INSURANCE INSIGHTS Œ Caution patients that the medical practice is not obligated to monitor or police interactive sites—such as chat rooms or bulletin boards—where visitors post personal comments. Œ Document in the EHR any inappropriate online patient communications, and block access to interactive practice sites for patients who repeatedly break the rules. Health IT can be a powerful tool for reducing errors and enhancing productivity— as well as a source of risk for medical practices. The measures outlined here can help ensure that technology serves to strengthen patient safety efforts and regulatory compliance. RESOURCES Federation of State Medical Boards. “Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice,” 2012. Available at www.fsmb.org/Media/Default/PDF/FSMB/ Advocacy/pub-social-media-guidelines.pdf. Middleton, B. et al. “Enhancing Patient Safety and Quality of Care by Improving the Usability of Electronic Health Record Systems: Recommendations from AMIA.” Journal of the American Medical Informatics Association, June 2013, volume 20:1, pages e2–e8. Available at www.ncbi.nlm.nih.gov/pmc/articles/ PMC3715367/. institute an IT access control system that includes user identity confirmation and passwords. High-volume or multi-specialty practices often require a system configured for multiple levels of data access, based on staff members’ job duties and their need to know different types of information. The following additional security measures are recommended for medical practices: Œ Inform employees about data security rules and practices, and obtain their written agreement to abide by access control policies. Œ Code IT files by their area of origin (e.g., clerical, administrative, coding, nursing), and limit access to staff within those departments. Œ Audit user accounts periodically to ensure that only currently authorized individuals are accessing information systems. Œ Restrict patient care data to certain computers, and limit staff access to these stations. Œ Encrypt protected information whenever it is transmitted wirelessly across networks to laptop computers or mobile devices. Œ Disable passwords and other access controls whenever an employee leaves the practice. Clarifying Boundaries Many practices maintain interactive, web-based patient portals and online health and wellness forums to facilitate provider-patient dialogue and enhance rapport and compliance. However, such ease of communication may result in blurring of professional boundaries. The following risk control guidelines can help prevent inappropriate use of electronic communication channels: Œ Discuss online usage rules and confidentiality protections in routine patient privacy statements, emphasizing the need to comply with practice policies regarding social media and other electronic interactions. Œ Limit patient-directed messages to general information, such as educational resources, compliance reminders and wellness tips. Œ Include a formal statement with all postings and messages, emphasizing that online content is not intended to be interpreted as specific medical advice. w ww.theOMA.org Winter 2015 27
OMA Winter 2015 Magazine
To see the actual publication please follow the link above