Skip to main content

Risk Management Strategies for EHRs: Passwords

Introducing an electronic medical record system into a medical practice enables physicians and their staff to provide more efficient care by making patient information more accessible. It also presents some risks. In this, the first in a series of five articles, CAP's Risk Management & Patient Safety Department identifies critical areas of risk exposure and offers prevention recommendations in each area.

Passwords

On-Demand Webinar: Key Strategies for Ensuring a Profitable Independent Practice
During this one-hour program, practice management expert Debra Phairas discusses how various business models and operational enhancements can increase revenue to help your practice remain successful in today’s competitive marketplace.

Congratulations! You survived your initial EMR/EHR implementation and everything went as scheduled. Staff and physicians are doing well.

Two weeks into the process, you notice that a couple of your physicians are off, yet they are ordering medications for patients. What do you do?

Staff members should not have access to a physician's level of security because that would allow them to add or alter information as if they were the physician. Staff members should have their own individual passwords and level of security clearance based on their job function. Again, avoid sharing passwords as a means to make the entry of information easier.

Have your office manager or physician-in-charge determine the different levels of access/securing for office personnel. When an employee leaves the practice, delete his or her password immediately.

Below are some suggested levels of EHR access by job description:  

  • Front Office Staff - Demographic input and update, and view only medical records.
  • Front Office or Back Office Staff - Telephone message taking specific to your office policies.
  • Back Office and Clinical Staff - Clinical data updates including chief complaint, vital signs, injections, and assisting minor procedures, as delegated.
  • Medical Records Staff - Scanning and indexing of all pertinent paper reports, diagnostic reports, and outside office correspondence.
  • Physicians or Other Licensed Providers - Patient encounters, ordering medications, tests, procedures, and referrals. 

 

Authored by
Joseph Wager and Allan Ridings
Senior Risk Management & Patient Safety Specialists

 

If you have questions about this article, please contact us. This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.