One of my favorite sayings is “Work smarter not harder.” In that light, why not have your EHR software work for you? Here are some features that the Certification Commission for Health Information Technology (CCHIT) recommends your EHR have to help your protect your patient data.
Your EHR should allow you to set permissions for individuals or for groups of individuals. This will allow you to make sure staff only have access to the information they need to complete their job requirements. For example, administrative staff most often only need access to basic information such as patient name, address, date of birth, and other demographics.
Your chosen EHR should track most all activities within your EHR. These documented activities should include events such as staff members logging on or off of the system, opening, modifying, creating, or deleting a record, scheduling a patient, signing a chart, performing a query within the system, or printing personal health information. The information captured should include who, what, where, and when. No one should be able to delete audit trails.
Your EHR should require a password to access the system. It’s recommended that your EHR automatically logs staff out of the system after a set period of time of inactivity. To get back into the system, a password should be required. Lastly, your EHR should lock user accounts after so many wrong password guesses.
Your EHR should encrypt patient data to protect it in case of theft or interception.
Your EHR should allow you to store, display, and print patient consent forms.
While this is far from meeting all HIPAA requirement for patient security and privacy, if your EHR software has these features then there are five less things you need to worry about. So sit back, relax, and watch your EHR work for you.