On the Road to the EHR, Keep Sight of the Legal Health Record

Nov. 1, 2006

As a young man, I was on an aircraft carrier that tested the first “do everything” fighter aircraft, the F111. For the Navy, it was to be a carrier-launched fighter to protect the fleet; for the Air Force, a long-range tactical aircraft. Although beautiful and fast, the F111 was too long and too heavy for our ship and, fully loaded, couldn’t fly far enough for nuclear and tactical support. Pleasing neither audience and fulfilling neither vision, the program and its technology were scrapped.

Carlton M. Cottrell is senior director of marketing at ChartOne Inc., Burlington, Mass. Contact him at [email protected].

As a young man, I was on an aircraft carrier that tested the first “do everything” fighter aircraft, the F111. For the Navy, it was to be a carrier-launched fighter to protect the fleet; for the Air Force, a long-range tactical aircraft. Although beautiful and fast, the F111 was too long and too heavy for our ship and, fully loaded, couldn’t fly far enough for nuclear and tactical support. Pleasing neither audience and fulfilling neither vision, the program and its technology were scrapped.

I fear we are replicating this scenario in our approach to hospital electronic health records (EHRs) by trying to create a single record that meets the needs of both treatment and payment/operations. Systems that provide wonderful point-of-care information are terrible at providing information to substantiate payment or defend treatment. Conversely, systems that provide legal health records, with their encounter-centric view and document basis, are less useful in guiding the real-time activities of patient care.

Inside the health information management (HIM) department, the concept of a legal health record is well understood. Outside, this isn’t always the case, which can present serious risks for a hospital as it drives toward its ultimate goal of an EHR.

The Legal Health Record
What constitutes a legal health record varies from facility to facility and depends on federal and state regulations and the legal entities that govern how a facility does business. The facility determines its definition, in consultation with legal counsel, but it is always a subset of the facility’s complete information on a particular patient’s treatment. In addition, the legal record must meet the standards for content, availability, integrity and authentication described by HIPAA, CMS, JCAHO and other standard-setting bodies.

The legal health record has three primary roles, according to the American Health Information Management Association:

  • Support the decisions made in a patient’s care;
  • Support the revenue sought from third-party payers;
  • Document the services provided as legal testimony regarding a patient’s illness or injury, response to treatment and caregiver decisions.

Thus, the legal health record must be producible, meaning that a facility must be able to quickly and easily access this subset and reproduce it for these purposes on request.

The legal health record is patient-centered, with an encounter as its organizing principle. This encounter has a precise beginning and end, and physicians must authenticate the information describing the patient’s clinical experience. Again, the legal health record is a subset of the information generated in the course of care, as specified by the facility’s designated record set. It does not contain, for example, responses to clinical prompts issued in entering an order. The HIM director oversees its creation and maintenance, with IT involved in managing its technical infrastructure.

The legal health record has a very clear and important purpose: to help the hospital get paid, justify its performance and improve its performance. The overwhelming majority of legal record access is on behalf of the hospital, not the patient.

By contrast, the EHR’s primary purpose is to support caregivers in their quest to convert the sick into the healthy by providing clinical decision support at the point of care. For the EHR, the focus is on the here and now and the immediate future, not the past. Open-ended and amendable, the EHR is, in many ways, a living, breathing repository of all data, not a defined, “discoverable” subset. For example, it may include preliminary test results, treatment guidelines, quality assurance information and information that has not been authenticated or designated as “complete.”

The EHR exists on behalf of both the hospital and the patient, which causes it to take shape in a very different way. Because information retrieval for clinical decision-making needs to be quick, the database underlying the EHR is kept relatively shallow. Organized by the information needs of a department or role, the EHR is designed to be viewed, not necessarily produced. The CIO oversees the creation and maintenance of the EHR.

Risky Business
When traveling toward the EHR, facilities are advised not to lose sight of their payment and operational needs in the quest for the improved patient care that EHRs afford. The legal health record, too, should eventually take electronic form, for all the benefits that paper reduction provides: simultaneous record access by multiple users, faster access and delivery, automated tracking, enhanced security and a smoother revenue cycle.

The important message here is that implementing an EHR will not necessarily give a facility a legal EHR as well. If it tries to produce a legal EHR using technology that has not been designed to fulfill this very specific purpose, it may open itself up to considerable risk.

First, there is the risk of releasing too much information, information that has not been properly authenticated, or information that has been altered or improperly modified, rending the facility unnecessarily vulnerable during litigation. Imagine, for example, sharing in court that a physician was alerted to a particular patient issue, the physician’s response time (or lack of response), the type of response, and all the myriad details that the EHR tracks, rather than just what the court needs to know.

Second is the risk of releasing not enough information or of slowing the response to information requests to a crawl while the complete historical record for a treatment episode—including nonclinical information—is tracked down, authenticated as accurate and complete, and purged of nondisclosable information, and any other HIM functions are completed. The facility risks revenue cycle impact, noncompliance fines and bad press.

Separate, but Equally Important
When evaluating EHR options, facilities will arrive at the best decision when they keep clinical and operational functions in mind and ask the right questions of technology vendors. Separate lists of assessment criteria should be prepared and separate evaluations conducted. Ultimately, the point-of-care EHR and the legal EHR may function best if they are kept separate, but that doesn’t mean they can’t work in tandem and feed each other in ways that increase the efficiency of both.

Creating a separate legal EHR for every patient has wider implications as an important step toward the national goal of a secure electronic network of health information. Because the legal EHR is designed for external access, technologically speaking, it lends itself perfectly to becoming one of the fundamental building blocks of the industry’s vision of greater information sharing and interconnectivity.

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...