Wednesday, April 5, 2017

E is for EHR - Commonly Asked Questions About Electronic Health Records

In 1996 the Health Insurance Portability and Accountability Act (HIPAA) was passed.  It was intended to protect a patient’s medical information and to give patients’ rights regarding their health information.  HIPAA included several general rules, including the Security Rule which requires specific guidelines to protect electronic health information.  HIPAA also included the guidelines for the creation and use of Electronic Health Records (EHR).

What are Electronic Health Records (EHRs) and How are they Created?

The EHR is an automated system that allows for immediate access to a patient’s medical record by providers and the patient.  It decreases the amount of work required of providers and administrative staff as well as making records, lab reports, and recommendations easily accessible by the patient themselves. 

 Which Providers are Required to Adopt An EHR?

All covered entities who provide services for Medicaid or Medicare patients must adopt an EHR.  Only certified software can be used to set up an EHR Providers must also prove meaningful use based on a series of criteria. 

What is “Meaningful Use?”

Meaningful use is defined as using certified electronic health record (EHR) technology and the information gathered in order to accomplish a number of goals.  These include
  • Improving quality, safety, and efficiency of care
  • Reducing health disparities
  • Improving care coordination
  • Improving population and public health
  • Maintaining privacy and security of patient health information

How are Covered Providers Held Accountable for Compliance?

Covered providers must show proof they have met the requirements related to EHR technology and provisions yearly through an online attestation report.  Providers who do not comply are fined heavily.  Incentive funds can be applied for by providers if they have adopted an EHR and provide services for Medicaid or Medicare patients. However, if they fail to submit a completed attestation report or the report evidences incomplete compliance certain areas without adequate remediation put into place, they will be required to pay a sizable fund as well as pay back that year’s incentive money.  Any additional incentive that have been granted are terminated or revoked.  The provider is unlikely to receive further incentive funds in the future with a new application.

What Information is Included in an EHR?

An EHR is an electronic version of an individual’s medical records.  It lists all information relevant to the individual’s health care by a particular provider. Information found in and Electronic Health Record includes demographic information such as identifying information, gender, and insurance, appointment and treatment notes, diagnoses and presenting problems, a history of prescription medications and current prescriptions. The patient’s medical history with that provider as well as any records that have been forwarded to them, including an immunization record, and test results including laboratory values, findings, and radiological data are also included.

What are the Benefits of an EHR?

There are several advantages to EHR’ s.  These include:
  • Allowing for better patient care through easily accessible, complete and legible medical histories, more reliable medications prescribing, provider decision support, clinical alerts regarding the patient and reminders about follow-up care.
  • Information is easily transmitted to other health care providers involved with the patient allowing for better care coordination.
  • Providing patient’s with direct access to their records at any time making information such as follow-up appointment information, additional educational information specific to their condition, a summary of treatment components and recommendations for improved quality of life readily available.
  • Providing patients with the ability to contact their provider directly and securely through the EHR.

Are There Any Negatives to EHR’s?

While there are some disadvantages to EHR’s they are generally for the provider not the patient.  Disadvantages include:
  • Initial set up and start up expenses are high
  • Learning to use the technology is time consuming
  •  Lengthy time consuming and complex reporting requirements for attestation reports.
  • Many providers are unfamiliarity with the technology involved in entering information in the EHR
  • Time spent entering information can result in lost time with the patient and slower work flow

How is this Information Protected in the Case of Natural Disasters?

According to HIPAA there are required methods of protecting EHR data during potential natural disasters.  They are mandatory and any loss of data due to failure to put any of the steps into place will be fined heavily.  The regulations require that all EHR data is fully backed up, meaning complete copies of every EHR must be backed up.  The data must be recoverable and able to be fully restored once the disaster is over.  Backup data must be stored offsite.  Data must be backed up often. Security regulations must be kept up and running during and after a disaster occurs to prevent a breach.  A written procedural document must be created to detail the data protection and recovery plan for natural disasters.  Protection and recovery procedures must be tested on a regular basis.

Sources for Additional Reading

  • HBMA, (2012).  The Truth about HIPAA-HITECH and Data Backup.  Retrieved from
  •, (2015). Health Information Privacy.  Department of Health and Human Services.  Retrieved from
  •, (2015). Health Information Privacy.  Department of Health and Human Services.  Retrieved from
  • Julien, S. P. (2014). Electronic Health Records. In Public Health Informatics and Information Systems (pp. 173-189). Springer London.
  • Simpson, K. R. (2015). Electronic health records. MCN: The American Journal of Maternal/Child Nursing, 40(1), 68.

No comments:

Post a Comment