Information Integrity in EHRscampus.ahima.org/Audio/2007/RB031307.pdfInformation Integrity in EHRs AHIMA 2007 Audio Seminar Series 1 Notes/Comments/Questions Outline of Presentation

© Copyright 2007 American Health Information Management Association. All rights reserved.

Information Integrity

in EHRs

Audio Seminar/Webinar March 13, 2007

Practical Tools for Seminar Learning

Disclaimer

AHIMA 2007 Audio Seminar Series i

The American Health Information Management Association makes no representation or guarantee with respect to the contents herein and specifically disclaims any implied guarantee of suitability for any specific purpose. AHIMA has no liability or responsibility to any person or entity with respect to any loss or damage caused by the use of this audio seminar, including but not limited to any loss of revenue, interruption of service, loss of business, or indirect damages resulting from the use of this program. AHIMA makes no guarantee that the use of this program will prevent differences of opinion or disputes with Medicare or other third party payers as to the amount that will be paid to providers of service. As a provider of continuing education the American Health Information Management Association (AHIMA) must assure balance, independence, objectivity and scientific rigor in all of its endeavors. AHIMA is solely responsible for control of program objectives and content and the selection of presenters. All speakers and planning committee members are expected to disclose to the audience: (1) any significant financial interest or other relationships with the manufacturer(s) or provider(s) of any commercial product(s) or services(s) discussed in an educational presentation; (2) any significant financial interest or other relationship with any companies providing commercial support for the activity; and (3) if the presentation will include discussion of investigational or unlabeled uses of a product. The intent of this requirement is not to prevent a speaker with commercial affiliations from presenting, but rather to provide the participants with information from which they may make their own judgments.

Faculty

AHIMA 2007 Audio Seminar Series ii

Reed Gelzer, MD, MPH, CHCC

Dr. Gelzer has more than 30 years experience in the health care sector. In health care delivery he practiced community General Medicine in rural Michigan for 11 years and then pursued interests in care quality improvement using health information technology. After working for an EHR vendor for several years, he moved into independent consulting, concentrating on electronic health record system data quality, and co-founded Advocates for Documentation Integrity and Compliance. He has also published a number of articles on EHR data quality and documentation validity topics and has co-authored a book due for release early 2007 entitled Due Diligence—Evaluating EHR Systems—A Hands-on Manual for the Compliant EMR Before and After Purchase.

Dr. Gelzer received his MD from Wayne State University, completed his Masters in Public Health Policy at the University of Michigan, and certified as a compliance consultant. He currently consults on data quality and integrity projects for the military health services and for the Centers for Medicare and Medicaid Services, while also serving on a number of EHR documentation best practices, standards, and certification workgroups through HL7, HIMSS, and AHIMA. He is also serving on CCHIT’s Ambulatory Function Work Group and, most recently, he chaired the Prevention Workgroup on EHR Model Requirements for Anti-Fraud, a current project for the Office of the National Coordinator. He advises vendors and purchasers and frequently presents at HIT conferences on EHR documentation, EHR implementation risk mitigation, and data quality topics.

Patricia A. Trites, MPA, CHBC, CHCC, CHCO, CPC, EMS, CHP, CMP (Honorary)

Ms. Trites is CEO of Healthcare Compliance Resources and President of Advocates for Documentation Integrity and Compliance. She has a Master of Public Administration-Healthcare degree from Western Michigan University, a Bachelor of Business Administration-Accountancy degree from WMU, and is in the dissertation phase of a PhD in Business Management. She is a Certified Healthcare Business Consultant, a Certified Healthcare Compliance Consultant and Officer, and a Certified Professional Coder with the additional certification of Evaluation and Management Specialist. In addition Ms. Trites is Certified in Healthcare Privacy and was awarded an honorary designation of Certified Medical Planner. She was on the Editorial Advisory Board of the Medical Practice Compliance Alert.

Ms. Trites has worked in physician offices, was a hospital transcriptionist, and later taught Accounting and Health Care Administration at local colleges before joining a healthcare accounting and consulting business, where she became a principal in the organization. Ms. Trites presents seminars nationally to physician and healthcare organizations in addition to conducting client assessments throughout the country. She authored a comprehensive guide to healthcare organization and medical office compliance programs including compliance guidance in areas of billing and reimbursement, OSHA, CLIA, HIPAA and employment regulation, the Compliance Guide for the Medical Practice: How to Attain and Maintain a Compliant Medical Practice, published by the AMA, and is co-author of Due Diligence—Evaluating EHR Systems—A Hands-on Manual for the Compliant EMR Before and After Purchase, published by AHIMA. Ms. Trites has written two software programs for HIPAA compliance and has written and administered the Certified Healthcare Compliance Consultant course and examination and written the course and examination for the Certified Healthcare Compliance Officer designation.

Table of Contents

AHIMA 2007 Audio Seminar Series

Disclaimer ..................................................................................................................... i Faculty .........................................................................................................................ii Outline of Presentation ................................................................................................... 1 Polling Question #1 ............................................................................................ 1 EHRs: The Historical Context........................................................................................... 2 Polling Question #2 ............................................................................................ 2 What is Data Quality? ..................................................................................................... 3 Polling Question #3 ............................................................................................ 3 Information Integrity ...................................................................................................... 4 Data Quality: Pitfalls Ahead............................................................................................ 4 The Costs of Health Care Fraud: Staggering and Growing................................................. 5 Problems Not Unrecognized ............................................................................................ 5 Required: Due Diligence in EHR Functions....................................................................... 6 2007: What are the Issues? ........................................................................................... 6 Mid-Course Review......................................................................................................... 7 Define End User Needs ................................................................................................... 7 And now into the weeds… Pandora's Box ...................................................................... 8-9 Inside "the Box" I.I. Requirements Can Be Heirarchical.......................................... 9 Or a Mixture of Overlapping, Complementary, and Hierarchical .............................10 Examples From Inside the Box............................................................................10 Information Integrity and Data Quality: End-Users Speak ................................................11 Information Integrity and Data Quality: Clinicians Speak..................................................11 Regulators and Payors Speak: Documentation ≠ Quality ..................................................12 Foundations of Information Integrity ..............................................................................12 Foundations of the Legal Record ....................................................................................13 Information Integrity, Data Quality, and the Legal Validity of the EHR ...............................13 Authoritative Guidance ..................................................................................................14 Crosswalk: Legal Principles of Business Records...............................................................14 Rules of Evidence – Business Records .............................................................................15 Electronic Records: Additiona Rules for Records on Computers.........................................15 Information Integrity: Accounting for Varying Content Requirements................................16 EHR Data Variability ......................................................................................................16 Observing and Evaluating EHR Business Rules .................................................................17 EHR Business Rules: Example (Variations 1-4) ...............................................17-20 Example: Problematic Business Rule .............................................................20-22 Remember: There is Nothing Unique About Documentation Requrements in the EHR.........22 Information Integrity, Data Quality, and the Information Integrity-Oriented EHR ................23 Basics: Maintaining the Legal and "Informational" EHR................................................23-24 Guidance for Subdividing Critial System Functionalities for Analysis and Maintenance..........24 Establish Validation Schemes and Include them in Compliance Plan...................................25 Choices .......................................................................................................................25

(CONTINUED)

