Tip: Five steps for setting up an EHR system
Compliance Monitor, July 20, 2005
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Tip: Five steps for setting up an EHR system
When designing and implementing your electronic health records (EHR) system, follow these five basic steps provided by attorney Jayme R. Matchinski, of Harris Kessler & Goldstein, LLC, in Chicago:
Step 1: Get the big "paper" picture from the end-user. Talk to management and employees about security policies and procedures. Consider having your privacy officer draft and establish the policies and procedures. Keep those current with EHR installation-compliance activities.
Step 2: Conduct a comprehensive risk analysis. Not only does the analysis reveal the type of security measures appropriate for your system, but it also lays a foundation for due diligence, determines the flow of ePHI (electronic protected health information) in your organization, and enables you to create and enforce security policies and procedures to fill gaps that leave your information vulnerable to breaches.
Step 3: Take action on security safeguards. Do something about the risks your analysis reveals. Establish measures to meet all the standards and implementation specifications identified in your risk analysis. Integrate EHR security measures with efforts to comply with other regulations such as the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, fraud and abuse, and other state and federal laws.
Step 4: Document and evaluate safeguards regularly. To track your ongoing compliance efforts, fully document information about collection, risk analysis, safeguard selection, and EHR implementation.
Step 5: Train employees on HIPAA and EHR policies and procedures. Consider organizing a general all-staff HIPAA training session to provide specialized security training for employees whose positions require specialized information, such as network engineers and medical records department employees.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Do not code 57288 with 52000
- Searched