Auditing Ehr Epic: How Often Do Hospitals Review Records?

how often do hospitals audit ehr epic

Electronic Health Records (EHR) are a digital system for recording patient health information. EHRs are used across a range of healthcare settings, from community hospitals to independent practices and multi-specialty hospital groups. EHRs enable health data exchange across interconnected systems and settings, and there are several EHR software systems available, each with its own features and capabilities. One of the most widely used EHR systems is Epic, which is used in more than 3,600 hospitals in the United States alone. As EHR systems contain sensitive patient information, regular audits are necessary to ensure patient data privacy and security. This article will explore how often hospitals audit EHR Epic and the methods and challenges associated with these audits.

Characteristics Values
Number of hospitals using Epic EHR 3,600+ in the United States alone
Market share 38% of the inpatient EHR market in the US
EHR ranking One of the top 5 EHR providers globally
Most adopted EHR system Yes
Available on Any device with an internet browser installed; native apps for iOS and Android
Modules EpicCare Ambulatory, ASAP, OpTime, Stork, Radiant, Beacon, Willow, MyChart, Healthy Planet
EHR audit logs Contain data on clinician interactions with the system
EHR audit log data Total time spent on using the EHR, keystroke and mouse click events, clickstream data, event-level data, processed aggregate measures

shunhospital

EHR audits catch snooping employees

Electronic Health Records (EHR) have enabled faster access to real-time patient data, but they have also made it easier for hospitals to catch employees inappropriately viewing patients' confidential information. EHR audits have caught several snooping employees, with one incident reported at the California Pacific Medical Center in San Francisco. A pharmacist employee was found to have inappropriately snooped on patients' medical data for an entire year, compromising the PHI of 844 patients. The employee was subsequently terminated.

Another incident at University Hospitals involved an employee reading the confidential medical records of nearly 700 patients. The employee had unrestricted access to the records for three and a half years before being discovered due to a snooping complaint. These incidents highlight the importance of regular EHR audits and user monitoring to prevent unauthorized access to patient information.

HIPAA violations can have serious consequences, and hospitals have a responsibility to protect patient privacy. EHR audits can help identify employees who inappropriately access patient records and ensure that staff only access information necessary for their job duties. Hospitals should also provide clear policies and training to prevent accidental or intentional breaches.

To prevent employee snooping, Suzanne Widup, a senior analyst on the Verizon RISK team, recommends auditing users and data. By knowing who has access to sensitive information and monitoring their activity, hospitals can identify unauthorized access more effectively. Regular audits can also help hospitals identify vulnerabilities and implement necessary safeguards to protect patient data.

Cybersecurity tools can also help detect unusual activity, such as a user accessing records outside their typical working hours. Involving clinical and administrative staff in privacy audits can also help identify unauthorized access, as they can recognize when someone is accessing records without a legitimate purpose. These measures help ensure that patient information remains confidential and secure.

shunhospital

EHR audit logs for user interaction

Electronic Health Records (EHRs) are a digital version of patients' health records, which can be shared across various healthcare settings. EHRs have become increasingly common, with Epic being one of the leading EHR providers and the most widely used EHR system globally.

EHR audit logs are a byproduct of the transition to EHRs and capture detailed, time-sequenced records of user activity. They are user-centric, focusing on clinician interactions with the system and the various dimensions of care delivery. This includes the type of action (e.g., addition, deletion, queries), date and time of the event, user identification, and the specific patient data accessed.

The granularity of EHR audit log data provides valuable insights for health services research and the study of healthcare processes and outcomes. They can be used to observe clinical activities, including care team dynamics and clinical workflows, and facilitate the measurement of clinical work activities and workflows at scale.

However, there are challenges associated with interpreting EHR audit log data. For example, long gaps between timestamps may not clearly indicate whether a user was actively engaged with the system or had turned away. Additionally, audit logs may capture user actions without providing context, which can be obtained through qualitative methods such as interviews.

Hospitals are increasingly conducting regular EHR audits to address security concerns and ensure compliance with patient privacy policies, such as HIPAA in the United States. These audits help identify unauthorized access to patient information and reinforce the importance of adhering to policies that allow access to patient data only when necessary for job duties.

shunhospital

Epic EHR's comprehensive modules

Epic Systems has become a technology leader in the healthcare industry by creating an integrated platform that serves almost all areas of care. They develop "modules" to address the needs of various specialties, all built on the same platform and data structure as their other products. Here is a detailed overview of some of Epic's comprehensive modules:

EpicCare EMR is a core module within the entire Epic system. It is used extensively in primary care and specialty clinics. It enables providers to place orders, send prescriptions, document patient visits, view test results, and communicate with patients.

Epic ASAP ER is designed to manage patient visits to the Emergency Room (ER). This module helps track room or bed status and efficiently communicates this information to staff by displaying it on monitors throughout the ER.