Table of Contents

AHIMA 2007 Audio Seminar Series

Test and Affirm........................................................................................................26-28 Information Integrity Begins at the Origination ................................................................28 What Are the Next Steps? ..............................................................................................29 Integrity Management Requirements ..............................................................................30 The Information Integrity Reality....................................................................................30 Information Integrity Resource Requirements..................................................................31 Medical Records Checklist ..............................................................................................31 Sample Access Policy [see appendix] ..............................................................................32 Forms Management..................................................................................................32-33 Advocates for Documentation Integrity and Compliance (ADIC) ........................................33 Peace Be With You........................................................................................................34 Additional Resources ................................................................................................34-35 Audience Questions.......................................................................................................36 Audio Seminar Discussion and Audio Seminar Information Online.................................36-37 Upcoming Audio Seminars ............................................................................................37 AHIMA Distance Education online courses .......................................................................38 Thank You/Evaluation Form and CE Certificate (Web Address) ..........................................38 Appendix ..................................................................................................................39 Resource/Reference List ..................................................................................40-41 Article: Using Test Vignettes to Assess EHR Capabilities Sample Access Control Policy CE Certificate Instructions

Information Integrity in EHRs

AHIMA 2007 Audio Seminar Series 1

Notes/Comments/Questions

Outline of Presentation

1. Where to begin• Historical Context• Defining Data Quality and Information Integrity• Focus on Accuracy• The Information Integrity Cycle• Assuring Users’ Needs Are Met

2. Crosswalk: Legal Validity and Information Integrity-Common Denominators

• Authentication• Authorship• Auditing

3. Authoritative Guidance and Standards • The Legal Realm-the sources• The Standards Realm (HL7, CCHIT, ASTM, JCAHO, NCQA?)

4. Objective Evaluation and Mitigation• Understanding the Problems• Examples of EHR Documentation Variability• How to Test• How to Mitigate

5. Tools and Resources 1

Polling Question #1

Do you currently have an EHR installed and functional?*1 Yes *2 No

2




• 1970’s, 1980’s• Institute of Medicine Report (IOM) 1991• IOM Report updated 1997

HIPAA• Privacy• Data Standards

• Health and Human Services (HHS) 2004Health Level Seven (HL7)ONC (Previously ONCHIT-Dr. Brailer’s Office)

• Certification Commission for Health Information Technology (CCHIT)

• ONC/AHIMA Fraud Report highlighting the Legal EHR• ONC/RTI/AHIMA Model Requirements for Anti-Fraud

EHRs• The future: Worse before better (IFMC HIT Symposium)

EHRs: The Historical Context

3

Polling Question #2

Has your organization chosen an EHR product, but it has not been implemented yet?*1 Yes *2 No

4




What is Data Quality?

Data Quality is defined by its purposes and uses

“Data is the fuel we use to make decisions” *“ Data Quality is, for a given context, its:

AccuracyRelevanceTimelinessCompletenessTrustAccessibility”*

*Olsen, Jack E., Data Quality: The Accuracy Dimension, pages 3 and 24.

5

Polling Question #3

Our organization is still investigating EHR systems, but has not committed to purchasing at this time.*1 Yes *2 No

6




Information Integrity

“Information Integrity can be defined as the dependability and trustworthiness of information. More specifically, it is the accuracy, consistency and reliability of the information content, processes and systems.”

The Information Integrity Coalition

http://www.informationintegrity.org/index.php/c/What_Is_Information_Integity%3F

7

Data Quality: Pitfalls Ahead

Poor data quality• Widespread problem in information technology• Not unique to Health Care (but Health Care risks

duplicating the poor experience of industries who’ve already moved faster and further into IT.)

Estimate: “Poor quality customer data costs U.S. businesses $611 billion annually in postage, printing, and staff overhead”*

“Nearly 50% of the companies surveyed have no plans for managing or improving data quality”*

*Per Data Warehousing Institute report

8




The Costs of Health Care Fraud: Staggering and Growing

“Fraud has a significant impact on the U.S. health economy. The National Health Care Anti-Fraud Association (NHCAA) estimates that “...of the nation’s annual healthcare outlay at least 3% – or $51 billion in calendar year 2003 was lost to outright fraud.” Other estimates by government and law enforcement agencies place the loss as high as 10% of our annual expenditure, or $170 billion.”*

*Excerpt from the Executive Summary of the Report on the Use of Health Information Technology to Enhance and Expand Health Care Anti-Fraud Activities, Prepared for: The Office of the National Coordinator, U.S. Department of Health and Human Services, September 30, 2005

Reports available through: http://www.ahima.org/press/press_releases/05.1017.asp 9

Problems Not Unrecognized

“Because billing companies are in the business of processing health care information, it is essential they develop policies and procedures to ensure the integrity of the information they processand ensure that proper and timely documentation of all physician and other professional services is obtained prior to billing to ensure that only accurate and properly documented services are billed.”- Federal Register / Vol. 63, No. 243 / Friday, December 18, 1998 / Notices, p. 70144.

“Among the risk areas the OIG has identified as particularly problematic are”• Billing for items or services not actually documented• “Upcoding”• Lack of integrity in computer systems

- Federal Register / Vol. 63, No. 243 / Friday, December 18, 1998 / Notices, pp. 70142-70143. 10




Required:Due Diligence in EHR Functions

“Information technology presents new opportunities to advance health care efficiency, but also new challenges to ensuring the accuracy of claims and the information used to generate claims. It may be difficult for purchasers of computer systems and software to know exactly how the system operates and generates information.

Prudent hospitals will take steps to ensure that they thoroughly assess all new computer systems and software that impact coding, billing, or the generation or transmission of information related to the Federal health care programs or their beneficiaries.”Federal Register / Vol. 70, No. 19 / Monday, January 31, 2005 / Notices, pp. 4862.

11

2007: What Are The Issues?

#1All Uses of Health Care Information are Compromised By

Systems That Generate Unverifiable, Dubious, or Flawed Data

#2Authoritative Guidelines for Health Information Management

Do Exist (and are improving)

#3Widespread EHR Design Flaws and Lack of Standardization of

EHRs May Be Viewed As Directly or Indirectly Undermining Information Integrity

#4P4R, P4P Will Be the “Carrots” and Anti-Fraud, the OIG will be

the “Sticks” for driving Information Integrity, Data Quality, and the Legal EHR

12




Mid-Course Review

Accuracy as the foundationInformation Integrity includes• Organization’s Actual Processes (Not simply

the policies and procedures sitting on a shelf in the Compliance Office)

• Thorough understanding of all systems’functions

Demonstrate: • EHRs as Variation Sources• Some simple illustrations of how to look and

where to look

13

Define End User Needs

Information Integrity Requires:

1. Identification of Key Information Consumers: What Will Information Be Used For?

2. Establishing Who Are The Appropriate Sources (among Input-User population)

3. Identification and Verification of Required Systems Functions

4. Identification and Verification of Business Rules’ Supports

5. Identification of Output Requirements

6. Identification of Validation, Feedback, and “Sustainment”Mechanisms

14




And now into the weeds…

The foundation of data quality and information integrity is

Accuracy.When you think of “Accuracy” and “EHRs”,

think of a shiny little ribbon securing Pandora’s Box.

