Risk Management Checklists: Technology in Healthcare

MLMIC publishes Risk Management Checklists to assist insured physicians and facilities with policies and protocols in critical areas, including technology. These checklists focus on specific risk management issues – electronic health record (EHR) copy/paste, computers in exam rooms, patient portals, protected health information, health IT and online reviews – that policyholders are likely to encounter in the healthcare setting.

We encourage you to review these risk management checklists on technology in healthcare on a regular basis to promote patient safety and reduce potential liability exposure:

Reducing the Risk of the “Copy and Paste” Function in EHRs

The “copy and paste” function of EHRs allows users to easily duplicate information such as text, images and other data within or between documents. While this function offers convenience and efficiency to healthcare providers, it also poses unique liability risks when the information copied and pasted is either inaccurate or outdated. Further, redundancy within the new entry may cause difficulty in identifying current information and may create overly lengthy progress notes.

View or download the checklist here: Reducing the Risk of the “Copy and Paste” Function in EHRs.

Use of Computers in Examination Rooms

The presence of laptops/tablets in examination rooms has become commonplace as more providers implement electronic health records. This method of documentation may place a barrier between the provider and the patient. Providers may miss non-verbal cues, and patients may perceive an electronic device as a hindrance to communication. In several recent medical malpractice cases, plaintiffs testified that the provider spent too much time entering information into the computer and not enough time listening. Utilizing effective communication skills to engage the patient while using a computer will enhance the integration of this technology into healthcare and improve the patient experience.

View or download the checklist here: Use of Computers in Examination Rooms.

Proper Use of Patient Portals

Patient portals are an effective tool to actively engage patients in their care to improve health outcomes. However, healthcare professionals must be aware of the potential risks presented by this technology. Some of these risks include:

  • reliance on the patient portal as a sole method of patient communication;
  • patient transmission of urgent/emergent messages via the portal;
  • the posting of critical diagnostic results prior to provider discussions with patients; and
  • possible security breaches resulting in HIPAA violations.

Implementing appropriate policies and procedures in the use of portals will enhance patient communication and mitigate liability risks for the practice.

View or download the checklist here: Proper Use of Patient Portals.

Security of Patient Information and Health Information Technology

With virtually all medical offices and healthcare facilities connected to the internet and using computer systems for the practice of medicine, maintaining the security of computers and other electronic devices, as well as the privacy of patients’ protected health information (PHI), has become critical.

View or download the checklist here: Security of Patient Information and Health Information Technology.

Managing Negative Online Reviews

Healthcare providers recognize that along with their practice websites, public websites (such as Yelp, Healthgrades and Rate MDs) and social media sites (like Facebook and Twitter) can be used as marketing tools to inform the public of their services. The online community, however, is then afforded an opportunity to respond, rate and, at times, complain about those services. These statements and reviews are readily accessible to anyone with an internet-ready device to open and read.

While there is a basic instinct to immediately respond to negative online reviews, healthcare providers must remember that privacy rules make a complete response via social media inappropriate, and responding directly to an online post puts the healthcare provider at risk of disclosing (PHI) protected health information. Your response may not contain any identifying statements, but the mere recognition of a patient-provider relationship is a potential HIPAA violation.

View or download the checklist here: Managing Negative Online Reviews.

MLMIC’s Risk Management Consultants are available to assist insured physicians and facilities in their ongoing efforts to identify and address areas of concern related to technology. For guidance regarding a specific situation, please contact MLMIC’s Risk Management Department at (800) 275-6564.

In addition, policyholders can stay up to date on the latest risk management guidance and alerts by monitoring the MLMIC Insider, The Scope: Medical Edition, Healthcare Weekly and other MLMIC communications.