The Computer-Based Patient Record An Essential Technology for Health Care, Revised Edition (1997) / Chapter Skim
Currently Skimming:
Appendix B: Legal Aspects of Computer-Based Patient Records and Record Systems
Appendix B: Legal Aspects of Computer-Based Patient Records and Record Systems
Pages 200-224
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 200... ...
Licensure laws applicable to health care providers, as well as reimbursement and insurance laws, all impinge on computer-based patient records, as do public health laws that require reporting of vital statistics and of various injuries and diseases. Contract law and the Uniform Commercial Code come into play in contracts for computer-based record systems.
|
From page 201... ...
Hospital Licensure Laws as Barriers to Full Automation State hospital licensure laws still pose barriers to full automation of the patient record. State-to-state variances in medical records requirements and obsolete and ambiguous or conflicting laws and regulations pose obstacles to the full development of computer-based patient record systems.)
|
From page 202... ...
state's licensure requirements may adversely affect the system's marketability in such states. Assuming that hospitals include compliance with legal requirements in their feasibility analysis of computerbased patient information systems, the lack of national uniformity in the medical records requirements of state licensure laws and regulations applicable to institutional health care providers may be expected to retard development and marketing of new computer-based patient record systems.
|
From page 203... ...
On the basis of this requirement, the Illinois Department of Public Health strongly discourages fully computerized medical records in hospitals. lessee, e.g., Colo.
|
From page 204... ...
It is not always clear whether regulations requiring that records be kept in ink or "type" (or in ink or "typewritten") permit creation of medical records electronically or with the use of lasers, although a provision permitting authentication of records by computer key, such as that found in Colorado's rules, implies that patient records may be created on a computer.
|
From page 205... ...
These two requirements leave the status of outside computer services for Indiana hospitals unclear. Other State Licensure Laws State licensure laws and regulations applicable to a variety of other health care providers both institutional and individual typically contain provisions concerning patient records or patient information and confidences, or both.
|
From page 206... ...
Use of a rubber stamp signature, with or without initials, is not permitted. In addition, resident records must contain a "physician's order sheet," a "medication sheet," and "treatment sheets," implying that a manual record must be maintained.~7 State licensure requirements for nonhospital institutional providers exhibit the same lack of national uniformity in standards for patient records exhibited by state hospital licensure requirements.
|
From page 207... ...
believes that these conditions of participation would permit a fully automated record because HCFA is discussing with nursing home operators the possibility of requiring that nursing homes computerize resident assessment records to comply with the provision of the Omnibus Budget Reconciliation Act of 1987 requiring maintenance of a uniform, minimum data set on residents' conditions. See Paula Eubanks, "Homes Doubt They Can Computerize per HCFA's Request," Hospitals 64, no.
|
From page 208... ...
The JCAHO requires that all medical records be accurate, accessible, authenticated, organized, confidential, secure, current, legible, and complete.30 A computer-based medical record system can meet JCAHO standards if the system is properly designed and maintained and if medical records are otherwise properly completed. PATIENT RIGHTS ISSUES Right of Privacy The Federal Privacy Act and similar acts in many states provide assurance that patient records held by the federal government and governments of states that have enacted privacy legislation will not be disclosed to third parties without the patient's consent, except under defined circumstances.3i However, privacy of patient records in other states and in the private sector is governed by a crazy quilt of statutory, regulatory, and common-law rules and is often inadequately protected.32 Growing demands for information contained in patient records pose an ever-increasing threat to patient privacy.
|
From page 209... ...
Thus, the lack of adequate, uniform, national protection of patient privacy with respect to patient records may hinder full development of computer-based patient record systems. The Uniform Health-Care Information Act skillfully addresses issues of confidentiality and release of patient information.33 Only Montana, however, has enacted this act into law.34 Right of Access to Health Records Most states expressly allow a patient or a patient's authorized representative to inspect and copy the patient's hospital records.35 Rights of access to health records maintained by physicians and other individual health care providers may not always be clear.
|
From page 210... ...
