Electronic Health Record and Its Implication on Anesthesia Practice

Electronic Health Record and Its Implication on Anesthesia Practice 

The origins of the present electronic health record (EHR) systems date back as early as the 1960s. Teaching hospitals developed systems with hopes of creating a comprehensive patient database to manage and store patient health information; and shortly thereafter, the federal government instituted an EHR in the US Department of Veterans Affairs by the 1970s (Balestra, 2017). We are on the brink of a time of growing medical understanding, especially with a vast amount information to support healthcare decisions. Healthcare informatic concepts and tools are now part of the basis of biomedical science (Coorevits, et al., 2013). The development of health information technology (HIT) over the last 20 years have surely reformed the way health care is performed and how this information is being recorded. Currently, healthcare practice creates data exchanges and stores massive amounts of patient‐specific information in EHRs and ancillary databases (Coorevits, et al., 2013).

Hopefully, as key stakeholders develop healthcare policies and practice guidelines, they will use that to make a positive impact by integrating newer technologies into complex healthcare environments. In addition, the U.S. Health Information Technology for Economic and Clinical Health (HITECH) Act was adopted to promote electronic health records and related functionality (Cresswell, Bates, & Sheikh, 2013). However, it must have had to be determined if the existing technology could support these newer technologic goals.

Independent organizations are principally making these efforts. Research has shown that combining health records to create a more comprehensive health record is beneficial to healthcare organizations, providers, patients, and administrative staff. Some examples of these benefits include a reduction in costs, improved quality of care, the advancement of evidence-based medicine and record keeping and flexibility (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013).

Standards and Regulations

In February of 2009, the President signed into law the American Recovery and Reinvestment Act (ARRA). This act endorsed an almost 20-million-dollar investment to promote the use of EHRs in America. In addition, after the enactment of the ARRA, the HITECH Act was also put into action to further protect and promote the use of EHRs. The HITECH Act offered financial incentives to healthcare organizations that would implement an EHR system that would meet government standards. Subsequently, the Department of Health and Human Services (HHS) devised two regulations to encourage the use of EHR technology in the United States: 1) a notice of proposed rules for eligible providers, hospitals, and critical access hospitals to qualify for additional Medicare or Medicaid payments for the application and demonstration of Meaningful Use of EHR technology; and 2) developed a set of standards and certification criteria for EHR implementation (Galvez, et al., 2015). The EHR is a legal, computerized health record and therefore must be maintained according to state and federal standards (Balestra, 2017).

Legal and Ethical Issues

 There are apparent, as well as hidden, legal responsibilities associated with EHRs. Providers should perform best practices when entering information, especially with remarks, addenda, and corrections after patient visits (Balestra, 2017). Some researchers suggest that audit logs and a de-identification method of patient’s health modifiers will reduce the incidence of ethical dilemmas. According to Fernández-Alemán, Carrión, Sr, Lozoya, & Toval (2013), each patient should have the ability to review their audit information and determine who has accessed their EHR, what information was retrieved, for how long, and for what purpose. Patients should also have information related to the creation of the record, specific instances of how the document is used, the process or processes by which the file is updated and eventually deleted (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013).

 Significant ethical and legal consequences are associated with de-identification when using information for investigation (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). The process of de-identification involves changing identifiers from the personal health data so that proof of identity is not reasonably possible. This process is done to prevent the misuse of information. Ethical misuse could be in the form of denial of health insurance coverage. Other issues that may involve comprehensive EHRs that may lead to legal and ethical issues are copying and pasting of health record notes, the standardized use of work templates, late entries and changes, and incomplete documentation.