Tug the ribbon on the EHR box by asking, “What is accuracy” and…

15

And a myriad of demons spring free…

What are the business rules that assure data quality? Where are the business rules that assure data quality?Can you show what the business rules were last week, last month, last year?

16




After opening the box…

First: • Remember that Data Quality is context-

specific.

Therefore, you ask:• Who is the intended user, and• What do they intend to use the data for,

and• Who is the intended beneficiary or

customer for the data.

17

Inside “the Box” I.I. Requirements Can Be Hierarchical

18




Or A Mixture of Overlapping, Complementary, and Hierarchical

19

Examples From Inside The Box

Signature: Office claim documentation does not require signature, but does require legible identity of the provider(s) of service. Research will require higher level authentication.

Copied/Cloned Data: Acceptable for what purposes?

Default data: Acceptable for what purposes?• Demographics?• Current medications?• “Family History Reviewed” ?• “99204 40 Year Old Male?” ?• “Diabetic foot exam done”?• Remember that Data Quality is context-specific• Does it matter if documentation exists of services or parts of

services never performed?

Release of information, redacted documentation?

Is “open item billing” ever acceptable?20




Information Integrity and Data Quality: End-Users Speak

If health information can be cloned from one patient to the next, or from one encounter to the next, how can data quality be assured?“Cloned documentation does not meet medical necessity requirements for coverage of services rendered due to the lack of specific, individual information.”

--Cigna Medicare Bulletin - March/April 1999

21

Information Integrity and Data Quality: Clinicians Speak

“Occasionally, mutations in the form of erroneous statements are incorporated into the propagating ‘note chain.’ The errors repeat endlessly and become Newspeak-like truths. A patient who seizures from haloperidol is forevermore labeled with seizure disorder. An episode of lorazepam-induced delirium is transformed into chronic dementia. Yes, the patient does seem fully coherent now, but EMR says she's demented and who are you going to believe, EMR or a demented patient? By the power of repletion, everything in EMR becomes true.”

Robert E. Hirschtick, MD, JAMA, May 24/31, 2006--Vol 295, No. 20.

22




Regulators and Payers Speak: Documentation ≠ Quality

“During repeated reviews, we have observed the tendency to "overdocument" and consequently to select and bill for a higher level E/M code than medically reasonable and necessary. Word processing software, the electronic medical record, and formatted note systems facilitate the “carry over” and repetitive "fill in" of stored information.”

—Medicare Coverage Database-Q/A 19500

23

Foundations of Information Integrity

Information integrity begins with well-established and familiar concepts and requirements. These requirements are, in turn, of high-order interest to all end-users and purposes for health care information.

1. Authorship/Authentication

2. Auditabilitya. Originationb. Validationc. Attestation/Non-Repudiationd. Traceability

3. Processes and Systems, aka “Electronic Health Records Management (eHRM )”

24




Foundations of the Legal Record

The Legal Record, whether on paper or in electronic form, begins with well-established and familiar concepts and requirements. These requirements are, in turn, of high-order interest to all end-users and purposes for health care information.

1. Authorship/Authentication

2. Auditabilitya. Originationb. Validationc. Attestation/Non-Repudiationd. Traceability

3. Electronic Health Records Management (eHRM),aka “Processes and Systems”

25

Information Integrity, Data Quality, and the Legal Validity of the EHR: In 2007 All Share the Same Issues

PROBLEM 1: Deployment of untested, unproven systems in advance of systematic standardized HIM-supported functional assessments.

Current EHR systems can create:• Records that appear to be accurate and complete, but in reality,

do not always accurately reflect the patients’information/condition or the providers’ actual work performed

Current EHR systems do not necessarily create (and may not even be capable of):

• A valid business record• A legal medical record• A verifiable, accurate, useful clinical record• A consistent, predictable, reliable data source of use to all

current intended end-users

26




Authoritative Guidance

TheLegal

Business Record

DataQuality

AndIntegrity

The Twin Pillars for Health Care Information Quality

And

27

Crosswalk: Legal Principlesof Business Records

Important PointThe basis for medical records’ acceptance (admissibility) as legal records derives from their validity as business records. It is the rules and regulations for business records, particularly those on computers, that stand currently as the fundamental determinants of EHR functional requirements.

If an EHR system cannot meet these requirements, it cannot stand as a legal business record, whether for billing, coding, and reimbursement use or for admissibility in court for any reason.

Note that these same standards serve information integrity by focusing on key concepts of standardized system functions, business rules, and User authentication, all applying to authorship, auditability, and the system supports for the information.

28




Rules of Evidence – Business Records (Including Health Records)

The record was documented in the normal course of business (following normal routines)

The record was kept in the regular course of business

The record was made at or near the time of the matter recorded

The record was made by a person within the business with knowledge of the acts, events, conditions, opinions, or diagnoses appearing in it

Adapted from HIMSS 2006 presentation “The Legal EHR”29

Electronic Records: Additional Rules For Records On Computers

1. The type of computer used and its acceptance as standard and efficient equipment

2. The record's method of operation3. The method and circumstances of preparation

of the record, including:• the sources of information on which it is based• the procedures for entering information into and

retrieving information from the computer• the controls and checks used as well as the tests

made to ensure the accuracy and reliability of the record

4. The information has not been altered

Adapted from HIMSS 2006 presentation “The Legal EHR” 30




Information Integrity:Accounting for Varying Content Requirements

What is required to be in the medical record?• Federal regulations by practice setting• State regulations by practice setting• Requirements of accrediting bodies (e.g., NCQA, JCAHO,

AOA, CARF)• Payer requirements• Pay for Performance Programs• Public Health Uses• Clinical Research Uses

Remember: The people inputting information have to be trained to an appropriate level of understanding of the needs ofeach intended end-user to support the validity to that end-user, and appropriate system rules have to be in place as well.

31

EHR Data Variability

Example of Variations in EHR Information

Generation Capabilities

32




Observing and EvaluatingEHR Business Rules

Business Rules: Embedded Use Policies and Procedures That Derive From Basic Health Record Management Principles

Examples from “The Paper World”

Don’t Use PencilDon’t Leave Blank SpacesDon’t Remove PagesDon’t Obliterate Entries

33

EHR Business Rules: Example

ROS Forms:

If User marks on the form, what is the resulting data saved?

In a paper form, WYSIWYG.

