• E-mail
• Print
• RSS

Create effective policies when adopting EHR and HIT

HIM Connection, June 27, 2006

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

Create effective policies when adopting EHR and HIT

It's important to write effective policies that support the adoption of electronic health record (EHR) and health information technology (HIT). Write policies carefully to ensure staff compliance.

Addressing expediency and prudence
Policy must be expedient-that is, convenient, practical, useful, and appropriate, but also prudent-that is, careful, cautious, discreet, and sensible.

In the context of EHR and HIT policies, these concepts make a lot of sense. Your policies should not require action that is difficult or a hassle for your staff to perform, but should reflect what is right for your organization and its mission. For example, consider your access control and authentication policies and how you could revise them to support the design of EHR and HIT. They should

• ensure that appropriate staff can access the information they need, but also restrict access or action by unauthorized staff

• be sufficiently flexible so that in an emergency situation you can authorize access for different clinicians or staff members. For example, a nurse who is normally restricted to accessing patient information related only to the assigned nursing unit may need to access information for a patient or another unit in the case of a life-threatening event.

• ensure confidentiality, integrity, and availability of data so you can determine the legitimacy of an employee's access/action.

• be easy to use. For example, you don't want to require users to remember multiple layers of complex passwords that change every 30 days. Instead, you may want to consider single sign-on technology to manage appropriate levels of access.

Determine action from possible alternatives
In healthcare, the appropriate action to take is rarely completely clear. Policy comes in handy when there is a potential for alternatives-especially when some alternatives are more expedient or prudent than others.

Remember that policy is guidance for action that is consistent with legal, ethical, and organizational requirements. Your policies must conform to applicable federal and state laws, regulations, standards, and the requirements of licensing and accrediting agencies. They also need to reflect the mission and culture of your organization.

Increasingly in healthcare, however, laws, regulations, and standards, including codes of professional conduct, don't solve ethical dilemmas. Your policies should guide your staff to make expedient and prudent decisions within the context of your organization's mission and culture. It is very likely that enhanced information technology (IT) use will continue to provide challenges to your current policy and also open new areas for policy development.

Editor's Note: This article was adapted from HCPro, Inc.'s book The No-Hassle Guide to EHR Policies by Margret Amatayakul, MBA, RHIA, CHPS, FHIMSS. For more information or to order, go to www.hcmarketplace.com, or call 877/727-1728.

Back to top

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive