Affiliation:
1. Center for Healthcare Quality & Safety, McWilliams School of Biomedical Informatics University of Texas Health Science Center at Houston Houston Texas USA
2. Informatics‐Review LLC Lake Oswego Oregon USA
3. Department of Biomedical Informatics Vanderbilt University Medical Center Nashville Tennessee USA
Abstract
AbstractFollowing the American Recovery and Reinvestment Act in 2009, use of electronic health records (EHRs) has become ubiquitous. Accordingly, one should expect most medical professional liability cases to involve review of patient records produced from EHRs. When questions arise regarding who was involved in care of a patient, what they knew and when, or the meaning, completeness, integrity, validity, timeliness, confidentiality, accuracy, or legitimacy of data, or ways that the EHR's user interface or automated clinical decision support tools may have contributed to the alleged events, one often turns to the EHR and its audit log. This manuscript discusses lines of defense incorporated into the design, development, implementation, and use of EHRs to ensure their integrity and the types of EHR transaction logs (e.g., audit log) that exist. Using these logs can help one answer questions that often arise in medical malpractice cases. Finally, there are “best practices” surrounding EHR audit logs that health care organizations should implement. When used appropriately, EHRs and their audit logs provide another source of information to help hospital risk managers, legal counsel, and EHR expert witnesses to investigate adverse incidents and, if needed, prosecute or defend clinicians and/or health care organizations involved in the patient's care.
Reference43 articles.
1. Health IT.gov.Certification Standards and Regulations. Accessed 7.18.2022.https://www.healthit.gov/topic/certification‐ehrs/certification‐standards‐and‐regulations
2. Department of Health and Human Services Administrative Data Standards and Related Requirements. CFR § 164.312.b Audit Controls. Accessed 6.16.2022.https://www.ecfr.gov/current/title‐45/subtitle‐A/subchapter‐C/part‐164/subpart‐C/section‐164.312
3. ASTM E2147‐18 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems. Accessed 6.15.2022.https://www.astm.org/e2147‐18.html
4. Code of Federal Regulations 45 CFR § 164.310 Physical safeguards. Accessed 4.4.2023.https://www.ecfr.gov/current/title‐45/subtitle‐A/subchapter‐C/part‐164