 Healthcare providers are notorious for copying and pasting notes within the medical record in attempts to save time. Anesthesia providers may want to clone details from a previous exam, patient history, or event, but the information could be outdated or inaccurate (Balestra, 2017). An error like this would decrease the truthfulness of the medical record. In addition, if a provider mistakenly copied and pasted previous recorded vital signs and they are constantly repeated, that information could be used to bring about litigation for malpractice. Utilizing templates for specific health conditions can also produce legal issues. Templates that are very diagnosis specific or do not allow the input of newer information or test results for possible alternative conditions can open the provider to legal liability (Balestra, 2017). Another legality of the EHR are the alerts and triggered recommendations that come from the clinical support system. Bad habits can lead to disregarding these alert references from clinical support. Most comprehensive EHR systems record the time spent reviewing alerts and recommendations; and if that time is limited and something happens to a patient, the anesthesia provider could be held liable (Balestra, 2017). Late entries, failure to document, and incomplete or inaccurate documentation continue to cripple electronic medical records. The EHR is no different than handwritten healthcare notes in that “if it was not documented, it was not done.” It is difficult for anesthesia providers to document in the electronic record in real time due to the nature of the profession. It is negligent to pay more attention to the computer screen than the care of the patient in the operating room (OR). Consequently, revisions and changes to the EHR can occur; however, an ethical dilemma exists for this type of practice. Anesthesia providers have an ethical obligation to confirm that the record is completed on time as close to real time as possible. Documenting information after certain points in patient care or adding post-surgery addendums, corrections, retractions, deletions, or other late entries to the electronic record can expose anesthesia providers to liability and/or Board of Nursing issues (Balestra, 2017). Other issues that could present a problem are failure to electronically sign the chart or note, check marked boxes that lack supporting evidence that those services were performed such as auto-filled options. Failure to completely check the entire EHR for accuracy before sending the information into the record may jeopardize how truthful the patient or other providers believe that the information in the health record is (Balestra, 2017).

 Patient Safety.

EHRs can present patient safety concerns. Anesthesia providers must remain diligent and take precautionary measures to protect themselves and assure their patient’s safety. A positive step towards this endeavor comes in the form of EHR training classes offered by the organization. These types of courses are important because they confirm that specific criteria are met and that the operators can use the system as it was planned. Although it may seem futile, lack of eye contact can cause an issue with patient safety. Imagine when a provider stares at the computer screen as they attempt to input information into the EHR in real time with the patient behind their back. Patients often feel disregarded and this creates a communication block, potentially interfering with discussions about the patient’s current health status, recent test results, or any medications the patient is taking (Balestra, 2017). Medication safety is a primary patient safety concern, as the categories of prescribing, transcribing, dispensing, and administering can be disorganized, leading to EHR-associated medication administration errors (Balestra, 2017). As I stated earlier, templates can create a problem due to the automatic nature of how it documents into the medical record. Clinical decision-making is based on real-time information, so other patient care issues can occur when anesthesia providers have access to incomplete information when dealing with a patient; for instance, the workstation is offline and no back-up is available or patient medical data (Balestra, 2017). By integrating these recommendations into their practices, anesthesia providers can help ensure quality patient care, patient safety, and increased efficiency.

Security and Privacy.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) offers data privacy and security requirements for safeguarding medical information (Balestra, 2017). The security management procedure standard is a requirement in the HIPAA Security Rule, and HIPAA privacy and security requirements are rooted in the Medicare and Medicaid Electronic Health Record Incentive Programs through the meaningful use requirement (Balestra, 2017). Violating privacy when using the EHR will result in hefty fines of HIPAA. All healthcare providers are focused on preventing unauthorized access to patient information, including threats from poor password management, disgruntled or disloyal coworkers, and external threats, such as theft of electronic devices containing health information (Balestra, 2017). Policy development has made little progress for the changing of some privacy issues relating to movement from a paper-based health record system to one that is integrated and electronic (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Even with improvements in cyber security, it is difficult to stay ahead of hackers. With each progression in technology, increased threats to the patient’s EHR and privacy have led to situations in which their health information is confronted by newer security and privacy threats (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013).

There are three key safety goals that are used to promote EHR security, these being confidentiality, integrity, and availability (CIA). Confidentiality is that the protection and security of personal information is critical in the healthcare arena; therefore, it is necessary to guarantee the CIA of all personal health information (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). The integrity of health information must be protected to safeguard patient safety. An important element of this protection is the guaranteeing that the information’s entire life cycle is completely inspected; while availability refers to the nature of being available and practical when needed by an authorized entity (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Health informatics systems must remain functioning in the face of natural disasters, and system failures. Security also involves accountability, which refers to people’s right to criticize or ask why something has occurred (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). There have been many threats with regards to security and privacy of EHRs, such as hackers, viruses, and internet worms. It is extremely important to know and understand how these dangers affect the EHR so that proper measures can be instituted to protect the data. Failure to maintain data security and privacy is becoming a global epidemic.

