Pave a Path to Avoid the Perils of Electronic Medical Records Health care providers are quickly moving toward electronic medical records (EMR). Understand the Risks Develop a Solid Security Plan 1. a patient's name As a result, any physician or physician group practice either using or considering the use of EMR should establish a solid and effective security plan as well as policies and procedures designed to protect your computer systems and EMR. You should not only ensure that you are compliant with the HIPAA Security Regulations, but also take the necessary steps to ensure that your systems and EMR are as secure as possible from outside intrusion. Hiring an outside vendor that specializes in systems and computer security, and has expertise in the HIPAA Security Regulations to conduct penetration testing, monitoring and auditing of your computer and EMR systems is an excellent first step. Five Keys to Negotiating EMR Contracts Additional Issues to Consider Beware of Assignment Provisions In addition, when EMR vendors have gone out of business or bankrupt, the physicians and physician group practices that have purchased their EMR products are often left without any support or ability to maintain their systems. Therefore, it is essential that physicians and physician group practices perform the appropriate financial and business due diligence on EMR vendors with whom they are considering contracting. Michael R. Lowe, Esq. is a Florida board-certified health law attorney and shareholder at Michael R. Lowe, P.A. Located in Longwood, Florida, Mr. Lowe specializes in health care law with an emphasis on the representation of physicians and physician group practices. http://www.lowehealthlaw.com/
While estimated total market penetration is still less than 20 percent, many more providers are considering or transitioning to EMR. Physicians and physician group practices should understand the potential risks and pitfalls as well as the important considerations for assessing and negotiating EMR purchase and service contracts. For the unwary, the risks of poorly negotiated EMR contracts and the implementation of inefficient or even non-functioning EMR platforms can be devastating.
Some of the risks associated with the use of EMR include:
Computer hacking crimes and identity theft are two of the fastest growing crimes in the United States, and patient medical records present attractive targets for hackers and identity thieves because they usually contain the three essential pieces of information that hackers and identity thieves need:
2. date of birth
3. social security number
Additionally, physicians and physician group practices should develop written policies and procedures pertaining to the access of patient medical records, including EMR, as well as the dissemination and communication of patient medical record information and EMR. The use of simple tools such as password and encryption protection, and education and training which focuses on instructing employees not to discuss patient medical record information or give out or share their system passwords can provide an inexpensive and effective means for protecting the security of your EMR.
When evaluating and negotiating EMR contracts, physicians and physician group practices should initially focus on at least five basic issues:
When reviewing and negotiating potential EMR contracts, here are a few additional issues physicians and physician groups should consider:
There has been a tremendous amount of consolidation among EMR vendors within the last two years. Specifically, some estimates state that in 2003 there were approximately 325 EMR vendors in the national marketplace, and at the end of 2005, other estimates indicate there were less than 150. Many of the EMR vendors who are no longer around have either been bought out by or have merged with other EMR vendors, or have gone out of business or declared bankruptcy. In some of the buy-out and merger situations, vendors have been able to reassign their contracts with physicians and physician group practices without those physicians' written consent. Often in these situations, the new EMR vendor will not honor old contract provisions or does not want to integrate the old EMR vendors' software with their own which can cause functionality problems for the EMR platforms that have been purchased. In some cases, physicians and physician group practices are faced with having to purchase new software at very expensive prices or the alternative -- a non-functioning EMR system.