Electronic Health Records Management (EHRM) refers to the creation of electronic health records for legal or business purposes (Carter, 2008).EHR deals with electronic forms of patient records, that includes all clinical data related to each and every patient, and is maintained over time (Carter, 2008). EHR is used to enable access to information via automation, thus streamlining workflow in health care centres. Over time, EHRs have been an important component in cementing physician-client relationships. This has been mostly due to reduction of incidences of medical errors, improvement in clarity and accuracy of records, reduction in treatment delays, and improvement in accessibility of the health records by authorized personnel (Carter, 2008).
For EHRM to be efficient, proper decision-making is necessary in all stages of the electronic record’s cycle. For data quality to be maintained in EHR, it is imperative that a clear set of policies and procedures is established. This paper will present a formal policy and procedure to govern data quality in the EHRs.
The Data Quality Management Model (DQMM) is a model that was fashioned to operate as a tool to manage data quality (Carter, 2008). It has four main components, which are: application, collection, warehousing, and analysis (Carter, 2008). These four components are used to ensure data quality in the various aspects of data quality. This paper will focus on coming up with a policy and procedure of ensuring data quality in the area of protecting access to patient information. Coming up with the policy and procedure will help preserve and manage data and information, whilst ensuring data validity and integrity (Carter, 2008).
Policy statement
Individuals must have the responsibility of maintaining security and confidentiality of patient information.
All staff members must use the organization’s secure electronic portal to send all patient health information.
Purpose
This is so as to protect all the patients’ privacy and confidentiality. All authorized individuals must be given guidelines regarding how they can uphold the integrity of health information and also ensuring privacy of all patient records. Secure management of EHR also has a great impact on healthcare professionals’ legal responsibilities, patient rights, and patient care (Carter, 2008). Physicians need to have access to relevant patient records so as to determine the best way to handle their patients. Should these doctors be unable to access these medical records, there may be delays in making clinical decisions, which would result in adverse impacts on patient care. Protection methods must therefore consider easy and timely access to the relevant clinical records by the authorized personnel.
Definitions
Authorized personnel: Staffs who have the permission to access, send, or receive patient records within a healthcare organization.
Patient: anyone who has visited the healthcare facility with the aim of having their medical problems looked into.
Patient health information: all health records on diagnosis, blood tests, x-rays, and medication of patients.
Patient privacy: patients’ right to decide when, how, and the extent to which their personal health information is shared out.
Secure electronic portal: an electronic system that is kept secure by the use of user IDs and passwords to grant access (Carter, 2008).
Procedure
Persons must have authorization for sending and receiving patient health information via the organization’s secure electronic portal at all times. Any clinical staff member who has any reason to make use of the secure portal for the communication of patient information must produce an authorization form from the relevant department head. A user ID and password should also be presented to personnel only, and these should be changed weekly to guarantee utmost security of the portal (Carter, 2008). Access to the secure portal should also be accessible only from the organization’s secure network.
Any clinical member who makes a request to have remote access to the secure portal will be given a secure token to gain access (Carter, 2008). However, this access will have to be renewed every time they get reappointed. Moreover, personnel must complete a training program online relating to the required application of the internet and the utilization of the electronic secure portal immediately they are approved. Different levels of security shall also be set to ensure that the personnel only has access to the information they have authorization to access.
Conclusion
The organization will supervise all emails sent over the unsecured electronic portal. If any staff member is caught sending any patient health information over the unsecured portals, they will be disciplined according to the established federal rules since they have violated the policy (Carter, 2008). To ensure quicker implementation of the policy and procedure, proper documentation should be done, and communication to the relevant parties done in good time. This eliminates the chance of the staffs saying that they had no idea of the policy and procedure.
Carter, J. H. (2008). Electronic health records: a guide for clinicians and administrators.
Sydney: ACP Press.