Florida Anesthesia Computer and Engineering Team
©
University of Florida, 1996
Professionals using electronic medical records will have some understanding of the legal implications and requirements on these systems. To utilize computerized medical records, the Joint Committee on Accreditation of Healthcare Organizations (JCAHO) requires:
o Security and confidentiality of data (JCAHO Section: I.M.2.1)
o Timely
retrievability (I.M.2.2)
o Safeguards against information loss (I.M.2.3)
o Patient
rights to confidentiality and privacy (I.M.1.8)
o Requirement for
identification and authentication (I.M.7.9 and I.M.7.9.1)
o Security
requirements (I.M.7.9.2)
Confidentiality requirements include:
* Access must be restricted to those with a "need to know."
* Strict
enforcement of "password policies" must be pursued, as noted in the
section on electronic signatures.
* Anti virus software must be employed
to assure the fail-safe condition of all computer systems connected to the
records management/CPR system.
* Confidentiality agreements must be
required of all employees, outside vendors and other non-professional staff who
may have access to part or all of the information stored by the system.
* The
system must provide audit trails of all access and alterations of patient
records.
* Data encryption may be needed to provide protection from
undesired "tapping."
Beyond these requirements, you would like for your electronic system to be admissible as evidence:
Trustworthiness is an issue in the use of CPRs. Courts have recognized that computerized records are not inherently untrustworthy and will be admissible if several criteria are established. In this area lies the requirements which are also addressed in the section dealing with electronic signatures. First, the records must be produced in a regular recording of regular business activity. This means that the records must be kept pursuant to a routine procedure designed to assure accuracy. Further, they must not be based on "uninformed opinions" or accumulations of hearsay. The motive for creation of the records must tend to insure accuracy. To the health care provider's benefit, the rules mandate that the opponent of the record must overcome presumption of reliability. In doing this, the opponent must show the existence of sources of error in the system such as:
o Errors in the data or reports
o Use of computer programs which permit
alteration of data
o Printouts which are not an accurate "duplicate"
of original data
o "Sloppy" policies and procedures for record security
The rules of evidence also prescribe rules for supporting the admissibility of evidence. A party may not simply state that a piece of evidence is what they proclaim it to be and demand the court accept it as such. The foundation for the evidence must be laid to provide support for the evidence which will be proffered for admission by the court. The court is to admit the evidence upon a showing of reliability, accuracy and trustworthiness of the record. In doing this, foundation witnesses must testify to numerous aspects of the collection, retention and disposition of patient records. These include the reliability of the data processing equipment used, the data entered in the regular course of business, whether data is entered in a timely fashion by persons with knowledge, whether measures are taken to assure the accuracy of data entered, the method of data storage with assurances to prevent loss, the reliability of computer programs and measures taken to verify accuracy and how printouts are prepared and handled. Finally, it must be stressed that admissibility of record does not guarantee that jury will find record to be credible. The jury will decide the weight evidence is to be given.
| Contents | Prev. Page | Next Page |