One the most challenging areas facing healthcare organizations today is the decision to adopt an electronic health records system. This decision involves significant financial resources and time commitment in transferring data, becoming familiar with the system and other issues.
An essential element in reviewing vendor proposals and determining how to implement an EMR system is an analysis of how well the system protects health records and the sensitive personal information in those records against unauthorized use and disclosures, including theft. In this age of global exchange of information, unauthorized disclosure extends beyond inadvertent access to information all the way to intentional access by well-organized criminal enterprises.
Failure to conduct risk assessments and to ensure that your EMR system is protected from intentional or inadvertent disclosure can be an area of potential civil and criminal liability for covered entities and business associates, regardless of the size of the enterprise.
Moreover, if your organization wishes to qualify for federal stimulus money under the Medicare or Medicaid EMR programs, it is essential that you comply with the meaningful use requirements discussed in more detail below. This article is intended to offer a few broad suggestions that may prove helpful in conducting a risk assessment that will help avoid potential liability and assist in qualifying for government stimulus assistance in purchasing an EMR system.