In an electronic form there are variations:

Review of Systems:

Normal All systems reviewed Constitutional Eyes Ears, Nose, Mouth, Throat Cardiovascular Respiratory Gastrointestinal Genitourinary Musculoskeletal Integumentary Neurological Psychiatric Endocrine Hematologic/Lymphatic Allergic/Immunologic

Abnormal _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________

34




Paper FormBusiness Rules

User marks“Normal” for “All systems reviewed”Form records

“Normal” for “All systems reviewed”element marked (all others remain null)

Review of Systems:

Normal √ All systems reviewed

Constitutional Eyes Ears, Nose, Mouth, Throat Cardiovascular Respiratory Gastrointestinal Genitourinary Musculoskeletal Integumentary Neurological Psychiatric Endocrine Hematologic/Lymphatic Allergic/Immunologic

Abnormal _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________

35

EHR Business RuleVariation 1

User marks“Normal”for “All systems reviewed”Database records“Normal” for “All systems reviewed”element marked (all others remain null)

Review of Systems:

Normal √ All systems reviewed

Constitutional Eyes Ears, Nose, Mouth, Throat Cardiovascular Respiratory Gastrointestinal Genitourinary Musculoskeletal Integumentary Neurological Psychiatric Endocrine Hematologic/Lymphatic Allergic/Immunologic

Abnormal _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________

36





User marks “Normal”for “All systems reviewed”

Database records“Normal” for “All systems reviewed”element and“Normal” also for all other systems

Review of Systems:

Normal √ All systems reviewed √ Constitutional √ Eyes √ Ears, Nose, Mouth, Throat √ Cardiovascular √ Respiratory √ Gastrointestinal √ Genitourinary √ Musculoskeletal √ Integumentary √ Neurological √ Psychiatric √ Endocrine √ Hematologic/Lymphatic √ Allergic/Immunologic

Abnormal _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________

37


User marks“Normal” for “All systems reviewed”

Database records“Normal” for all systems

Database does notrecord“Normal” for “All systems reviewed”

Review of Systems:

Normal ? All systems reviewed √ Constitutional √ Eyes √ Ears, Nose, Mouth, Throat √ Cardiovascular √ Respiratory √ Gastrointestinal √ Genitourinary √ Musculoskeletal √ Integumentary √ Neurological √ Psychiatric √ Endocrine √ Hematologic/Lymphatic √ Allergic/Immunologic

Abnormal _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________

38





User marks “Normal”for “All systems reviewed”

Database records“Normal” for all systems with pre-set structured data elements

Database may or may not record “Normal”for “All systems reviewed”

Review of Systems:

Normal All systems negative

Constitutional negative for fever, chills, sweats, unexpected weight loss or weight gain, activity tolerance changes, or dizziness

Eyes negative for visual disturbances, floaters, flashes, blurred or double vision.

Ears, Nose, Mouth, Throat negative for hearing changes, tinnitus, vertigo. No mouth lesions, dental caries, tongue masses or irregularities. No sore throats, hoarseness, or nasal drainage.

Cardiovascular negative for palpitations, angina, peripheral swelling etc.

Respiratory negative for productive or non-productive cough, dyspnea on exertion, pain with cough, snoring, or shortness of breath

Gastrointestinal negative for W, X, Y, and Z Genitourinary negative for W, X, Y, and Z Musculoskeletal negative for W, X, Y, and Z Integumentary negative for W, X, Y, and Z Neurological negative for W, X, Y, and Z Psychiatric negative for W, X, Y, and Z Endocrine negative for W, X, Y, and Z Hematologic/Lymphatic negative for X, Y, Z Allergic/Immunologic negative for W, X, Y, and Z

39

Example: Problematic EHR Business Rule

Overt falsification of encounter information

“(Chairman) recommended putting a statement in the Coding Guidance concerning AutoNeg. It was added in Section 3 under E&M Coding. The AutoNeg function makes all unentered parameters negative. By clicking on AutoNeg, the user is documenting that the items were all verified as negative. Currently, it is not possible to differentiate between the data filled in with AutoNeg or actually choosing the data on all parameters. At a recent meeting, [the vendor] recommended shutting it off because it isn’t safe to use.”

Excerpted from Minutes, Unified Biostatistical Utility, December 2004, page 4 of 15.

40




Teaching AboutProblematicDocumentation

In an EHR, using the tool to document badly faster only increases risk because now nonsense is more readable

41

Teaching About Problematic Documentation

And patterns of behavior become more discernable

42




Cranial Nerves

“CN II-XII”Cranial nerves one through twelve encompass approximately 36 different sensory and motor functions. When I say CN II-XII, what do I mean?

43Image: Bates, Barbara, A Guide to Physical Examination, Second Edition, Lippincott, Philadelphia, 1979.

Remember: There is Nothing Unique about Documentation Requirements in the EHR

Simply Medical Records Compliance combined with compliance for business records on computers.

Where rules are not explicit, the same principle applies to all compliance—show due diligence.

Due diligence, for information integrity, now requires validation of the system for all anticipated data consumers, from all anticipated system users.

44




Information Integrity, Data Quality,and the Information Integrity-Oriented EHR

Recommendation:

Use the concept of the Legally Valid Record as the first “filter” towards achieving Information Integrity.

…because applies to:

> Multiple levels of integrity> Multiple end-users> Addresses medical-legal risk> Has teeth…

and provides a conceptual framework for mapping different end-users’ requirements

45

Basics: Maintaining the Legal and “Informational” EHR

1. The documentation has to be a valid medical record when created. The EHR is not a valid electronic Medical Record until it is a valid Medical Record in all its attributes.

2. The core functions for maintaining the Legal EHR are similar to those that protect the principles of “core”information integrity.

3. An electronic version of a Medical Record is not legally valid until the evidentiary criteria for electronic records are met.

1. The documentation has to be a valid medical record when created for comprehensive information integrity, in all attributes for all intended end-users of the information.

2. The core functions for maintaining the Legal EHR are those that protect the principles of the well established rules for business records on computers.

3. An electronic version of a Medical Record is not “informationally” valid until the end-user criteria are met.

46

Legal Informational




Basics: Maintaining the Legal and “Informational” EHR

• Until comprehensive functional standards for EHRs exist applicable to all information consumers, there is a need for proactive due-diligence in the protection and assurance of an organization’s medical records in all storage media (paper, magnetic, photographic film, etc.).

• There is also a need for recipients of health care information to critique the validity of the information they receive purporting to be medical records.

47

Authentication for Legal AdmissibilityWho May Document in the RecordAuthentication of EntriesDocumentation PrinciplesLinking Each Patient to an EntryTimeliness and Chronology of EntriesLegibility and DisplayCorrections, Errors, and AmendmentsChart ContentFormatsOutput/PrintingPermanency, Retention, Purging and StorageData Integrity: Access, Audit Trails, and SecurityDisaster Recovery and Business Continuity

Excerpted from Practice Brief on Maintaining the Legal EHR. JAHIMA Nov/Dec 2005

Guidance for Subdividing Critical System Functionalities for Analysis and Maintenance of the EHR

48




Establish Validation Schemes and Include Them in Compliance Plan

12. Disaster Recovery and Business Continuity

B. Audit Functions (Documentation Events)

A. Access, Security

11. Data Integrity:

10. Permanency, Retention, Purging, Storage

9. Output/Printing

8. Formats

7. Chart Content

6. Corrections, Errors, and Amendments

5. Legibility and Display

4. Timeliness and Chronology of Entries

C. Defaults, Data ReUse (Copy/Paste, etc.)

B. Templates/Forms

A. Authorship (including Clinical Rules)

3. Documentation Principles

2. Authentication of Entries

B. Permissions Parameters (User Profiles)

A. Administrative Control

1. Who May Document in the Record

SpecialResearchClinicalTrials

CareQuality

RevenueIntegrity

Medical-Legal

ClinicalInformation Integrity Validation Map

49

Choices

In the absence of established, specific, verified functional standards, one must:

• Accept on faith that the system and the users are submitting valid and accurate data for all purposes and end-uses

-or-• Test and affirm

• With front-end and back-end auditing• As a matter of organizational standards• Consistent with the organization’s methods

and core mission• Required for fiscally sound business operations• Required for “informationally” sound system use

practices 50




Test and Affirm

Methods and Means:

Due Diligence

Office policies and procedures, adapted to the EHR environment

Practice’s means for orienting, training, and enforcing medical records principles and standards

Organization’s abilities to identify likely markers for data quality variances

51

Test and Affirm

Does the system support accurate authorship assignment to all elements of documentation, including the date and time of documentation?Does the system overwrite a prior “author”when a second author enters information into the record?How easy is it to access the audit trails of the EHR? It is possible to alter the audit trails in any way?Is it possible to disable the audit functions?

