Electronic Health Records

Use & Optimization News

Using Information Governance to Protect, Recover Patient EHR Data

An information governance plan can protect patient EHR data from potential disasters or assist in its recovery.

EHR data

Source: Thinkstock

By Kate Monica

- Leadership from a large healthcare system is stressing the importance information governance (IG) in preventing unavailable, incomplete, or inaccurate patient EHRs.

In a post on Journal of AHIMA, Director of Catholic Health Initiatives EHR Compliance Lori Richter addressed how disparate EHR systems, lack of consistent policies and procedures, and poor technology can negatively impact patient health record availability and use.

The American Health Information Management Association (AHIMA) defines IG as an organization-wide framework for managing information throughout its lifecycle and supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements. IG ensures information is reliable and actionable.

“IG addresses the need for transparency, accuracy, and integrity of information shared with patients,” the organization states. “This is absolutely essential for patients to have confidence in their providers and fully participate as members of their healthcare team.”

Sensible IG practices can assist in ensuring a practice’s EHR platform is trustworthy and defensible against information vulnerabilities.

“The best way to start IG at your facility is to assemble a multidisciplinary IG committee before a disaster occurs or before new regulations are implemented,” advised Richter.

The IG committee is responsible for evaluating the needs of a healthcare organization and devising an IG plan.

“The IG plan should include documentation and considerations for end-to-end life cycle management activities,” wrote Richter. “Life cycle management includes storage technologies, standards, and protections.”

Physician practices need access to EHR systems with strong data integrity to complete daily clinical and business operations and meet federal requirements.

If patient health data is lost, Richter recommends practices follow pre-defined steps to reduce the risk of further problems and threats to patient EHRs. Problems with patient information may include backup errors, server failure, or a ransomware event, among other incidents.

Richter outlined twelve recommendations to assist in patient EHR recovery. Specifically, she advised healthcare organizations involve an IT team, administrative leaders, and legal and compliance teams in EHR recovery.

Practices should then assess the extent of the damage, recover potentially impacted servers, and recreate any lost patient EHRs.

“Various steps may be taken to recreate the medical record using available multi-part forms, computer generated reprints of dictations, test results and copies from the hospital, physician practices or other settings,” she wrote. “To the extent records are completely destroyed or cannot be restored by a damage restoration company, reconstruction should occur.”

Richter also recommended healthcare organizations inform all affected patients of the incident.

“Response letters must be produced for requestors if charts are unavailable; in response to: subpoenas, court orders, or other administrative requests; patient or legal personal representative requests; payor requests; clinical requests (internal); clinical requests (external),” she stated.

Finally, Richter advised reporting a record of all patient health information the organization was unable to recover — including the date, the information lost, and the event that caused the loss of patient health data.

“A business owner, or designee, should work with entity’s legal and surveyor response team (The Joint Commission, State, Medicare, etc.) to complete written analysis to produce during a review when and if necessary,” she concluded.

AHIMA has emphasized the value of effective EHR data management and adjustments to clinical workflows following the rapid increase in EHR adoption and growing importance of data accuracy in patient care delivery. The organization stresses accountability, transparency, integrity, protection, compliance, availability, retention, and disposition as the key eight principles to a solid foundation of best practices for healthcare IG programs. According to AHIMA, well-established health data governance can assist providers in optimizing health IT and improving patient outcomes. 



Sign up to continue reading and gain Free Access to all our resources.

Sign up for our free newsletter and join 60,000 of your peers to stay up to date with tips and advice on:

EHR Optimization
EHR Interoperability

White Papers, Webcasts, Featured Articles and Exclusive Interviews

Our privacy policy

no, thanks

Continue to site...