In addition, even if the patient gains access to the record, he or she may have no legally enforceable right to correct inaccurate information contained in it. The Uniform Health-Care Information Act addresses access issues, as well as issues of confidentiality and information disclosure.4i As noted earlier, however, only Montana has adopted this legislation to date.42 Issues of access to databases maintained by insurers, correction of data maintained on individuals by insurance companies, and limitations on redisclosure of such information are addressed in the Insurance Information and Privacy Protection Model Act developed by the National Association of Insurance Commissioners (NAIC)
|
From page 211... ...
Patients generally have a qualified property interest in the information contained in their medical records. However, the precise limits of this interest vary from state to state.
|
From page 212... ...
In addition, record entries must have been made at or near the time the events recorded. The identity of the person making or recording the entries must be captured in the record; in addition, the record must have been prepared by or from information transmitted by a person with firsthand knowledge of the event recorded who is acting in his or her ordinary business capacity.49 A computer-based medical record made in the normal manner at the time of delivering care should meet the requirement that a business record be kept regularly in the ordinary course of business.
|
From page 213... ...
, technology may be attractive in this context because disks cannot be altered once information is recorded. Write-protecting the portions of computer disks on which patient information is stored can also protect the integrity of records stored on a computerized patient record system.
|
From page 214... ...
In addition, the necessity of keeping records in a manner that makes them admissible as evidence in court requires a provider to protect patient records from unauthorized access. The legal duties to preserve confidentiality and prevent unauthorized access to patient records are the same with respect to both paper and computer-based records.
|
From page 215... ...
Statutes such as the federal statute concerning confidentiality of drug and alcohol abuse patient records provide penalties for breaches. Security mechanisms and procedures can provide some level of protection to computer-based patient records against unauthorized access by users both inside and outside a provider organization.
|
From page 216... ...
who obtain access to a computer-based patient record system conceivably could access records in an unauthorized manner or breach confidentiality. Thus, a provider should enter into confidentiality agreements with all outsiders who may have access to medical records and should have appropriate hardware and software security.
|
From page 217... ...
Potential for Inaccessibility Medicare, the JCAHO, and most state hospital licensure laws require that medical records for current hospital patients be readily accessible and stored in a way that permits prompt retrieval of information. Keeping computerbased patient records available means minimizing system downtime and having adequate backup mechanisms.
|
From page 218... ...
Some states require hospitals to retain medical records for 25 years.54 A researcher or research institution may need to preserve medical records for as long as 75 years. Changes in technology that cause patient record systems to become obsolete before the need for records stored on the systems has ended can mean that old and new systems do not interface.
|
From page 219... ...
. An inaccurate product definition in a contract for a computer-based patient record system or a product definition that is not sufficiently detailed can result in delivery of a system that does not function properly as a patient record system or in a contract that does not require the vendor to deliver a system that has certain important features or the capability to perform crucial patient record functions.
|
From page 220... ...
Access to the source code for software is essential to a health care provider's ability to support and maintain patient record application software. Therefore, the provider should attempt to obtain a copy of the source code, either as part of the initial license grant or in the event that the vendor breaches its support obligations or decides to discontinue supporting the software.
|
From page 221... ...
If enacted, these uniform state licensure standards for medical records should be applicable to all institutional health care providers that are required to maintain patient records. The problems arising from obsolete and ambiguous state licensure standards for medical records could be resolved by the development and enactment of uniform state licensure standards expressly applicable to computerbased records and record systems.
|
From page 222... ...
The greatest legal risk from computerbased patient record keeping comes from unauthorized access to record systems and from computer viruses and other sabotage, particularly in cases in which computer networks are used and there is telephone access to the patient information system. Research efforts should be directed toward developing affordable computer security technology that can adequately protect patient records without severely reducing system user friendliness.
|
From page 223... ...
Therefore, concerted efforts should be made to overcome legal and technological barriers that stand in the way of full development of computer-based records and record systems. In the future, with increasing use and development of artificial intelligence systems, computer-based patient records may be expected to become interactive, providing diagnostic assistance and even treatment recommendations.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.