Corporate Compliance

Tip: Five steps for setting up an EHR system

Compliance Monitor, July 20, 2005

Tip: Five steps for setting up an EHR system

When designing and implementing your electronic health records (EHR) system, follow these five basic steps provided by attorney Jayme R. Matchinski, of Harris Kessler & Goldstein, LLC, in Chicago:

Step 1: Get the big "paper" picture from the end-user. Talk to management and employees about security policies and procedures. Consider having your privacy officer draft and establish the policies and procedures. Keep those current with EHR installation-compliance activities.

Step 2: Conduct a comprehensive risk analysis. Not only does the analysis reveal the type of security measures appropriate for your system, but it also lays a foundation for due diligence, determines the flow of ePHI (electronic protected health information) in your organization, and enables you to create and enforce security policies and procedures to fill gaps that leave your information vulnerable to breaches.

Step 3: Take action on security safeguards. Do something about the risks your analysis reveals. Establish measures to meet all the standards and implementation specifications identified in your risk analysis. Integrate EHR security measures with efforts to comply with other regulations such as the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, fraud and abuse, and other state and federal laws.

Step 4: Document and evaluate safeguards regularly. To track your ongoing compliance efforts, fully document information about collection, risk analysis, safeguard selection, and EHR implementation.

Step 5: Train employees on HIPAA and EHR policies and procedures. Consider organizing a general all-staff HIPAA training session to provide specialized security training for employees whose positions require specialized information, such as network engineers and medical records department employees.

Most Popular