Review: AHIMA Posts Excellent Article on Appropriate Use of Copy and Paste Functionality in EHRs: HIPAA & HITECH Act Blog by Jonathan P. Tomes

JonTomesYou may wonder what copying and pasting has to do with HIPAA. Actually, the copy and paste functionality is an issue that certainly does have the potential for major HIPAA implications. The American Health Information Management Association (“AHIMA”) has posted an excellent position statement on the proper use of the “copy and paste” functionality in electronic health record (“EHR”) systems. The article notes that the use of this function can result in redundant, erroneous, and/or incomprehensible health record documentation. These errors can result in inaccurate documentation that can result in poor patient outcomes, the legal integrity of the health record, and even the potential for fraud and abuse.

The article identifies the following risks associated with copy/paste functions:

  • Inaccurate or outdated information.
  • Redundant information, making it difficult to identify the current information.
  • Inability to identify the author.
  • Inability to identify when the documentation was first created.
  • Propagation of false information.
  • Internally inconsistent or unnecessarily lengthy progress notes.

These issues are HIPAA issues under the HIPAA statute’s requirement to protect the integrity and confidentiality of health information and the Security and Privacy Rule’s standards protecting data integrity. These requirements include the Information System Activity Review (audit) and Integrity Standard of the Security Rule and the Privacy Rule’s standard providing patients the right to request correction/amendment of inaccurate or incomplete information, among other integrity provisions.

The perhaps most helpful part of the article suggests that providers should do the following:

  • Develop policies addressing the use of the copy/paste procedure to assure compliance with governmental, regulatory, and industry standards.
  • Address the use of such features as copy/paste in their information government processes.
  • Provide comprehensive training on the proper use of copy/paste to all EHR system users.
  • Monitor compliance and enforce the above policies and procedures and institute corrective action as necessary.

Do you need to update your risk analysis, review your policies and procedures, and provide extra training on this issue or otherwise? Do want to get your organization HIPAA compliant in one fell swoop? Call our marketing director, Patrick R. Head II, toll-free at 855-341-8783 or email him at patrick@veteranspress.com. While you are talking with Patrick, ask him about our upcoming two-day Hands-on HIPAA Workshop aboard the Queen Mary anchored in Long Beach, California, October 16-17, 2014.

seo by: k.c. seo