According to Fernández-Alemán, Carrión, Sr, Lozoya, & Toval (2013), a recent study estimated that there are almost 25 million forced authorizations for the disclosure of health records in the United States (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Anesthesia providers must take precautionary measures in ensure that provider access to health records is on a need to know basis only.

Allowing patients to access their own healthcare records is a step towards improving the healthcare system and promotes ownership of their well-being. However, this opens new security threats. There could be various levels of access within an EHR. A patient’s EHR might be divided and available from several locations, such as when patients visit different doctors’ offices, hospitals, and other providers (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Flaws in this type of security could cause the release of information to unauthorized persons or companies; therefore, extra precaution should be taken to protect medical information from manipulations or unauthorized accesses (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). This also includes access by administrative staff. EHRs could have issues with privacy because staff with higher level access may gain access to patient information without their consent (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). To assure that this rarely occurs, most organizations require the input of a user authentication process be enforced. User verification can be defined as the way in which users prove their validity to the EHR by submitting their username or identity (ID) with an associated password (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Another type of user validation is data authentication. Data authentication is the process used to ensure the origin of a data source, which is usually done by a digital signature scheme. (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Caution must be taken with these since it is possible to have your user ID and password information stolen. The use of passwords as a means of authentication predisposes the EHR to many types of attacks. For instance, using passwords as a way of authentication exposes the record to “electronic monitoring or unauthorized access to the password file ” (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). More intense security features involve using a two-factor authentication process. According to Fernández-Alemán, Carrión, Sr, Lozoya, & Toval (2013), there are three specific ways to maintain a proper security ID system, with at least two of them to endorse the implementation: “something a person knows” (login ID, email address, password, PIN); “something a person has” (key, swipe card, access card, digital certificate); or “something that identifies a person” (face and voice pattern identification, retinal pattern analysis, hand characteristics or automated fingerprint analysis based on pattern recognition). Newer technology has focused on a radiofrequency-type ID badge. Using a badge with an embedded radiofrequency ID chip might be considered invasive to some experts; however, it could also be beneficial for securing health information (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). This type of badge would hold users accountable for their actions within an EHR.

Workflow Processes – Benefits and Implications.

The workflow processes of a comprehensive EHR are both rewarding and challenging. Anesthesia providers deliver care founded on evidenced-based practice. Anesthesia care workflow processes must be supported by the EHR to incorporate these best care practice. In other words, EHRs should possess continuous workflows that display the correct tools, have evidence-based content, and trigger information at the right time for optimal clinical decision making (O’Brien, Weaver, Settergren, Hook, & Ivory, 2015). The manner in which anesthesia providers are able to document in the EHR should capture their impact on the entire interaction between patient and provider. This is a means to demonstrate the safe, efficient, and reliable patient care that nurse anesthetists have been proven to deliver. Nowadays, most health care organizations receive compensation for services based on patient outcomes following care. The documentation provided by nurse anesthetists in the EHR can show the degree of quality of care delivered not only in the perioperative process but any area of the healthcare organization requiring anesthesia services. According to a study by Jang, Yu, Kim, Moon, & Kim (2013), electronic anesthesia records were found to be more complete than that of manual, paper records, perhaps due to the automatic transferring of data and reuse of information from the EHR.

The EHR is not without its liabilities. Advancements in technology can be annoying for providers who are the primary users of the EHR because the updates and revisions may not fit their usual workflows (Cresswell, Bates, & Sheikh, 2013). For example, nurse anesthetists will have different documentation requirements than those of anesthesiologists. Regardless of the desires or requests of the users, the ultimate focus is to provide the highest quality of care. Extensive training on the EHR is fundamental to achieve stakeholder buy-in. Training is often specific to the user; however, caution must be exercised that the user understands the entire function of the EHR. In training, users gain the most retention of information when it involves simulation of their actual role simulate the actual working environment as possible (Cresswell, Bates, & Sheikh, 2013).

