Health care CIOs are working to balance privacy and security of electronic health record systems with physician access to the records, the Wall Street Journal's "CIO Journal" reports.
One Health System's Experience
Glenn Mamary, CIO of Hunterdon Healthcare System in New Jersey, has developed a series of governance policies for using EHRs, including password protection.
He said that physicians can access EHRs for all patients on their floor, even for patients not currently under their care. However, physicians are not permitted to open the files of patients who are not on their floor.
A full-time privacy officer at Hunterdon conducts audits of EHRs to assess who has viewed them. If physicians are found to have looked at EHRs for patients not under their care without a sufficient reason, they can face disciplinary actions such as training courses or suspension.
However, in the case of an emergency, physicians at Hunterdon are able to gain immediate access to patients' EHRs, including those stored at another hospital. According to Mamary, physicians who "break the glass" by accessing such records immediately trigger a review of their actions.
Testing the System
Before implementing an EHR system, Mamary prepares physicians through extensive testing, he said.
Mamary said that he conducts the testing process with the most difficult users, such as "doctors who are not in favor of the system." He noted that the tests highlight potential user errors and system access problems (Schectman, "CIO Journal," Wall Street Journal, 8/15).