If you read the post Documentation of medication administration in medical records, I am sure you did not miss reading about how clinicians and nurses use the “Five Rights of Medication Administration” to ensure proper patient care.
If you work in an EMR environment, then the following infographic, entitled “The Five Rights of Data Administration,” created by Symantec to help Health IT staff and users like you, Health Information Management(HIM) / Medical Records (MR) practitioners answer important questions about the use, access, and availability of critical patient data. This infographic outlines specific best practices to ensure that patient information is kept secure regardless of where it is. The infograhic also helps you and Health IT staff in organizations like the hospital you work in better understand the administration of patient data
I believe HIM/MR practitioners working in an EMR setting need to adopt similar but modified best practices for ensuring proper security and privacy for patient data based on the specific best practices outlined in this infograhic.
Note: Click on the infograhic above to view a larger image in a new tab of your current window.
From this infograhic, you need to cultivate the following specific best practices with coordination, guidance and help from IT staff of your hospital.
- Right Time – data in EMRs should be available to authorised personnel in your department whenever they need it and must be backed up and secure
- Right Route – users like clinicians who need access to EMR data regardless of where they and the device they’re using, must have ready access to updated data your are responsible for at your end
- Right Person – ensure only the right people have access to certain information though access verification in your department
- Right Data – prevent unauthorised tempering or accidental corruption of data with only users entitled or authorised to have access to data in your department and minimising or banning Bring Your Own Device (BYOD) mobile devices
- Right Use – ensure only the “minimum necessary” information is provided to external sources who request data that can be extracted from your end of the EMR system, thus assuring confidentiality
Just like medication administration is taken very seriously with the utmost accuracy and attention to detail as they can mean the difference between life and death, the proper administration of patient data should also be taken very seriously as it too can prevent misdiagnoses or mistreatment without accuracy and attention to detail.
Reflecting on what I wrote for this post, I think similar best practices also applies (perhaps to a lesser IT enabled extent) to HIM/MR practitioners who practice in a paper-based medical records environment, as this group also work with standalone PCs and in most instances, their standalone PCs are connected to the Internet.
Staff in this environment also carry with them BYOD mobile devices, thus patient data residing in those standalone PCs are vulnerable. Also, images of medical records could be transmitted out of the HIM/MR office with the click of a high megapixel camera found on most smartphones, thus both data on standalone PCs and using a BYOD can be used with criminal intent.