Security Impacts Physicians ...Building a secure clinical network, one step at a time. Valley Heart Associates in Modesto, CA, is a private group of 13 cardiologists and five cardiovascular surgeons providing comprehensive cardiac care for the northern Central Valley of California. We decided to pursue an electronic medical record (EMR) in 1995. We wanted to integrate back-office functions, workflow, scheduling and the EMR. In addition, we didn't want the potential duplicate entry of separate systems or a separate master patient index. Consequently, since we were already using Medic Computer System's (Raleigh, NC) practice management software, we chose their EMR solution, AutoChart[R]. Our goal was to begin creating a secure, longitudinal electronic medical record. It would ultimately replace the paper chart, but we believed neither the technology nor our users were ready for the complete replacement of the paper chart. Instead, we took an incremental approach. Building the Network We began by automating transcription, which established an archive of dictated and transcribed documents. We then increased PC distribution throughout the organization for greater access, which, in turn, led to support for expanding the system. We started to share data with the hospital through a fiber optic line. The hospital could place all transcription for our providers in a network directory, and we could place our office transcription for hospital patients in another directory. The components were now in place to allow a physician to work from home, dial into our office intranet, and have online access to the hospital and office charts, while on the telephone with a referring doctor or a patient. Balancing Act With the advent of HIPAA rules and regulations, this complex interconnectivity took on an even greater degree of difficulty. Users log on to their individual workstations and the office intranet with ID/password combinations. This logon does not give them access to clinical data, which can only be accessed via AutoChart and AutoChart's own logon ID/password. We have no biometric security, but it appears that fingerprint or smart-card technology with passwords would be next. The intranet does keep a log of access/logons and we use password protocols. Newer versions of the software will need to provide for transaction audit trails, including creation/edit as well as viewing/printing. We need to develop policies and procedures for handling the paper charts and the EMR, and differential access to chart elements based upon logon credentials will become necessary. One of the fundamentals of success in this system has been the improvement in the scope and timeliness of access to records. While we have to comply with HIPAA security regulations when they are completed and published, we must find a way to do it with a minimum of interference or delay in record access. As an example, another hospital in Modesto has a record system that requires direct dial remote access, automatic hang-up, and a "we'll call you back" approach to security. The workstation cannot be multi-tasked and requires a dedicated phone line. Needless to say, there has been little interest in, or use of, that system. Expanding Secure Access Our future plans include network expansion and improving functionality. We will continue to incorporate point-of-care technology, as well as expand access to our office chart throughout the hospital (emergency room physicians and hospitalists already have access). In summary, the "must have" list for an EMR should include easy access that's also secure and audited, consistent reliable performance, and minimal imposition on the existing workflow except by way of improved performance and efficiency. John Charles Merillat, M.D., FACC, is president of Valley Heart Associates and a practicing interventional cardiologist and electrophysiologist in Modesto, CA. Contact him at john@vhamg.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion