HIPAA and editing appointments

cfapress wrote on Monday, March 31, 2008:

This is for the Doctors and Practice Managers out there,

Currently, as of March 2008, OpenEMR permits authorized users to edit past appointments. This means that a user can change something that has happened in the past. Certainly there are benefits to allow this. And maybe it’s a functionality that should stay in place. But it seems there may be some HIPAA violation when a person edits a past appointment.

Can anyone weigh in with their opinion on this?

I’m thinking that if a past event is being changed that a warning will pop-up before the user can save the changes.

Jason

andres_paglayan wrote on Monday, March 31, 2008:

my approach to this is not deleting anything, anywhere.
all gets "versioned" or "voided" depending the nature of the data.
e.g.
all tables holding data get added one or two fields,
voided_by, and voided_at,

If the record has those values, it wont be retrieved
unless specifically asked to do so (like an audit)

It’s a little cumbersome to implement application wide
but a big feature to have, as it also gets rid of
“I didn’t do it” or worst “the computer did it”

drbowen wrote on Monday, March 31, 2008:

This has been discussed a lot in the past.  This is not as much a HIPPA problem as it is a legal one.  Going back to edit old notes is not good form and can cause severe legal problems.

HIPPA requires that one can go back and amend a note at the request of the patient or designated health care agent.  The best way to handle this is a revision history similar to the way CVS or subversion works. HIPPA also requires a log that specifies the reason why the edit is being made.  Currently OpenEMR has a log but it is at best barely sufficient.  It does not have the capacity to audit and record the reason the change was made. In my opinion only the database administrator, the practice manager, or the owner of the business should have the authority to make these edits.

There should be an initial "free" period to allow the original creation of the note.  During this time the practitioner is expected to make a lot of changes.  I repeatedly save my work so that I am less likely to lose my work if something happens such as:  I get distracted, the power fails suddenly, etc.  Reasonable time periods could range from a few hours up to a day or two.  This time limit could be set as a variable by the practice database administrator.

The "authorization" button is an already existing mechanism to control this. In my practice "edits" are freely available until the practitioner decides the note is finished at which time the note / file is closed and placed in a non-editable state by clicking "authorize".

Subsequent edits should then be logged with the reason for the edit recorded in the log along with the requestor of the edit and the username of the person making the edit.  An md5 sum of the note could be recorded with the edits to help ensure authenticity of the edits.

This works pretty well except that "any" authorized user can accidentally click off and authorize a note that is not really finished.  This causes the note to drop off the list only to be found months later when you have no idea what you did during the encounter.

I think the “authorization” function should only be authorizable by the practitioner who created the note.  At least for the encounter notes (office visits). This would prevent these accidental authorizations.  This is usually caused by clicking just a little bit too low on the name.  Or accidentally clicking on some one else’s note.

I also think having to click off and authorize every single bit of minutia is a big waste of the practitioners time.

Sincerely,

Samuel T. Bowen, MD

drbowen wrote on Monday, March 31, 2008:

I think the term "amended" is a possibly better than "voided".

There is still the issue that a patient may insist on an "update" that the practitioner does not agree with.  There may need to be two versions.  Under HIPPA the patient gets the last word.

Unfortunately in real life things are not that simple.  We have had patients come in with valid medical problems, get treated and then later have “Buyer’s remorse” and want the diagnosis stricken from the record.  Very typically these are sexually transmitted.  Currently, under HIPPA, this an accepted practice. 

We have also had patients come to the front desk with neck and back pain from a motor vehicle accident.  Our policy is cash up front for this type of injury since it may take months or even years to reimbursed by the appropriate auto insurance.  Then the patient wants the record amended to state "there was no accident."

Legally, "voided", has a connotation that means the "the old copy has no value and needs to be stricken completely off the record."  But clearly in my two scenarios the practitioner will want to keep the first version and there will need to be 2 versions.  Only a court of law will be able to determine which "has greater veracity."  If the system "voids the first version" the practitioner will be left in the position of not being able to support what he/she believes to be true.

Sincerely,

Samuel T. Bowen, MD

light_coder wrote on Tuesday, April 01, 2008:

How is this done? I was not aware of an authorization button. This is a great feature and I was looking for something like that. Can you please explain how to do this?

Thanks in advance.

Jude.