The impact of computerising medical records on the quality of healthcare

Introduction

Computerisation of medical records popularly referred to as Electronic Medical Records (EMRs) or Electronic Health Record (EHRs) is becoming an integral component of many healthcare settings in the world today. Several countries have implemented successful programmes to promote the computerisation of medical records in order to reduce healthcare costs and improve the quality of healthcare provided (Bates, 2010).

With the advance of information communication technologies (ICTs) in the last 20 years, different systems are being implemented in healthcare organizations to improve healthcare services with better data management, communication, and decision making. Out of these, implementing the computerized system is the priority agenda not only in developed countries but also in many developing countries (Mount, Kelman & Smith, 2010).

Garrison, Bernars and Rasmussen (2012) stated that computerized medical record is used to capture, store, and share information among healthcare providers in an organization, supporting the delivery of health services to patients. It is perceived as a way to improve healthcare quality through improving work flow, reducing medical errors, minimizing cost and treatment time, increasing revenue, improving patient care by creating a better linkage to all care givers, reducing the need for file space, supplies, and workers for the retrieval and filing of medical records. Even though there is a high expectation on the computerized medical records on its great potential for improving quality, continuity, safety, and efficiency in healthcare worldwide, the overall adoption rate is relatively low.

Conceptual framework on computerised medical records

Computerised medical record (EHR) as defined by Bostrom, Schafer, Dontje, Pohl, Nagelkerk and Cavanaggh (2006) is a computerised version of a patient’s medical history, that is maintained by the provider over time, and may include all of the key administrative clinical data relevant to that persons care under a particular provider, including demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports.  The computerised medical record automates access to information and has the potential to streamline the clinician’s workflow.

The North Carolina Healthcare Information and Communication Alliance (NCHICA) (2012) stated that the computerised medical records also has the ability to support other care-related activities directly or indirectly through various interfaces, including evidence-based decision support, quality management, and outcomes reporting by stressing that computerised medical records are the next step in the continued progress of healthcare that can strengthen the relationship between patients and clinicians.

The timeliness and availability of data in computerised medical records enable providers to make better decisions and provide better care.  For example, the computerised medical records can improve patient care by reducing the incidence of medical error by improving the accuracy and clarity of medical records, making the health information available, reducing duplication of tests, reducing delays in treatment, and patients well informed to take better decisions (Bomba, 2014).

Benefits of computerised medical records to healthcare delivery

Computerized medical records and the ability to exchange health information electronically can help you provide higher quality and safer care for patients while creating tangible enhancements for the health sector in general.  Bates (2013) stated that computerized medical records help healthcare providers better manage care for patients and provide better health care by:

• Providing accurate, up-to-date, and complete information about patients at the point of care.
• Enabling quick access to patient records for more coordinated and efficient care.
• Securely sharing electronic information with patients and other clinicians.
• Helping healthcare providers more effectively to diagnose patients, reduce medical errors, and provide safer care
• Improving patient and provider interaction and communication, as well as health care convenience
• Helping to promote legible, complete documentation and accurate, streamlined coding and billing
• Enhancing privacy and security of patient data
• Helping healthcare providers improve productivity and work-life balance
• Enabling healthcare providers to improve efficiency and meet their business goals
• Reducing costs through decreased paperwork, improved safety, reduced duplication of testing, and improved health.

Also, Makoul and Tang (2011) stated that computerized medical records are the first step to the transformation healthcare by highlighting its benefits to include:

• Better healthcare delivery by improving all aspects of patient care, including safety, effectiveness, patient-centeredness, communication, education, timeliness, efficiency, and equity.
• Better health by encouraging healthier lifestyles in the entire population, including increased physical activity, better nutrition, avoidance of behavioural risks, and wider use of preventative care.
• Improved efficiencies and lower health care costs by promoting preventative medicine and improved coordination of health care services, as well as by reducing waste and redundant tests.
• Better clinical decision making by integrating patient information from multiple sources.