52




Test and Affirm

Sample Elements to Investigate:Does the EHR allow “Documentation by Exception”? Is this ever appropriate? When, by whom? Can this be disabled?

Does the EHR allow “Open Item Billing”? Can this be disabled?

Does the EHR accurately track users identities? Their login times, documentation events?

53

Test and Affirm

If the record is altered BEFORE “closing” or the signature event, does it record who made changes and what changes were made?

Can the record be “re-opened” after closing? Altered? Are alterations apparent?

Does the EHR allow for differing access controls, i.e., not everyone can view, make changes, or make addendums to a record?

54




Test and Affirm

Does the EHR allow “cut/copy and paste”functions?

Does the EHR allow previous encounter content to be brought forward? Is the source properly attributed?

Will the EHR permit items to be deleted, such as notes, progress notes, task assignments, etc? When?

Does the EHR retain who authors clinical rules like parameters for prompts, alerts, normals, care guidelines, etc.?

55

Information IntegrityBegins at the Origination

Train the users to record information according to end-use/info consumer requirements.

Train the users to only record actions that have actually been performed!

Beware of templated documentation.• May not meet end-use requirements• May indicate services have been performed that

have not been. (As in the previous slide’s example: ROS questions asked that were not and Exam components that were not performed.)

56




What Are the Next Steps?Development of Clinical Documentation and Auditing Protocols for your EHR

Review or Revision of Documentation Standards Specifically for the EHR Environment

Development of Information Consistency, Accuracy, and Integrity Standards for EHRs

• Affirm, in the system or in clinical policies, what “Normal” means in clinical terms wherever and whenever used.

• Define compliance requirements, including review processes, for critical clinical and business processes (Examples: Clinical care guidelines, P4P programs, etc.)

57

What Are the Next Steps?

At your practice, or at your institution

It is YOUR Job

To make sure the EHR system serves the organization’s

information integrity requirements.

Not the reverse…58




Integrity Management Requirements

Due Diligence: Prevention against irrational EHR exuberance by requiring evidence-based information processes is very difficult in the current environment

• Recruit—Identify Allies• Organize and Plan • Persistence—”Ugly Baby” blowback• Professionalism• Knowledge• Peer Support

59

The Information Integrity Reality

Information Integrity Reality:1. Identification of Key Players:

Who cares and who has standing or power?

2. Identification of what current systems’ capabilities are and how they are being used

3. Identification of critical gaps between requirements and capabilities

4. Prioritizing based on (1.) 5. Managing the interplay of

forces, financing, and risk6. cultivating key allies, sanity,

and a sense of humor7. (One hand on the ripcord)

60




Information Integrity Resource Requirements

Sense of humorTalking PointsMedical Records Policy Outline• EHR-specific references• EHR-specific standards

EHR-specific tools• Sample Access Policy• EHR Forms Development• Information Integrity Validation Map• EHR Testing

• AHIMA version• Unabridged ADIC version (coming in May)

61

Medical Records Checklist

Important elements of medical records policies:Unique Medical Record created & maintained for each patient Content requirements including author, date, time and authenticationAccess, privacy, confidentiality, and security policiesPolicies and procedures for amendments, corrections, timeliness, completeness, and late entries.Policies and procedures for forms, templates, voice recognition, and dictation.Policies and procedures for records retention, records archiving and destruction, coding and abstracting, data quality management and reporting.

Examples of basic policy outlines can be found from commercially available references and support.

62




Sample Access Policy

Found as an attachment to the downloadable Resource Bookfor this seminar.

http://campus.ahima.org/audio/2007seminars.html

63

Forms Management

If you can think of an EHR’s forms or templates as analogues of paper forms.

Then due diligence requires that you document and record the clinical grounds and evidence supports for the form.

Establishing this as a standard business practice and therefore consistent with legal admissibility, it should be done systematically and therefore should be executed as a matter of policy, with stipulated procedures.

64




Forms Management

If you can think of an EHR’s prompts and guidelines as evidence-based analogues of the implicit prompts of a paper form.

Then due diligence requires that you document and record the clinical grounds and evidence supports for the prompts and guidance behaviors.

Establishing this as a standard business practice and therefore consistent with legal admissibility, it should be done systematically and therefore should be executed as a matter of policy, with stipulated procedures.

See the included resource list: Westhafer, Kathy, “Forms Management Process: Keeping Pace with EHR Development” in Journal of AHIMA, Sept. 2005.

65

Advocates for Documentation Integrity and Compliance (ADIC)Reed D. Gelzer, MD, MPH, CHCCWallingford, [email protected](203) 269-5849 office(203) 269-7764 cell

Patricia A. Trites, MPA, CHBC, CPC, EMS, CHCC, CHCO, CHP, CMP(H)

Augusta, [email protected](269) 731-2561 office(269) 352-3650 cell

Resources at http://www.DocIntegrity.com

66




Peace Be With You

67

Additional ResourcesPractice Briefs, by AHIMA e-HIM Work Groups

• Guidelines for EHR Documentation to Prevent Fraud (Jan. 2007)• Guidelines for Defining the Legal Health Record for Disclosure Purposes

(Sept. 2005)• The Legal Process and Electronic Health Records (Oct. 2005)• Maintaining a Legally Sound Health Record - Paper and Electronic

(Nov/Dec 2005)Available on the AHIMA Website at: www.ahima.org/infocenter/ehim/

Direct links are also provided in this seminar’s resource book.

HL7 Workgroup Legal EHR www.hl7.org/ehrDefining functionality related to legal issues in HL7’s EHR Functional

Standard preparing for balloting soon. (HL7’s EHR Functional Standard itself recently formalized as a standard)

Certification Commission for Health Information Technology (CCHIT) www.cchit.org

Establishing basic functional requirements for EHR “certification”(Currently underway with sequential, annually modified requirements. Requirements roadmapped through 2008 do not yet encompass comprehensive information integrity or even the lesser requirements for the Legal EHR) 68

These resources are also listed in this seminar’s resource book




Additional ResourcesAdditional e-HIM Practice Briefs

• Electronic Health Records Management: • The Strategic Importance• Issues in Electronic Health Records Management• Checklist for Transition to the EHR

• Hybrid Records: Part I, II, and III• Electronic Signatures• Electronic Document Management Systems• E-mail as a Provider/Patient Communication Medium• Data Content and the EHR• www.ahima.org/infocenter/ehim/

Additional Tools• Westhafer, Kathy, “Forms Management Process: Keeping

Pace with EHR Development” in Journal of AHIMA, Sept. 2005. (Link is provided in this seminar’s resource book.)

• Gelzer, Reed and Trites, Patricia, “Using Test Vignettes to Assess EHR Capabilities” in Journal of AHIMA, May 2006. (Article is attached to this seminar’s resource book.)

