EHR Event of the Month: "Guess Who?"
- Michael Victoroff, M.D., Editor-in-Chief
Submitted by a nurse quality reviewer:
We review medical records on our office site visits. Our guidelines say all notes must be signed. But, I have seen EHR notes that don’t identify who wrote them. Either the system doesn’t have this capability (really?) or the customer didn’t implement it. I’ve been told “we can look at the audit trail” if they have to verify the source of an entry. But, that takes time and expertise, and only tells who was logged in at the workstation (often shared by several users!). In paper charts we stress signing and dating everything. But, in some EHRs it’s impossible to know who did what. Suppose you needed to clarify what somebody wrote? Who would you call?
Signatures are a vital piece of the patient safety apparatus. In the days of paper charts, some docs felt signing notes was just a formality, vaguely related to hypothetical, legal purposes. But, this attitude belongs to the era of small towns with unlocked doors.
Signatures – rather, the identities and credentials they represent – are the keys that launch every sensitive and dangerous process in our medical system. They order drugs, authorize surgery, change ventilator settings, initiate radiation therapy or withdraw life support. Getting one patient through a day in the hospital may take a hundred people, most of whom the patient will never meet, and who may not even know each other. Verifying that those strangers are who they are supposed to be, and are doing what they’re supposed to do, is a pillar of the integrity of the professions, organizations and the system itself.
Maybe some yearn for a pre-9/11 society, when people trusted their fairyland neighbors without fear of fraud, impersonation or mistakes; doctors and patients knew each other forever; the kindly nurse lived next door to your aunt; and good doctors never made errors. Now this is fantasy. There’s a place for “Trust me, I’m a doctor.” But, first, let’s see some ID.
To report a suspected EHR Safety Event, visit www.EHRevent.org.
Expert Commentary: "Identity Crisis"
- Michael Victoroff, M.D., Editor-in-Chief
Identity management is central to credentialing, security, privacy, safety, accountability and trust. Credentialing and security assure that people have the authority to do what they are doing. Privacy assures that information stays where it belongs. Safety is the right process happening at the right time to the right person. Accountability is being able to describe how events occurred. Trust comes from demonstrating these things.
Every human transaction, from marriage to mortgage, depends on trusted identities. This gets complicated, the more we connect through large, anonymous networks. Today, like airlines, banks, nuclear plants, police stations and nursery schools, every health facility needs to master ID security. Unfortunately, until 10 years ago, identity controls in healthcare lagged a generation behind other critical industries. But, a decade of national security consciousness has engendered a lot of catching up, by everyone. Today, signatures are not ceremonial – they are safety devices.
Before 9/11, many hospitals (and virtually all offices) used nametags for courtesy, not security. Visiting hours controlled hours, not visitors. Logins gave access, rather than monitoring it. Things are different today. Yet, many legacy information systems used in today’s facilities were built for a softer security environment. They were not configured with the strong safeguards demanded by wide area networks, wireless devices and serious jeopardy from breaches.
In high performance systems, it’s necessary to assume – and awkward to question – that strangers are who they seem. There’s no time to check credentials. Every institution must vet its own personnel and vouchsafe their performance. Healthcare security must be as strong as a bank and as calm as a library. One’s signature is one’s bond.
IOM Study: HIT & EHRs
Next month, the Institute of Medicine (IOM)
is expected to release the results of a one-year study on improving patient safety using health information technology (HIT).
Funded by the Office of the National Coordinator for Health Information Technology (ONC)
, the study results are expected to reflect the following:
• The present state of HIT and patient safety
• Suggestions for improving HIT-related patient safety issues
• The appropriate function of the FDA and other federal agencies
Please watch for a summary of the IOM study results in a future edition of the EHRevent Newsletter. For more information on the study, please visit the U.S. Department of Health & Human Services web site