NR 512 Week 6 Discussion: HealthIT Topic of the Week and Impact on Practice

NR 512 Week 6 Discussion: HealthIT Topic of the Week and Impact on Practice

NR 512 Week 6 Discussion: HealthIT Topic of the Week and Impact on Practice

I selected the topic of the safety and security of EMR (electronic medical record). Since we are now required to use EMR’s in all healthcare industries and they hold such private and confidential information I consider the security of them to be very important and needed topic of discussion. We live in a technological society where we hear about security breaches from the IRS, major department stores, social media, etc. With all of the security breaches out there the thought of having EMR’s breaches is devastating. EMR’s are the future of the healthcare industry and have truly changed the way in which we operate. EMR’s offer us means of storage and retrieval of legible medical information from anywhere at any time. EMR’s have given us additional safety mechanisms for prescriptions, labs results, medications and vital signs as well as decision support software to offer suggestions. Electronic records allow for instant retrieval of history and physical, lab results, diagnostic results, and progress notes from anyone who has provided care to the patient. These records contain was has been referred to as “a life” (Ozair et al., 2015). What is being done to protect them? Is it enough? Computer hackers may look at breaching an EMR as a golden prize which contains personal, financial, medical, and physical information about any one person. Will we be able to protect this confidential information that we require from our patients from getting into the wrong hands? While EMR’s are now the norm for the future of healthcare the cyber-security mythologies should also be thoroughly understood before moving forward (Kruse et al., 2017). This affects me as a human who has a right to confidentiality as well as my future as a nurse practitioner and my patient’s right to confidentiality. When these breaches happen, they can shut down entire networks and make vitally needed information unobtainable and inaccessible. These breaches can ruin countless lives and create mistrust of the healthcare community, which can lead to people not seeking needed care.

Kruse, C. S., Smith, B., Vanderlinden, H., & Nealand, A. (2017). Security Techniques for the Electronic Health Records. Retrieved March 30, 2018, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5522514/

Ozair, F. F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: A general overview. Retrieved March 30, 2018, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4394583/

In my current practice setting at a rural, 300+ bed hospital, we have a number of measures to protect patient health information. Our IT department employs firewalls and maintains the security of our hospital Wifi. Audits are performed to monitor the accessing of patient charts, ensuring that they are being accessed for the correct reason and by appropriate staff. Whenever we click on a patient chart we have to either put that we are the patient’s nurse, charge nurse, or an auditor, for example. At every nurse’s station there is a shred box where we can safely dispose of excess paperwork that may have patient information on it. We also have mandatory online education to complete periodically that reviews how to keep patient information secure, appropriate actions and inappropriate actions, HIPAA guidelines, and the implications of not adhering to these rules. I think with today’s age of mass transfer of digital information the emphasis on protecting patient information cannot be enforced enough. When HIPAA (Health Insurance Portability and Accountability Act) was first initiated in 1996, the focus was mostly transferring of information from doctor to doctor, office to office, whereas now the focus over 20 years later is almost exclusively dedicated to protecting patient information (Dolan, 2014). While we live in an amazing time of electronic data capability, it comes with its own challenges with regards to safety and privacy.

References

Dolan, P. (2014). Protecting patient information. Ophthalmology Times, 39(10), 23-24.

Within my practice setting, we have multiple resources and strategies to help secure patient health information. Currently, I am employed as a cardiac diagnostics nurse. Our department is detached from a large waiting area adjacent to the cardiologist’s office. One of the privacy strategies used is with the design of the department. This department only allows for patients who are undergoing cardiac diagnostic testing (e.g., no family or friends are allowed in the procedural waiting area). We have a room where patients are privately greeted, pertinent history is obtained, and their procedure expectations/concerns are discussed. The rest of the procedure process allows for privacy of each individual and they only discuss what they want to discuss with other individuals waiting on their procedures.

     Additionally, the resources that we have available for protecting patient’s privacy include: computer privacy screens, safeguards to electronic medical records (EMRs), and a document destruction box for papers identifying patient information. The computer privacy screens make it challenging for onlookers to view patient information that is on the computer. While most computers are at a distance from where potential eyes may linger, this added protection assists with making it more difficult for others to see patient names, addresses, or diagnoses.

     We have quite a few safeguards that are in place for our EMRs. In addition to the firewall and encryption systems, we have a secure login with a password that includes uppercase, lowercase, numerical, and special character values. Also, our passwords change every sixty days and a year must go by before you can reuse a password. Patients are listed based on the department/area that an employee works in. So, an employee is not able to view every patient in the physician’s office and/or hospital. Patients are listed by their names, date-of-birth, and medical record number. Employees cannot access patient health information without opening charts. The EMR has an audit tool built in so that each audit notes who accessed the chart, the date and time the chart was accessed, and what area of the chart was accessed and/or documented on. This helps patients feel secure in knowing that their health information should only be accessed by employees who have a “need to know” basis for viewing the information. Also, patients may request additional security and be listed as a private patient. When this happens, any employee must sign-in and “break the glass” to obtain patient information. This requires re-entering the login information and documenting why the chart is being accessed (e.g., chart audit, primary care, etc.).

     We have document destruction boxes located in every department. Certain forms—such as consents for treatment, echocardiograms, and identification labels, are on paper until they are scanned into the charts. Once they are scanned into the charts, the papers that contain patient information are placed into the destruction box. Our facility has a contract with a company who securely empties the boxes and destroys the information within them.