This week on the front page of the Market Place Section of the Wall Street Journal, there was an article titled “Worries Emerge Over Outsourcing of Electronic Medical Records” (By Amol Sharma in New Delhi and Ben Worthen in San Francisco, November 2, 2010). The authors of the article discuss that companies based out of India have less success winning E.H.R. contracts for Hospitals due primary to concerns of patient privacy of Health Records outside the United States. Patient privacy is a major concern within the Healthcare community. There are a few companies based in the United States that will provide a basic E.H.R. system for free if the physicians agree to advertising within the E.H.R. System.
With the risks of Medical Malpractice in the United States, a practice should first check with an attorney that specializing in Healthcare law prior to adopting a system with adverting and/or a company that ‘mines the data’ for selling to another company. Does the company use data ‘crawlers’ to identify treatment patterns and then send a targeted message to impact the way a physician treats a patient? If so, does this advertising increase the utilization of services/products paid by the government? Recommend a Healthcare attorney provide an initial review of all aspects of the ‘free’ system as well as a yearly audit. The reason for the yearly audit is that the patient privacy and healthcare laws change routinely.
Would a Malpractice attorney be able to pay a ‘free EMR’ company for a list of physicians that treat outside of certain standards? If the ‘free EMR’ company does not do this directly, there might be independent companies claiming to be advertisers whom are really companies that obtain this information from a ‘free EMR’ company via advertisers then sell this to Malpractice Attorneys.
Some points to consider when to optimize the protection of the patient data in an EMR system include:
- Security of the system is critical, some software EMR systems are secure but the system is maintained on a ‘weak security’ network in a physician office. If using a client-server system, insure the network is consistently being maintained by qualified personnel.
- Does the EMR Company maintain written protocols and procedures on how they maintain their data?
- Ask the EMR Company where they maintain their data (e.g. is the primary or backup data maintained in the United States?)
- Does the company have an Error and Emissions (E&O) Policy?
- Is the data of the practice only seen by authorized users of the practice as well as authorized users of the E.M.R. company?
- Does the company allow for selling of data or advertising in their system?