Another issue in the workflow process involves emergencies. Standard policies are overlooked in the face of emergencies. When this occurs, specific job roles must be reviewed, and their actions must be entirely justified. However, some accesses should always be prevented because they cannot help in dealing with emergencies and could signify mishandling of patient information (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013). Furthermore, reviews or audit-logs are an essential part of the workflow process. Audit logs can identify if a patient’s EHR has been compromised. Reviewing user access of patient files is imperative for safety and security, and it is critical that the policies put in place to protect patient privacy are enforced (Fernández-Alemán, Carrión, Sr, Lozoya, & Toval, 2013).

It is difficult to sense EHR-related safety concerns, as well as prevent them because the issues can be extremely complex. EHR-related safety concerns are challenging because they are often complex, involving the potentially unsafe functions of the EHR as well as user behaviors, organizational characteristics, and rules and regulations that control EHR-related activities (Meeks, et al., 2014). Nurse anesthetists must remain vigilant in their documentation practices and protection of patient information within the EHR. It can be expected that with the extensive economic and healthcare organization investments made into the implementation of EHRs nationwide, electronic prescribing, telehealth, and related technologies will modernize healthcare work processes and improve the value, security, and proficiency of care delivered (Cresswell, Bates, & Sheikh, 2013).

Conclusion.

Electronic health information systems have become a permanent component in health care (Balestra, 2017). While it has improved overall health care and increased provider accountability, more work needs to be done to guarantee the best in security, privacy, safety, and efficiency. Nurse anesthetists continue to balance patient care with data entry requirements. Meanwhile, most are aware that information technology is vital for improving the quality of care; therefore, they are devoted to working with these systems to improve user functionality (Balestra, 2017). Having a mature EHR system obviously does not eliminate the EHR-related safety concerns (Meeks, et al., 2014). All providers must continually assess the integrity of the EHR to prepare for future updates and submit their user suggestions, especially after the ‘go live’ process has occurred.

References

• Balestra, M. L. (2017). Electronic Health Records: Patient Care and Ethical and Legal Implications for Nurse Practitioners. Journal of Nurse Practitioners, 13(2), 105-111. doi:10.1016/j.nurpra.2016.09.010
• Coorevits, P., Sundgren, M., Klein, G. O., Bahr, A., Claerhout, B., Daniel, C., . . . Kalra, D. (2013). Electronic health records: new opportunities for clinical research. Journal of Internal Medicine, 274(6), 547-560. doi:10.1111/joim.12119
• Cresswell, K. M., Bates, D. W., & Sheikh, A. (2013). Ten key considerations for the successful implementation and adoption of large-scale health information technology. Journal of the American Medical Informatics Association, 20(e1), e9-e13. doi:10.1136/amiajnl-2013-001684
• Fernández-Alemán, J. L., Carrión, Sr, I., Lozoya, P. Á., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. doi:10.1016/j.jbi.2012.12.003
• Galvez, J. A., Rothman, B. S., Doyle, C. A., Morgan, S., Simpao, A. F., & Rehman, M. A. (2015, September). A Narrative Review of Meaningful Use and Anesthesia Information Management Systems. International Anesthesia Research Society, 121(3), 693-706. doi:10.1213/ANE.0000000000000881
• Jang, J., Yu, S. H., Kim, C.-B., Moon, Y., & Kim, S. (2013). The effects of an electronic medical record on the completeness of documentation in the anesthesia record. International Journal of Medical Informatics, 82(8), 702-707. doi:10.1016/j.ijmedinf.2013.04.004
• O’Brien, A., Weaver, C., Settergren, T., Hook, M. L., & Ivory, C. H. (2015). EHR Documentation: The Hype and the Hope for Improving Nursing Satisfaction and Quality Outcomes. Nursing Administration Quarterly, 39(4), 333-339. doi:10.1097/NAQ.0000000000000132