 30, 2018, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5522514/
Ozair, F. F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: A general overview. Retrieved March 30, 2018, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4394583/
Click here to ORDER an A++ paper from our Verified MASTERS and DOCTORATE WRITERS: NR 512 HealthIT Topic of the Week and Impact on Practice
In my current practice setting at a rural, 300+ bed hospital, we have a number of measures to protect patient health information. Our IT department employs firewalls and maintains the security of our hospital Wifi. Audits are performed to monitor the accessing of patient charts, ensuring that they are being accessed for the correct reason and by appropriate staff. Whenever we click on a patient chart we have to either put that we are the patient’s nurse, charge nurse, or an auditor, for example. At every nurse’s station there is a shred box where we can safely dispose of excess paperwork that may have patient information on it. We also have mandatory online education to complete periodically that reviews how to keep patient information secure, appropriate actions and inappropriate actions, HIPAA guidelines, and the implications of not adhering to these rules. I think with today’s age of mass transfer of digital information the emphasis on protecting patient information cannot be enforced enough. When HIPAA (Health Insurance Portability and Accountability Act) was first initiated in 1996, the focus was mostly transferring of information from doctor to doctor, office to office, whereas now the focus over 20 years later is almost exclusively dedicated to protecting patient information (Dolan, 2014). While we live in an amazing time of electronic data capability, it comes with its own challenges with regards to safety and privacy.
Dolan, P. (2014). Protecting patient information. Ophthalmology Times, 39(10), 23-24.
Protecting patient health information is essential to be compliant with HIPPA guidelines. Although we should log out of charting as soon as we are done, some have to run to an emergency or forget. The computers automatically time out and log out of EPIC after a few minutes. All social media is disabled on our computers. We have a shred bin at each nurses station to put all patient labels and patient papers in after each shift or discharge. There are also signs in the elevators reminding staff that public locations are not for talking about patients. For our babies, each parent or mom and designated person gets a baby bracelet. Only people with bands on (or that know the band number via telephone) can get information about their babies. Most importantly, all traumas that come in get a trauma name and fake age. This is important to promote security as well. No one can find that patient using their real name. This protects that patient but also hopefully prevents others (ex: gunshot/gangs) from finding that person. Lastly, so many strangers want to come see the babies. All of our babies are in their rooms with parents. If people do not know the name of the mother, they are not allowed in. I cannot stress how many times people have come in and said the fathers name or babys name or babys name or “not know who they are visiting.” Unless you can give a valid name, we cannot tell you where they are.
Within my practice setting, we have multiple resources and strategies to help secure patient health information.
Currently, I am employed as a cardiac diagnostics nurse. Our department is detached from a large waiting area adjacent to the cardiologist’s office. One of the privacy strategies used is with the design of the department. This department only allows for patients who are undergoing cardiac diagnostic testing (e.g., no family or friends are allowed in the procedural waiting area). We have a room where patients are privately greeted, pertinent history is obtained, and their procedure expectations/concerns are discussed. The rest of the procedure process allows for privacy of each individual and they only discuss what they want to discuss with other individuals waiting on their procedures.
Additionally, the resources that we have available for protecting patient’s privacy include: computer privacy screens, safeguards to electronic medical records (EMRs), and a document destruction box for papers identifying patient information. The computer privacy screens make it challenging for onlookers to view patient information that is on the computer. While most computers are at a distance from where potential eyes may linger, this added protection assists with making it more difficult for others to see patient names, addresses, or diagnoses.
We have quite a few safeguards that are in place for our EMRs. In addition to the firewall and encryption systems, we have a secure login with a password that includes uppercase, lowercase, numerical, and special character values. Also, our passwords change every sixty days and a year must go by before you can reuse a password. Patients are listed based on the department/area that an employee works in. So, an employee is not able to view every patient in the physician’s office and/or hospital. Patients are listed by their names, date-of-birth, and medical record number. Employees cannot access patient health information without opening charts. The EMR has an audit tool built in so that each audit notes who accessed the chart, the date and time the chart was accessed, and what area of the chart was accessed and/or documented on. This helps patients feel secure in knowing that their health information should only be accessed by employees who have a “need to know” basis for viewing the information. Also, patients may request additional security and be listed as a private patient. When this happens, any employee must sign-in and “break the glass” to obtain patient information. This requires re-entering the login information and documenting why the chart is being accessed (e.g., chart audit, primary care, etc.).
We have document destruction boxes located in every department. Certain forms—such as consents for treatment, echocardiograms, and identification labels, are on paper until they are scanned into the charts. Once they are scanned into the charts, the papers that contain patient information are placed into the destruction box. Our facility has a contract with a company who securely empties the boxes and destroys the information within them.