69


Additional Resources

• How to Evaluate Electronic Health Record Systems

By Patricia A. Trites, MPA, CHBC, CPC, EMS, CHCC, CHCO, CHP, CMP(H) and Reed D. Gelzer, MD, MPH, CHCC (Published by AHIMA)

Expected to publish in May 2007Copies can be reserved now at www.AHIMA.org

70

HIMSS Resources• EMR Brochures (Including one on the Legal EMR)

http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=158





Audience Questions

Audio Seminar Discussion

Following today’s live seminarAvailable to AHIMA members at

www.AHIMA.org“Members Only” Communities of Practice (CoP)

AHIMA Member ID number and password required

Join the e-HIM Community from your Personal Page. Look under Community Discussions for the Audio Seminar Forum

You will be able to:• discuss seminar topics • network with other AHIMA members • enhance your learning experience




AHIMA Audio Seminars

Visit our Web site http://campus.AHIMA.orgfor updated information on the 2007 seminar schedule. While online, you can also register for seminars or order CDs and Webcasts of past seminars.

Upcoming Audio Seminars

Impact of Medicare COP Changes on HIMMarch 29, 2007

Understanding and Using ICD-10-PCSApril 10, 2007

Revenue Cycle ManagementApril 17, 2007




AHIMA Distance Education

Anyone interested in learning more about e-HIM® should consider one of AHIMA’s web-based training courses.

For more information visit http://campus.ahima.org

Thank you for joining us today!

Remember − visit the AHIMA Audio Seminars Web site to complete your evaluation form and receive your CE Certificate online at:

http://campus.ahima.org/audio/2006seminars.html

Each person seeking CE credit must complete the sign-in form and evaluation in order to view and print their CE certificate.

Certificates will be awarded for AHIMA CEUs and ANCC Contact Hours.

Appendix


Resource/Reference List ..................................................................................40-41 Article: Using Test Vignettes to Assess EHR Capabilities Sample Access Control Policy CE Certificate Instructions

Appendix


Resource/Reference List

Recommended Reading: Practice Briefs, by AHIMA e-HIM Work Groups Available on the AHIMA Website at: www.ahima.org/infocenter/ehim/

• Guidelines for EHR Documentation to Prevent Fraud (Jan. 2007) http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_033097.hcsp • Guidelines for Defining the Legal Health Record for Disclosure Purposes (Sept. 2005) http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_027921.hcsp • The Legal Process and Electronic Health Records (Oct. 2005) http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_028134.hcsp • Maintaining a Legally Sound Health Record - Paper and Electronic (Nov/Dec 2005) http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_028509.hcsp • New Electronic Discovery Civil Rule (September 2006) http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_031860.hcsp

Additional e-HIM Practice Briefs Available on the AHIMA Website at: www.ahima.org/infocenter/ehim/

• Electronic Health Records Management: • The Strategic Importance • Issues in Electronic Health Records Management • Checklist for Transition to the EHR • Hybrid Records: Part I, II, and III • Electronic Signatures • Electronic Document Management Systems • E-mail as a Provider/Patient Communication Medium • Data Content and the EHR

Attached Journal Article (AHIMA member login required): This article is also attached to this resource book.

Gelzer, Reed D., Trites, Patricia. "Using Test Vignettes to Assess EHR Capabilities." Journal of AHIMA 77, no.5 (May 2006): 56-59. http://library.ahima.org/xpedio/groups/secure/documents/ahima/bok1_031369.hcsp

Additional Journal Article (AHIMA member login required):

Westhafer, Kathy, “Forms Management Process: Keeping Pace with EHR Development” in Journal of AHIMA, Sept. 2005. http://library.ahima.org/xpedio/groups/secure/documents/ahima/bok1_027966.hcsp

-- CONTINUED --

Appendix


Resource/Reference List (continued)

Book: How to Evaluate Electronic Health Record Systems By Patricia A. Trites and Reed D. Gelzer (Published by AHIMA) Expected to publish in May 2007; Copies can be reserved now at www.AHIMA.org

AHIMA e-HIM Work Groups • Guidelines for EHR Documentation to Prevent Fraud (Jan. 2007) • Guidelines for Defining the Legal Health Record for Disclosure Purposes (Sept. 2005) • The Legal Process and Electronic Health Records (Oct. 2005) • Maintaining a Legally Sound Health Record - Paper and Electronic (Nov/Dec 2005) Available on the AHIMA Website at: www.ahima.org/infocenter/ehim/

HL7 Workgroup Legal EHR www.hl7.org/ehr Defining functionality related to legal issues in HL7’s EHR Functional Standard preparing for balloting soon. (HL7’s EHR Functional Standard itself recently formalized as a standard)

Certification Commission for Health Information Technology (CCHIT) www.cchit.org Establishing basic functional requirements for EHR “certification” (Currently underway with sequential, annually modified requirements. Requirements roadmapped through 2008 do not yet encompass comprehensive information integrity or even the lesser requirements for the Legal EHR)

HIMSS Resources EMR Brochures (Including one on the Legal EMR) http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=158

Using Test Vignettes to Assess EHR Capabilities by Reed D. Gelzer, MD, MPH, CHCC, and Patricia Trites, MPA, CHBC, CPC, CHCC, CHCO

Test vignettes help evaluate how EHR products handle common documentation needs.

For those who are braving the EHR selection process, there is a great deal of guidance available on how to organize this difficult process. The steady advance of technical standards, functional standards, and product certification contributes much-needed help in compiling functional requirements. (These resources are also helpful to those who are looking to evaluate their current systems.) Organizations can also receive help in evaluating EHR systems through the use of testing protocols that apply established, professionally and legally accepted standards in the form of test vignettes.

Test vignettes, as used in this article, are scripts representing common documentation events, processes, and procedures that occur during an encounter. They seek to illustrate the performance and output of a software system in a fair and reproducible manner. Typically, a knowledgeable system user follows the script and performs the information entry while evaluators observe. The resulting documentation is judged according to professional documentation principles.

In addition to highlighting important software features and functions, test vignettes also assist HIM staff and organization leadership in comparing how various EHR products handle key HIM functions. Vignettes also help illustrate how a provider’s documentation policies and procedures may be reflected in an EHR it currently uses or is considering for purchase.

About This Vignette

Test vignettes can be applied to any health record function. The vignette presented here tests an EHR system’s ability to maintain a legal health record. The script focuses on evaluating functions pertaining to amendments, attestation, authorship, and nonrepudiation, as well as the auditing functions that support their integrity. Constructing the vignette began with a review of the core requirements of medical records as legal business records in a computerized environment.1

No one encounter will include the many functional challenges that this vignette contains. The vignette is not intended to be a typical encounter; instead it presents a test environment that includes a number of common challenges to the documentation workflows that occur in normal practice environments. The vignette does not include all variants that a testing protocol should measure in the course of an HIM-focused, due-diligence process. It is intended as a presentation of one type of testing for one set of critical functions. It is most

Page 1 of 7Using Test Vignettes to Assess EHR Capabilities

Resources - AHIMA Audio Seminar/Webinar: Information Integrity for EHRs - 3/13/07 - campus.ahima.org

appropriate as a script for a live or remote demonstration, but it could possibly serve as part of a request for information.

