Electronic medical records (“EMRs”) have become vital to both hospitals and physician’s practices. They are a secure, electronic version of a patients’ medical history and often include all of the clinical data relevant to a patient’s care, including demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports. The EMR automates access to information and streamlines the health care provider’s workflow. When a hospital EMR crashes or is breached it can be catastrophic. There is a real risk of liability exposure if the clinical staff’s access to patient records is cut off and the clinician proceeds with treatment without having access to all of the relevant data. Having assisted a number of hospitals in acquiring, implementing and maintaining electronic healthcare record systems, I have witnessed some of the best and worst practices. Here are some guidelines on how to prepare for a crash, or loss of data, and what to do after it happens.
No Such Thing as a Failure-Proof System
Normally there are several redundancies built into hospital computer systems and most Software as a Service (“SAS”) physician office ERMs in order to either prevent a crash or bring the system back up quickly. These include recovery programs and cloud-based storage systems to stop the loss of, or quick restoration of, access to critical information. If, however, ‘‘a perfect storm’’ occurs, and multiple, successive things go wrong, there could be a system shutdown. A smaller hospital may not have an effective crash-recovery system, and may have fewer resources they can dedicate to ensuring their systems aren’t vulnerable to a crash. For example, a larger facility may have two or more points of entry for their internet connection, while a smaller system may have only one, leaving it more vulnerable if that connection goes down. Crashes can and do happen.
Be Adaptable
Health-care providers are very dependent on electronic medical records that contain a patient’s treatment history, including what drugs a patient currently is taking and which ones may cause an adverse reaction. Losing access to that kind of information adds to the complexity of practicing medicine. Without this easy access to crucial information about patients, providers have to find other ways to access the data. This means doing it the ‘‘old-fashioned way.’’ Ensure your health-care providers are practiced in asking patients and their families about their relevant medical histories and recording the information prior to making treatment decisions. Include imperative questions that must be asked of each patient at the beginning of the process.
Systems often include checklists for doctors and nurses and allow access to evidence-based tools that providers can use to make decisions about a patient’s care. Without those lists, they have to rely on their training and experience and think through the treatment process on their own. Before EMRs were in existence, most doctors did this as a matter of course. It was part of their muscle memory. Ensure that your doctors and nurses are adaptable and do not become overly reliant on technology to tell them ‘‘if A, then B.” Retain paper copies of the data, diagrams, and charts on the patient for documentation of the information gathering process when you decide to proceed with treatment.
Determining Liability
Just because the hospital’s system goes down, it does not mean that the provider is held liable for a less than optimal outcome. However, an adverse medical event that occurs during a period when a system is down will be examined under a microscope. Computer systems are facilitators of treatment. However, unlike the holographic physician on Star Trek Voyager, they don’t actually treat the patient. Clinicians are the care providers, so the question always will be whether the professional acted reasonably and in compliance with the standard of care, given the totality of the circumstances. Documenting what treatment was provided is not enough. The provider also needs to document the decision making process when an EMR system has failed. Remember, memories fade.
While crashes are unpredictable, it is important to have a plan in place to minimize disruption and data loss and maintain continuity of care. Training on these procedures should be a part of your compliance plan.
Originally published in Healthcare Michigan, July 2018.
About the Author:
C. Timothy “Tim” Gary practices in Health Care and Government Relations. He serves as The Chief Executive Officer of Crux Strategies, as well as a member of the Firm’s Health Care practice after years of leadership in the practice of health care and regulatory law, as well as private health care and insurance industries. Tim can be reached at 615-780-1105 or TGary@dickinson-wright.com and you can visit his bio here.