Challenges facing the computerisation of medical records

Not too long ago, health records were kept in thick manila folders, and now many patients access their medical histories and test results via online portals. Although this abundance and availability of data is great for patients and medical professionals, it is even better for hackers. According to AMA (2012), as the healthcare industry embraces the EHRs, the security threat to most personal data is also changing. Here are five of the biggest healthcare data security challenges associated with computerised medical records.

1. Health information exchanges and computerised medical records

The adoption of computerised medical records in health care delivery encourages healthcare providers to adopt electronic health records (EHRs) for patients and health information exchanges (HIEs) to help clinicians share patient data. This makes it easy to stores large quantities of medical data shared between multiple providers which creates a tempting opportunity for data thieves. Where once, data thieves might have had to break into a doctor’s office and flip through physical files to access a person’s medical history, now all they need to compromise data and ability to access the information from a remote computer (Fouzia et al., 2015).

2. User error in technology adoption

Another healthcare data security hazard of computerised medical records is that it can undermine patients’ data secrecy as a result of a simple patient user error. Once accessing the laboratory work from a healthcare provider’s portal, patients’ medical privacy is in his or her hands. But when these data are stored in unencrypted folders in the cloud, or the results are sent through email, it paves a simple pathway for unauthorised persons to access patients’ data (Odom-Wesley, Brown and Meyer, 2009).

3. Identity theft and the rise of “hacktivism.”

In 2013, unauthorised users broke into the databases of Community Health Systems, Inc. (CHS), one of the largest hospital groups in the United States, and accessed personal data — including social security numbers — from around 4.5 million patients. Hackers from the self-acclaimed Internet Vigilante Group also targeted the Boston Children’s Hospital, launching a distributed denial of service (DDoS) attack on the hospital website as an act of “hacktivism.” While the purpose of the attack, part of a larger operation called OpJustina, was to seek retaliation against the hospital for holding a patient against the will of her parents, it shows just how vulnerable healthcare data security can be to a group of determined hackers (AHIMA, 2012).

4. The adoption of cloud and mobile technology in healthcare

Healthcare mobile applications are also a growing industry, leaving patient data prone to the vulnerabilities of the cloud and individual mobile devices. While many practitioners argue that patients’ data is safe due to the fact that the encryption of PHI, but it is noteworthy that encryption is a slippery issue when it comes to the cloud. While it’s relatively simple to encrypt data at rest in the cloud, data in use — that is, data being used by an application, as opposed to sitting in storage — is much harder to encrypt(Rinehart & Harman, 2006).

5. Cost of running computerised medical records

Running a hospital is usually not cheap, and when hospital are prioritizing the latest MRI technology or increasing staff to meet growing needs, sometimes IT budget can fall by the wayside (NCHICA, 2012).

Measures to improve on the implementation of computerised medical records

Improving on the implementation of computerised medical records requires adequate security of protected health information (PHI) of patients in Health Information Technology System which entails putting measures in place to guard against unauthorized use and disclosure of PHI.  According to the Health Insurance Portability and Accountability Act (HIPAA) of 1996 as cited in Adeleke (2014) stated that improving on the implementation of computerised medical records can be achieved through:

• technical safeguards;
• physical safeguards; and
• administrative safeguards.

1. Technical safeguards

Technical safeguards in the utilization of computerised medical records are safeguards that are built into the health information system to protect computerised health information and to control access to it.  This includes measures to limit access to electronic information, to encrypt and decrypt electronic information, and to guard against unauthorized access to that information while it is being transmitted to others.  Procedures and policies required to address the following elements of technical safeguards include:

• Access control: Allowing only access to persons or software programs that have appropriate access rights to data or PHI by using, for example, unique user identification protocols, emergency access procedures, automatic logoff, and encryption and decryption mechanisms.
• Audit controls: Recording and examining activity in health IT systems that contain or use PHI.
• Integrity: Protecting PHI from improper alteration or destruction, including implementation of mechanisms to authenticate PHI.
• Person or entity authentication: Verifying that a person or entity seeking access to PHI is who or what they claim to be (proof of identity).
• Transmission security: Guarding against unauthorized access to PHI that is being transmitted over an electronic communications network.

