Session 4 – Data security IN THE EMR: Entering patient data as a Physician ELECTRONIC MEDICAL RECORD SYSTEMS.

Session 4 – Data securityIN THE EMR: Entering patient data as a Physician

ELECTRONIC MEDICAL RECORD SYSTEMS

Session 4So far, we’ve defined EMR, seen how EMR records differ from paper records, explored what happens to data that has been entered into an EMR, and looked at access and roles related to EMRs.

In this session, we’ll look at other ways security is maintained for data contained in the EMR.

Then you’ll practice entering patient data in the role of a physician.

How is data protected in an EMR?In addition to limiting access to data in an EMR through passwords and access control, security professionals also maintain security by:

• Limiting access to the system by outside sources – for example, not allowing users to add unauthorized applications to their laptops

• Encrypting data so that a user has to have special “keys” to actually view data

• Keeping the main computers, or servers, in locked rooms

How would you handle the following situations?

A. Tell her to drop by any time. You’ll connect the drive yourself.

B. Tell her you can only mail records, and she’ll just have to wait.

C. Tell her you’ll ask technical support to do it for her.

D. Tell her that you cannot put outside devices on your system, but that you can provide the records on a flash drive that the practice provides.

Retrieved from http://www.healthit.gov/sites/default/files/cybersecure/cybersecure.html

A patient wants to collect her medical records. She asks if she can bring a flash drive to the office and put the records on it.

How would you respond?

The most secure way to transfer records is electronically, but using her flash drive might allow a virus to get into the system.

To ensure that no computer viruses get into the system, it’s best to use a flash drive that the practice provides.

The best answer is D.

How would you handle this situation?

A. Tell him “sure,” since the laptop is covered under the insurance policy.

B. Tell him you’ll think about it and let him know after lunch.

C. Tell him that unless his computer is encrypted, he can’t take it out of the facility. He should work with technical support to get the computer encrypted.

D. Tell him it’s okay, but that he is responsible if anything happens to the laptop.

Retrieved from http://www.healthit.gov/sites/default/files/cybersecure/cybersecure.html

You supervise an employee who wants to take his laptop home to catch up on billing work. He says it really helped when he did that last time.

Encrypting data is an excellent way to make sure that even if an unauthorized person gains access to a computer, they still can’t “see” the data.

Any computers used outside a secure facility should be encrypted.

The best answer is C.

Now let’s enter patient data in Open-EMR as a Physician.

Go to the open-EMR website.

Click on this link:

http://demo.open-emr.org:2100/openemr/interface/login/login_frame.php?site=default

(If you’re looking at slides, right-click on the link and choose “open hyperlink,” or else copy the link.)

Log in

Enter this information

Username: physicianPassword: physican

NOTE: Usually, an assistant or nurse would enter the vitals, but this will enable you to input information the physician would enter and to see all the areas that he/she can view.

Here’s the data to enter about the patient:

Norman Normal

Caucasian male

Birthdate: December 10, 1971

Height: 5 feet 10 inches

Weight: 180 pounds

Address: 7982 Bayard Street

Sacramento, CA 95660

Home phone: 916-555-8584

Marital status: Married

Wife’s name: Normal Normal (emergency contact)

Occupation: Computer Consultant

Employer: CompuConsult, Inc.

200 South Broad Street

Sacramento, CA 95661

First, we enter patient data to set up a record.

Remember how to create a new patient?

Does your screen look like this? If so, then scroll down to Create New Patient and click to save your entry.

This screen should appear.At Appointments, click Add.

This dialog box appears. Check the information, and then click Save.

Next, create a visit for Mr. Normal.Click Create Visit at the left to view this screen.

What happens next?Next you have to create an Encounter.

Go to the top of the screen and click the pull down box that says “Encounter History.Select New Encounter.

Now you’ve opened up the patient encounter so that you can take vitals and record SOAP notes.

•What are SOAP notes?

That’s right.

SOAP notes stand for

Subjective

Objective

Assessment

Plan

When writing your notes, you can modify the screen to provide more room for the visit information.

Click Visit Forms to display the SOAP section.

Click SOAP, and your screen should look like this.

Vitals: Temperature 98.4,

pulse 72, respirations, 18, blood pressure 146/78, and 0s saturation 96% on room air.

SOAP NOTES

Subjective:

He’s here for a checkup.

Objective:

Past medical Hx

He has a history of a torn meniscus (ICD9 CM code 8361 or 583.289A) as teenager

Record Norman’s vitals and then write SOAP notes.

Meds

Takes 83 mg of aspirin per day

Family Hx

Father (Frank) – Alive with history of type 2 diabetes onset at age 46 is insulin dependent.

Mother (Althea) – Alive with history of hypertension with onset at age 54 yrs.

Siblings –

Richard – Age 28 yrs. With no medical issues

Anne – age 35 yrs. With early sings of type 2 diabetes and on treatment with Glucophage.

SOAP notes continued

Social Hx

Drinks socially, two glasses of wine per week. Does not smoke, engages in exercise at gym three days per week.

Assessment

Health normal male with history of asthma and arthroscopy and family history of hypertension and diabetes. Allergic to Penicillin.

And now for the plan.

SOAP notes continued

Plan

1. Order screening laboratory panel.

2. 2. Order blood alcohol and drug screen.

3. Order fasting blood sugar and HGA1C

4. Put reminders for annual fasting blood sugar; HGA1C, blood pressure monitoring and pulmonary function studies.

5. Document allergy to Penicillin.

6. Schedule follow-up visit to review findings in two weeks.

SOAP notes continued

Does your screen look like this? If so, scroll to the bottom of the screen and click Save Form.

After you save the Notes, you can collapse that section. Then your screen looks like this.

1. Add information or change it and see what happens.

2. Order a test.

3. Check out what else you can see.

Notice that as Physician, you can input information that you couldn’t view when you signed in as receptionist.

Check out what else you can do as physician.

When you’re finished, remember to log out of the Open-EMR system.

That completes this lesson.