The scenario starts with a review of the context and the system functions being examined. It includes possible requirements regarding general assurances necessary for a system’s evaluation, especially when testing a system for possible purchase. These assurances should be solicited from the vendor prior to the demonstration.

The script of the scenario appears in the table that follows. The organization provides the vendor with the identification and system permissions of the users featured in the script. The analytic questions shown in the "observation" column help guide the evaluator’s queries. (They are not intended as instructions for the user working directly with the software or as questions for the vendor.) These questions address authorship, attestation, nonrepudiation, and auditing, seeking to identify the system’s ability to:

Track exactly who did what tasks and when Support changes in, and additions to, documentation that occurred during the course of an encounter by changing of authors Support changes in, and additions to, an encounter that occurred after the encounter was attested (signed) Re-attest a re-opened encounter, including supporting documentation for the changes as an extraordinary event

Throughout the review, the utility of audit functions should also be noted--where the audit supports differentiation and where it may not, specific to the targeted areas for authorship, attestation, integrity, and amendments. The vendor should be asked to provide a printed copy of the audit report or audit views that substantiate the scenario events that require auditability. Evaluators should also note the required skill set and system security access level.

The objective here is documentation veracity, not speed. The vignette is one example of how testing protocols can be used to compare the ability of different systems to perform common HIM functions.

Scenario: Testing Legal Functionality

Scenario Context

An established patient presents with a scheduled appointment for an annual physical. The patient already has PFSH, medications, labs, and radiology information in the system.

The visit is in a primary care practice where staff trust is high, intake staff members have the discretion--in line with practice policies and procedures--to do common tests when deemed highly likely to be needed or as specifically established as standard operating procedure (e.g., U/A on a first-trimester pregnancy).

Purposes

1. Demonstrate system capabilities to support authorship and to demonstrate timeliness, attestation, and nonrepudiation

2. Demonstrate system business rules for building information using common convenience tools and the ability to differentiate the employment of these tools



Scenario

3. Demonstrate amendment functions 4. Demonstrate appropriately detailed documentation audit features and functions 5. Highlight how each product handles key documentation events and supports authenticity with the

assistance of the system’s audit functions

Demonstration Requirements

1. System must be substantially the same as that generally installed at a client site. 2. A similar test run on a randomly chosen user site must yield substantially the same results. 3. The system must support multiple user identifications within the same encounter. [Note:

demonstration versions may not offer this routinely, so it must be requested to ensure a useful test.] 4. If the tested system has features or functions the vendor would like to emphasize for special notice or

clarification, the vendor may include this information in a separate document, referring back to the test protocol to indicate the context of its relevance.

5. If an opportunity for a verbal explanation is requested from or by the vendor, the point of contact and a brief indication for the need is required. This added information will not be considered part of the evaluation, testing, and verification process.

6. The report must include a printed copy of the documentation output, representing what would be sent in response to a request from another medical office or from a third-party payer.

7. The audit report must include a printed copy of the output of the audit and the steps necessary to produce the report.

8. If any portion of the vignette is omitted, explanations must be provided.

Action Observation

I. Intake--user 1 A. Checks patient into the clinical workspace

B. Updates allergies by adding a mild urticarial reaction to penicillin, treated at Hospital X’s ED January 1, 2006

Can the system identify new general patient information that is added by user 1 in the encounter? [Note: some systems do not identify the user when changes are made to general patient information fields that are separate from the encounter functionality and workflow. Some systems will not indicate the state of the data prior to the change, instead noting only that information within that functional area was changed.]

Can the added allergy be identified in the system as associated with the encounter by date and user ID?

C. Documents vital signs: T/BP/P/R and weight

Does the system associate each data field input with user 1? Alternatively, are vital signs recorded in a table and is each new table a unique event that can be associated with a different user?

D. Documents presenting problem or chief complaint: annual physical

Does the system associate the information with the user 1 ID?

E. Documents basic HPI/ROS using the standard tools and functions within the system including those generally used by providers. (Please note separately if the system does not permit, under any setup options, a subset of intake users to employ the provider HPI and ROS tools). Within HPI/ROS:


1. Identifies episodic fatigue and malaise or similar




2. Identifies episodic visual blurring Does the system associate the information with the user 1 ID?

3. Identifies "no cardiac symptoms" as the patient reported item


4. Cues global "all other ROS items negative" function, if available

Does the system separately identify or otherwise support the differentiation of information recorded by a "global" statement from uniquely selected individual information elements? [Note: "global" cues or "aggregate documentation events" are those documentation tools that support either cueing a series of documentation insertions or outputs as a result of one user action, keystroke, or click, including those that insert boilerplate text or defined norms or normals.]

Does a global or aggregate event generate detailed documentation text? If so, is it distinguishable in the output from uniquely selected, typed, or voice-recognition documentation? Is it distinguishable using user-accessible audit functions?

Does any coding accumulation in the background calculate the same codes whether from global or aggregate documentation events (multiple system ROS documentation from a single key), or does coding accumulation differentiate individually selected from globally recorded events?

F. Removes ROS indication for "GI negative" and leaves it blank or null

If the system uniquely records global versus individual selection events, are the global events appropriately recorded as changed to unique events?

G. Orders a urinalysis Does the system record orders by user?

H. Gives a tetanus immunization injection Does the system record procedures by user?

Does the system support reference to a standing order that legitimizes this as a task that can be undertaken by the intake staff?

I. Transfers encounter process to user 2 Does the system record user changes as an event, or does it identify documentation events by user ID?

II. Provider--user 2 A. Reviews PFSH records in system: no changes made

Does the system record "screen view" events where no changes are made?

How does the system differentiate "review" events that support PFSH--does the user indicate an action to support that this event occurred? [Note: whether the system discriminates between "reviewed" as defaulted versus selected during an encounter is tested below.]

B. Reviews current medications: no changes made


How does the system differentiate "review" events that support medications review--does the user indicate an action to support that this event occurred? [Note: whether the system discriminates between "reviewed" as defaulted versus selected



during an encounter is tested below.]

C. Reviews current allergies: notes the addition of new allergy


D. Adds family history of PCN reactions Does the system differentiate screen views from screen changes in the PFSH section?

E. Identifies new chief complaint not mentioned upon intake: abdominal pain

Does the system differentiate information input by multiple users?

F. Collects basic HPI for abdominal pain using standard functions in the system

Does the system differentiate information input by multiple users?

1. Occurrence irregular, occasional, not predictable

2. Associated with fatty meals 3. Located in the right upper

quadrant, no radiation

G. Changes some of the information entered by user 1

Does the system preserve the original information recorded by user 1 and allow differentiation of user 1 and user 2 information?

1. Within vitals adds new, different BP reading

Does the system preserve the differentiation of information recorded by multiple users in all areas, including time of recording?

2. Within HPI/ROS: a. Adds visual symptoms:

episodic visual loss in right eye

b. Changes urinary from intake to indicate nocturia, twice per night

c. Leaves the rest blank or unchanged

Does the system preserve the differentiation of information recorded by multiple users in all areas, including time of recording?

H. Within physical exam, indicates positive and negative findings in at least five system exam areas including neurological, cardiovascular, and abdominal/GI using a mixture of positives and negatives. Do not mention murmurs in cardiovascular examination.

