How Has the Move to EHRs Changed Health Care Since its Widespread Adoption in 2014
There’s no debating the importance of medical records, which are used to maintain a patient’s information and known health history. They also substantiate the work of physicians and provide support in the event of a medical malpractice action. For these reasons, medical records are an integral part of health care and must be maintained so high-quality treatment can continue, which is exactly why the president signed an executive order in 2004 that called for widespread adoption of electronic health records (EHRs) by 2014.
The Pros and Cons of EHRs
It’s now 2016, and EHRs have had a significant positive impact on health care. They’ve created a system of record keeping that follows patients, which has improved the efficiency of hospitals especially, and the quality of care they’re able to give. Unfortunately, it’s not a perfect system because hackers explicitly target health care organizations, and thus put all that information at risk and patients in danger. The widespread adoption of EHRs has created a need for health care organizations to pay closer attention to network security.
EHRs mean less paperwork which, if you consider the role insurance and other documents play in caregiving, can be lifesaving. Consider the case of Baldomero Flores, whose parents and three children sued a Houston hospital after it took 26 minutes to verify his insurance. A single shot of epinephrine would have saved him from the allergic reaction that threatened his life, but it wasn’t received in time. His family seeks more than $1 million in damages for wrongful death and gross negligence, and they argue that bureaucracy and paper shuffling caused the resulting tragedy.
The pros of EHRs certainly outweigh the cons, but that doesn’t mean hospitals shouldn’t take hacking attempts seriously. It’s incredibly important to secure systems and teach hospital staff how to safely navigate the Internet. A data breach can be crippling, and hackers are beginning to see health care organizations as easy targets.
Malware a Huge Threat to EHRs
It’s unfortunate that hackers target hospitals and other health organizations, but they seem to understand that health care will pay. In health care, data is instrumental to daily functioning and saving lives. There’s a lot of different ways hackers will attempt data breaches, but one of the most significant threats is ransomware.
Ransomware is a form of malware that has taken over the IT systems of four major hospitals, Hollywood Presbyterian Medical Center, Kentucky Methodist Hospital, Chino Valley Medical Center, and Desert Valley Hospitals. Ransomware encrypts data, including offline files, restricting anyone from accessing them. The system won’t be accessible until a fee has been paid to the hackers. To date, only Hollywood Presbyterian has paid the fee, the cost of which was $17,000.
It’s important that health care organizations understand the benefits of cyber security, which is cost effective when you consider the damages the hospital incurs without it. It’s also important that hospitals educate staff on how to avoid accidentally downloading malware and corrupting the entire system because malware, including ransomware, is sometimes downloaded after someone clicks a link in an email or downloads an attachment.
EHRs Retention Compared to Paper Retention
EHRs are typically maintained on the cloud; additionally, some sort of backup needs to be stored. Storing that much information can get expensive, but it’s entirely necessary to have multiple copies of everything just in case of a hacking data breach. Had there been a backup system in place, Hollywood Presbyterian may have saved themselves $17,000.
Hospitals know they don’t have to maintain records forever, but have the laws regarding retention changed since the switch to EHRs? Federal laws don’t place mandatory record retention requirements on private practices, but they do furnish them for hospitals and similar facilities.
Currently, it’s between five and six years that records must be maintained, but because state laws sometimes differ on length, it’s important to always check with local medical boards. For example, the Texas Medical Board Rule directs physicians to maintain their medical records for a period of seven years.
The Cloud Strategy Wins
A hospital in London adopted the practice of storing patient information using cloud technology. Records are kept online and patients are permitted to access their own data and apply permissions to people they trust. This is excellent because it connects patients to their health care; although, it would be better if the information were also stored on a physical backup, hidden offline and away from hackers.
All in all, it can be concluded that EHRs are superior to paper records because they connect patients and physicians, as well as those records can prove useful in a life-threatening, time-sensitive situations. It’s simply faster to access EHRs than it ever would be to access a paper file, but that doesn’t mean it is safe. Comprehensive cyber security and a well-trained staff are essential to the ongoing success of EHRs, but effectively the process of switching to e-records as a whole was a good idea and continues to serve the health care community well.