Beacon Oncology is a chemotherapy module. It is designed around treatment plans for patients undergoing cancer treatment, which are typically continuous over a longer period.

Bugsy is the infection control module. It provides tools to monitor patients at risk of infection, identifies those needing isolation, and assists with antimicrobial procedures. Bugsy also helps with reporting infections to regulatory registries and other entities, and it integrates with Beaker, Epic's lab product.

Epic Beaker is a laboratory system for hospital labs. Orders placed in Epic or external systems are transmitted to Beaker for processing. When patients arrive for tests, the results are entered into Beaker and then transmitted back to the ordering doctor.

Epic Radiant is a module for radiology departments, providing documentation, image viewing, and film tracking functionality.

Epic Resolute is a comprehensive billing tool that helps collect and review charges, conduct billing processes, follow up on outstanding accounts, and collect payment for patient care.

Stork is Epic's obstetrics management module, simplifying the management of pregnancy episodes for outpatient facilities and documenting deliveries in the hospital.

Willow is Epic's pharmacy application, helping providers manage medications through a central pharmacy. It offers both inpatient and outpatient versions to facilitate better care within and beyond hospital walls.

Wisdom is Epic's solution for dentists, dental hygienists, and dental assistants. It includes tools for periodontal charting, tooth health charting, scheduling, treatment plans, and risk assessments.

These modules, and others, help healthcare organizations improve operational efficiency, meet compliance requirements, and enhance the quality of patient safety and care.

shunhospital

EHR implementation challenges

EHR implementation presents several challenges, especially in terms of ongoing education and training. Researchers, clinicians, and other healthcare providers may be unfamiliar with the functionality, structure, storage, use, and limitations of EHR data. Training may be difficult to implement due to time constraints and the rapid evolution of EHR systems. This can lead to limited user experience and a lack of confidence in using the system, which may result in issues with the correct collection and interpretation of data.

Another challenge is the design, customization, or configuration of EHR systems, which can potentially cause patient harm. Visual displays may be confusing, cluttered, or inaccurate, hindering clinicians' ability to interpret information effectively. For example, a clinician may accidentally order an incorrect dosage of medication due to a confusing EHR display. Additionally, clinically relevant information may be inaccessible or stored in the wrong location, impacting patient care.

The workflow of EHR systems may also pose challenges. There may be a mismatch between the EHR and the end user's intent, leading to issues with diagnostic tests and other medical procedures. System automation and defaults can also cause unexpected results, such as incorrect dosing start dates.

Furthermore, EHR implementation can be hindered by resource constraints, poor or insufficient training, and technical or educational support for users. This includes addressing poor literacy and skills in technology, which can impact the effective utilization of EHR systems.

Lastly, while EHR systems provide a wealth of data for clinical research, there are challenges related to data quality, including errors, biases, and missing data. These issues can affect the accuracy and representativeness of research outcomes. Strategies to address these limitations and ensure data integrity are crucial for the successful utilization of EHR data in research.

Scott and White: A Nonprofit Hospital?

You may want to see also

shunhospital

EHR audit log data for research

Electronic Health Records (EHRs) are a digital record of a patient's medical history. They are a valuable source of data for research, as they capture granular interactions with the medical record, including timestamps of user activity. This data is known as EHR audit log data.

EHR audit log data offers insights that cannot be gained from claims or clinical data, making it a valuable tool for health services research and the study of healthcare processes and outcomes. This data can be used to develop a time-sequenced workflow of a clinician's EHR-based tasks, such as documentation and ordering medications. It can also be used as a proxy to assess behavioural, cognitive, and clinical correlates associated with a clinician's EHR work, including workload, teamwork, wellness, and errors.

While EHR audit log data presents new opportunities for research, there are also challenges. For example, activities that occur outside of the EHR may be missed, and user privacy must be protected. To address these challenges, it is recommended that audit log data is made transparent and valid, standardized across sites, broader in scope to capture teamwork, sensitive to meaningful variability, and linked to significant patient and clinical outcomes.

Epic is one of the leading EHR providers and is the most widely adopted EHR system globally. It has been used for research in various areas, including clinical research, health services research, population health, and economic analysis. However, there is a lack of literature detailing how Epic and other EHR systems have been used for healthcare research, and there are challenges related to the ongoing provision of education and training for researchers and clinicians.

Frequently asked questions

EHR stands for Electronic Health Records. EHR systems are designed for hospitals and large practices, enabling health data exchange across interconnected systems from varied settings.

Epic is a cloud-based EHR solution, offering the standard range of 'core' EHR features. It is the most adopted EHR system across the globe, with over 3,600 hospitals in the United States utilizing it.

Hospitals conduct EHR audits at varying frequencies, with some performing them regularly and others doing so randomly. EHR audits are mandated under the Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use (MU) regulations to track interactions with Protected Health Information.

Written by
Reviewed by

Explore related products

Share this post
Print
Did this article help you?

Leave a comment