Technology is developing and changing today at a pace that is surely unprecedented in recent history. That constant development and change can be overwhelming, leaving us stressed out, confused, and sometimes wishing we could just bury our heads in the sand and ignore it all. But the reality is that such an approach isn’t feasible, and it sure isn’t feasible for those trying to run a business, or practice medicine.
The impact of developing technology reaches all areas of life, from the way your teen communicates with her friends, to your med-school interns’ educational background, to how you watch television with your spouse at the end of a long day. Technological change is all around us, sweeping us along and insisting that we keep up or be lost in confusion.
This reality has specific implications for doctors and for technology risk management. Like in other areas of your life, there are real pros and cons to the fast pace of technological development. For instance—your teenager’s obsession with text messaging may be a source of frustration; the ability to watch Parks & Rec whenever and wherever you want via the internet is kind of awesome. Likewise the changes in how risk is managed with the advent of new technologies pose both challenges and benefits. On the one hand, there was a time when cyber-crime would have sounded like a geeky reference to RoboCop; today it’s not only a reality, but something so prevalent that insurance against it is becoming an increasing necessity. On the other hand, while a crashed hard drive would have once meant panic and perhaps huge bills associated with data extraction, the archiving options available today mean it can be little more than a minor headache.
Let’s consider some of the technologies that are currently reshaping the landscape of risk management in the medical world.
Electronic Medical Records (EMR) & Electronic Health Records (EHR) – EMRs are essentially digital versions of traditional paper charts. They’re the computerized equivalents of the records that a doctor would once have kept in a paper file. EHRs, on the other hand, are similar but more universal. An EHR is a comprehensive digital file that contains all of a patient’s medical history and records. It can be accessed and edited by authorized personnel from multiple practices, transferred from one practice to another, and centrally locates and unifies a patient’s medical history and records.
As most of our readers likely know, for several years now there have been federal incentives for the implementation of EMR/EHR as a provision of the American Recovery and Reinvesment Act (ARRA), specifically the Health Information Technology for Economic and Critical Health Bill (HITECH). Further, beginning next year penalties will begin to be assessed against those not demonstrating “meaningful use” of EHR technology as spelled out in the HITECH Act.
No doubt this technology, and particularly the government’s requirement of its implementation has its critics. Specifically regarding EHR, many have privacy concerns. Having a unified file of a patient’s medical history certainly makes it easier for doctors to be aware of relevant information, but does it open up the possibility of abuse of such records, corruption, tampering, etc.?
Another concern that many doctors have is that electronic records may open them up to greater liability. For instance, one of the notable features of EMR/EHR is that once something is put down in the record it cannot be undone. You can note that it was a mistake and provide correction, but there will always be a discernible history of what was once put into the record. Additionally, all instances of accessing or modifying a patient’s record are noted and time/date stamped. This means that if a physician waits till the end of the day to fill out a chart completely, or certainly if he goes back and does it significantly later this will be noted, and could work against him/her in court.
While these and other concerns do merit consideration, we should also be aware of the benefits of this shift. While I suspect most in the medical industry are not thrilled to be pushed into such changes by federal legislation, it seems likely that there will be some positive outcomes of the widespread adoption of EMR/EHR technology. The ability to archive, standardize, and share information once it is digitized is a real improvement over having a single, paper copy. Likewise, EHR technology will allow doctors to be aware of patients’ history in a way that will help prevent things like fraudulent acquisition of excessive prescription medication, ineffective treatments, or courses of action that are at odds with other previous or current treatments.
Finally, there is some sense in which the move to EMR at a minimum and EHR in the long term just seems inevitable. Paper and pen is simply not the way vital documents are taken down or kept in any industry these days, and that trend is only going to continue. So yes, there will likely be trade offs and hiccups, but EHR is part of the future of risk management, so familiarizing yourself with it now, and seeking the best methods of implementation and education are in your best interest.
Encrypted Communication – This is another developing technology that really is nothing but an asset for doctors and healthcare professionals. In today’s world it is important that doctors, like the rest of us, have the flexibility to communicate in numerous mediums. Whether with patients or colleagues, things like texting, email, and online chat can be essential communication resources for doctors. On the other hand, they can also be massive liabilities. Patient confidentiality and privacy are very serious matters, and even more so in a digital age where data can be bought, sold, and used to do so much harm.
Companies like Mediprocity have taken note of the need for secure means of communicating in today’s common mediums and developed HIPAA and compliant, secure, privacy ensured, web and mobile based messaging apps. These apps allow for the basics of text messaging, as well as the ability to send attachments and locate colleagues. It’s like a secure texting/chat app with an industry specific social media platform built in.
Likewise, encrypted email is becoming more and more the norm even outside of the medical profession, making it easier to find solutions to keep your ePHI compliant with the law. However, if you haven’t already, this is a good time to assess your practice, and make sure that there is someone who knows what is required for compliance, and is ensuring that your practice stays up to snuff. Whether it’s your IT consultants or an office administrator, someone needs to have your cyber liability covered.
Cyber Liability Insurance – Speaking of covered, the final developing technological change in risk management that we should consider is perhaps the most obvious one: cyber liability insurance. In a world of proliferating laws and technicalities regarding privacy, security of data, breaches, and encryption you can’t really afford to just hope you never have an incident. Yes, as I mentioned above, it is important to have someone in your practice seeing to it that you are complying with federal regulations, and even better if you have a dedicated IT consultancy watching out for you, but it only takes one breach. Just as with medical malpractice, one mistake could cost you a devastating amount financially.
So why would you not insure yourself against such an eventuality? For a minimal amount of money you can secure a maximum amount of security. Cyber liability insurance is very reasonably priced, and provides you with the peace of mind and the protection you need to trust that your reasonable efforts combined with the coverage you have are sufficient to guard you against cyber-liability.
This post was written by Justin Donathan.
Justin at Google+