Electronic Health Records

Use & Optimization News

NIST Warns of Copy and Paste Threats to EHR Data Integrity

A recent NIST study found that clinician EHR users have concerns about EHR data integrity, accuracy, and quality as a result of copy and paste functionality.

EHR integrity

Source: Thinkstock.

By Kate Monica

- The National Institute of Standards and Technology (NIST) recently published findings from an EHR usability study of copying and pasting clinical documentation which does not bode well for patient safety.

“‘Copy and paste’ functionality is intended to allow medical practitioners to easily and efficiently reuse information in patient EHRs without having to retype the information,” the authors write. “However, in practice, current implementation of this functionality has introduced overwhelming and unintended safety-related issues into the clinical environment.”

Copying and pasting emerged as a major roadblock to EHR data integrity and by extension patient safety in early 2013, with research finding the practice to be commonplace among clinicians. The American Health Information Management Association criticized the practice in a brief the following year. As part of its own work in a 2015 research on EHR usability, NIST found the reuse of data as a “major” contributor to a lack of EHR data integrity.

Copy and paste functionalities have a pragmatic design: They are meant to help providers efficiently access and reuse patient health information in EHRs without the burden of retyping all the information they need.

As part of its more recent study, NIST collaborated with ECRI and U.S Army Medical Research and Material Command’s (MRMC) Telemedicine and Advanced Technology Research Center (TATRC) in conducted a study comprising data collected between July and August 2016 with the goal of mitigating patient safety issues due to the copy and paste functionality in EHR technology.

The study resulted in several notable findings. Among these findings was the determination that the ability to extract a large amount of information using the copy and paste function gives users convoluted and irrelevant information, which often leads to difficulties in situational awareness.

Additionally, researchers noted problems with attribution of information. Clinicians sometimes had difficulty knowing the source of the copied and pasted information and what may have been added or edited in the process.

Third, the study found there was a recurrent problem with wrong information being entered during the course of the copy and paste function. Occasionally, users failed to review and edit the information they had copied and pasted because the available system does not offer a usable or efficient editing platform.

The report contains recommendations regarding the following:

  • EHR designs for enhancing the visibility of information being selected for copy and paste to prevent users from inadvertently copying certain areas of information instead of all information
  • EHR functionalities for providing a concept for reconciling copied information was read consciously and edited by a clinical provider to promote the attribution of source information

The authors recommend locking certain areas from copying. For example, the copy and paste function must be disabled when entering data into a blood bank information system due to the heightened risk involved with blood transfusions. In this case, it is safer to avoid the copy and paste function altogether and rely instead on the more dependable method of entering information into the system manually.

Among the NIST recommendations were ways to avoid inundating providers with information while simultaneously addressing the problem of uncertainty regarding the source of information by displaying a chain of custody for the information provided, but only showing this information if a user specifically requests it.

Instituting a clear chain of custody remedies several issues associated with the copy and paste functionality through attributing any modifications to the data, as well as providing a timestamp indicating when the information was retrieved, copy and pasted, and where the information comes from.

Researchers concluded that overwhelming evidence suggests a chain of custody helps provide a mechanism to make copy and paste material much more easily identifiable as well as ensure the material generated through the process is readily available to providers. 



Sign up to continue reading and gain Free Access to all our resources.

Sign up for our free newsletter and join 60,000 of your peers to stay up to date with tips and advice on:

EHR Optimization
EHR Interoperability

White Papers, Webcasts, Featured Articles and Exclusive Interviews

Our privacy policy

no, thanks

Continue to site...