I. Within physical exam, indicates skin/dermatological findings are all normal by a global key, if available

Does the system differentiate user input and, if global key documentation events are supported, how are they differentiated from unique selection?

J. Reviews the U/A result Does the system differentiate user activities? How is clinical information review captured?

K. Completes the assessment or impression section

1. Diagnosis: abdominal pain, possible cholelithiasis

2. Diagnosis: UTI

L. Completes the plan section 1. Diagnostic ultrasound of abdomen 2. Refer to general surgery 3. Patient instructed to call provider



Note

1. AHIMA. "Update: Maintaining a Legally Sound Health Record--Paper and Electronic." Journal of AHIMA 76, no. 10 (2005): 64A-L. Available online in the FORE Library: HIM Body of Knowledge at www.ahima.org.

if fever, vomiting, worsening pain

M. Completes the documentation tasks and executes closing tasks and signature equivalents

How are closing events and signature events recorded? Identify in the accompanying report the steps undertaken by a user to execute a signature event. (Use screenshots if appropriate or helpful.)

N. If available, show how nursing or checkout staff can document any printed patient instructions after the encounter has been closed

How are additional information events recorded? How are they identified as components of the encounter?

O. Recalls additional exam findings not documented; re-opens encounter to document ophthalmic exam and add to cardiac exam

How does the system record and differentiate the inputs from different authors made at different times?

How are amendments supported and differentiated from the original, signed record? How are amendments connected to the original documentation? How are additions to documentation and to processes such as tests and referrals identified and preserved?

1. Adds PERRL, extra-ocular movements, inability to maintain lateral gaze, vision blurs

2. Adds funduscopic negative 3. Adds new cardiac finding: new

systolic murmur, 3/6 4. Adds new diagnosis: cardiac

murmur, NOS 5. Adds new referral: cardiology 6. Adds new scheduled test: cardiac

ultrasound

P. Resigns encounter How does the system handle resignature events and differentiate them from the original closing events?

If the EHR system is to be integrated or interfaced with a billing system, how does the documentation function interact with the billing system to avoid duplicate billing for the same event and to provide coding edits or corrections?

Reed D. Gelzer ([email protected]) and Patricia Trites ([email protected]) are cofounders of Advocates for Documentation Integrity and Compliance, an educational, advocacy, and consulting organization. The authors thank members of the AHIMA e-HIM® Work Group on Maintaining the Legal EHR for feedback and comment on the test vignette presented in this article.

Article citation: Gelzer, Reed D., Trites, Patricia. "Using Test Vignettes to Assess EHR Capabilities." Journal of AHIMA 77, no.5 (May 2006): 56-59.



Copyright ©2006 American Health Information Management Association. All rights reserved. All contents, including images and graphics, on this Web site are copyrighted by AHIMA unless otherwise noted. You must obtain permission to reproduce any information, graphics, or images from this site. You do not need to obtain permission to cite, reference, or briefly quote this material as long as proper citation of the source of the information is made. Please contact Publications at [email protected] to obtain permission. Please include the title and URL of the content you wish to reprint in your request. Article is online at: http://library.ahima.org/xpedio/groups/secure/documents/ahima/bok1_031369.hcsp (AHIMA member login is required.)



Appendix Resource: Sample Access Control Policy Page 1 of 3 For "Information Integrity in EHRs" AHIMA Audio Seminar Presented on March 13, 2007 http://campus.ahima.org/audio TOPIC: Access Control Policy POLICY NUMBER: Effective Date: Revision Date: Applicable HIPAA Security Rule Section(s): 164.308(a)(3); 164.308(a)(4); 164.308(a)(5); 164.312(d)

APPROVED BY:

POLICY: We will make every reasonable effort to provide appropriate access to electronic data and organization locations relative to the workforce member’s job requirements. It is our intention to provide access to only those areas and categories of data and systems that each person needs to do his/her job and require that each workforce member restrict his/her access to only those specific areas, records and functions needed to carry out his/her job. PURPOSE: Appropriate and applicable access to protected health information is a basic requirement of the HIPAA Privacy and Security Rules. This policy and it’s procedures will outline the basic steps our organization has developed and implemented to insure appropriate access to the electronic protected health information we maintain and disclose. PROCEDURES:

1. The following classifications of access have been established and will be utilized in our organization.

a. No electronic access b. Patient billing information and systems: read only

c. Patient billing information and systems; read/write

d. Clinical information and systems; read only

e. Clinical information and systems; read/write

f. Sensitive clinical information and systems (HIV, STD, mental health

records); read only

Appendix Resource: Sample Access Control Policy Page 2 of 3 For "Information Integrity in EHRs" AHIMA Audio Seminar Presented on March 13, 2007 http://campus.ahima.org/audio

g. Sensitive clinical information and systems (HIV, STD, mental health records); read/write

h. Employee/workforce (personal) clinical and billing information and

systems; read/write i. System administrator information and systems; read only j. System administrator information and systems; read/write

2. The access classification will match the person’s job and each member of the

workforce will be assigned the appropriate access classification at the time of their initial hire.

3. Each member of the workforce will be assigned the appropriate access

classification at the time of any re-assignment of duties

4. The Security Officer will maintain a record of the type of access provided to each workforce member.

a. The record will include the workforce member’s name, the date and

justification of the access, and will be recorded and maintained on the Authorization History Form in the Security Plan Recordkeeping System.

5. The Security Officer will provide user accounts with the matching technical

privileges and provide to the workforce member the account information including a one-time-use password that the user must change to a private password upon first use of the account.

6. Only the person assigned to an account will be allowed to use that account.

7. Each time a user logs in; the login system will record the activity in the Log

Records using the User ID.

8. The Security Officer and [Name another individual with access to this information] will each have a special account that allows them to create new accounts. The account will be used only in an emergency when all other accounts have been disabled or locked out. It will be used to either reset the passwords on locked accounts or create new accounts that provide needed access.

9. If a workforce member leaves the organization, the Security Officer, or his/her

designee, will remove that member’s access as soon as possible, but within twenty-four (24) hours of the workforce member’s termination.

Appendix Resource: Sample Access Control Policy Page 3 of 3 For "Information Integrity in EHRs" AHIMA Audio Seminar Presented on March 13, 2007 http://campus.ahima.org/audio

10. If a workforce member takes a leave of absence and is not expected to require

access, the Security Officer, or his/her designee, will disable the workforce member’s account when he/she leaves and re-enable it upon his/her return to work.

11. For workforce members who are not qualified to access electronic data, but who

on occasion must obtain access for a limited amount of time, the Security Officer may provide a temporary log-on and password that is only valid for 12- hours to the workforce member and there will be adequate supervision while the workforce member has access to the data.

12. For temporary workforce members, i.e. temporary employees and contracted

vendors such as auditors, the same procedure will be followed as in procedure #11, after appropriate training has been given to the temporary workforce member regarding the organization’s Security Plan.

To receive your

CE Certificate

Please go to the AHIMA Web site

http://campus.ahima.org/audio/2007seminars.html click on the link to

“Sign In and Complete Online Evaluation” listed for this seminar.

You will be automatically linked to the

CE certificate for this seminar after completing the evaluation.

Each participant expecting to receive continuing education credit must complete the online evaluation and sign-in information after the seminar, in order to view

and print the CE certificate.