Odom-Wesley et al. (2009) stated that having technical safeguards in place can protect against various intended and unintended uses and disclosures of PHI.  Some of the technical safeguards are preventive measures to protect PHI, while others are designed to ensure disclosure and identification of any unauthorized uses.

2. Physical safeguards

Physical safeguards for PHI and health IT refer to measures to protect the hardware and the facilities that store PHI.  Physical threats, whether in electronic or paper formation, affect the security of health information.  Some of the safeguards for electronic and paper-based systems are similar, but some safeguards are specific to health IT.  Policies and procedures must be put in place to physically safeguard health IT.  These elements include:

• Facility access controls: Limitations for physical access to the facilities where health IT is housed, while ensuring authorized personnel are allowed access.
• Workstation use: Specifications for the appropriate use of workstations and the characteristics of the physical environment of workstations that can access PHI.
• Workstation security: Restrictions on access to workstations with PHI.
• Device and media controls: Receipt and removal of hardware and electronic media that contain PHI into and out of the facility and the movement of these items within a covered entity, including disposal, reuse of media, accountability, and data backup and storage.

3. Administrative safeguards

Administrative safeguards refer to the policies and procedures that exist in practice to protect the security, privacy, and confidentiality of patients’ PHI.  These administrative safeguards include:

• Identifying relevant information systems
• Conducting a risk assessment
• Implementing a risk management program
• Acquiring IT systems and services
• Creating and deploying policies and procedures
• Developing and implementing a sanctions policy

References

Adeleke, M. (2014). Professionalism in the age of computerised medical records. Nigerian Med J.,47,1018–22 .

American Health Information Management Association (AHIMA) (2012). The 10 security domains. J Am Health Inf Management Assoc., 83(5), 50.

American Medical Association (AMA)(2012). Electronic health records: Privacy, confidentiality and security, Journal of Ethics, 20(12), 9-12.

Anderson, J. G. (2007). Social, ethical and legal barriers to e-health. Int J Med Inform., 76,480–3.

Bates, D. W. (2013). A proposal for electronic medical records in US primary care. J. Am Med Inform. Assoc. 10 (1), 10.

Bomba, D. (2014). Moving beyond implementation to sustained use of computers in general practice in Australia. International Journal in Healthcare Technology and Management, 6, 83-90.

Bostrom, A. C., Schafer,  P., Dontje, K., Pohl, J. M. Nagelkerk, J. & Cavanaggh, S. J. (2006). Electronic health record: Implementation across the Michigan Academic Consortium. Comput Inform Nurs., 24:44–52.

Fouzia, F., Nayer, J., Amit, S. & Praveen, A. (2015). Ethical issues in electronic health records: A general overview. Prospect Clin Res., 6(2), 73–76.

Garrison, G. M., Bernard, M. E. & Rumussen, N. H. (2012). 21^st Century healthcare: The effect of computer use by physicians on patient satisfaction at a family medicine clinic. Fam Med. 34, 36-8.

Makoul, G. & Tang, F. C. (2011). The use of electronic medical records communication patterns in outpatient encounters. J Am. Med. Inform. Assoc, 8, 16-19.

North Carolina Healthcare Information and Communication Alliance (NCHICA) (2012). The benefits and risks of electronic health records. North Carolina: NCHICA.

Odom-Wesley, B., Brown, D. & Meyers, C.L. (2009). Documentation of medical records. Chicago: American Health Information Management Association.

Rinehart & Thompson (2006). Privacy and confidentiality. Challenges in the Management of Health Information. (2^nd ed.) Sudbury, MA: Jones and Bartlett.