Potential pitfalls: risk management for the EMR: Part 1

by Laura Brockway, ELS

By now, many physicians know that issues related to documentation are a leading cause of medical liability suits. For years, TMLT’s newsletter has featured closed claim studies and other articles that stress the importance of maintaining proper documentation. Most of these articles have been written for physicians who use paper records. This article will cover the documentation pitfalls specifically related to electronic medical records (EMRs) and how to avoid them. EMRs come with their own risk management considerations, and as more physicians begin using EMRs, it is important to address these issues.

In 2006, TMLT risk management representatives visited more than 1,700 physicians to help identify liability exposures and suggest methods to reduce risk. The following list is based on their observations and recommendations to physicians using EMRs.

Implement a strict policy regarding passwords and security. Authorized users of an EMR system are given passwords. The system associates the person who enters that password as the author of the entry in the patient’s medical record. It is imperative that passwords only be used by the individuals to whom they were assigned.

Staff members should not have access to the physician level of security because that would allow them to add or alter information as if they were the physician. Staff members should have their own passwords and level of security clearance based on their job functions. Again, avoid sharing passwords simply to make the entry of information easier. (TMLT risk management representatives have visited practices where all clinical staff share the physician’s password.)

Not all employees need access to the EMR. Some practices limit access to those in direct patient care. Others may allow non-clinical staff to only view (and not enter or edit) information in the EMR. When an employee who had access leaves the practice, delete his or her password immediately.

Ensure patient encounter records are locked. The information entered into the EMR is likely to be more accurate if done immediately after the visit. The date of dictation or date of transcription should be included. The author of each entry must take specific action to verify that the entry is his or hers and that it is accurate. Once a patient encounter entry is completed, the author should sign it and it should be locked in the system. Not all EMRs are set up to perform this task.

If information needs to be added or comments made after the entry has been locked, the new entry should be clearly identified as an addendum with current date, reference to the date being amended, the reason for the late entry, and electronic signature. Anyone who makes changes and addendums should ensure that they are clearly marked as such. Unclear, after-the-fact entries may be viewed as alterations to the medical record, which can compromise the defense of litigation.

Be aware that templates can import old or inaccurate information. Most EMRs have been designed with templates for patient encounters. While these drop-down menus save time, many physicians are not aware that some EMRs re-populate the same data in the templates for each subsequent visit.

For example, a physician sees a patient who has conjunctivitis and this is noted in the “review of systems” section. At the next visit, if the physician does not edit the “review of systems” section, the conjunctivitis is again noted. It will continue to be picked up from the templates, giving the impression that the treatment plan is not working or that the physician is not editing the record.

Conversely, some programs may be set up so that specific complaints default to “resolved” if the physician or the patient does not renew that complaint on the next visit. Notes should be individualized for each patient encounter, and relevant sections reviewed to avoid importing incorrect, redundant, and irrelevant information.

Make sure physician sign off is clear. Another potential weakness identified in some systems — it is not clear to an outside reviewer that the physician signed the record at the end of the visit. While physician signature could most likely be verified somewhere in the system, the note itself needs to be signed. Initiate an electronic signature when documenting patient encounters.

Additionally, some programs do not allow each clinical staff member making entries to authenticate the entry with a signature or initial. It is recommended that each staff member sign or initial all entries in the medical record or that the EMR “audit trail” be adapted to trace staff entries.

Review orders or emails before signing off with electronic signatures. In conjunction with the previous recommendation, signing an order is an affirmation that the order is correct. Auto-authentication techniques that do not require the author to review the entry should be avoided. Do not “universally” click off on a series of orders or emails without reading them. (A closed claim study involving this issue was published in the July-August 2005 issue of the Reporter.)

Enable tracking mechanisms. Most software programs include a tracking system to help ensure that patients have completed recommended tests or consultant referrals. However, risk management representatives have visited practices that are not using these systems or have not discovered them. These tracking systems can minimize exposure to allegations of failure to diagnose and can lead to better patient care. Specifically, they can provide ways to:

  • verify that the patient keeps the appointment or completes the test;
  • confirm receipt of the report;
  • prompt a call to the consultant, imaging center, or lab if a report is not received;
  • make sure the physician reviews the report;
  • communicate the results to the patient;
  • arrange for follow up if necessary; and
  • document all these steps with dates and electronic signatures.

It is strongly recommended that physicians employ these tracking systems. Additionally, if you are planning to purchase an EMR, do not buy one without a tracking system.

Please visit us next week for part 2 of risk management for the EMR. Please share your thoughts in the comments section on the article so far.