Good Advice: Three Things Practices Should Do After Buying An EMR

Posted on April 29, 2011 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Here’s a handy little blog item from health IT consulting firm Entegration.  While many bloggers focus on big-picture issues, firm president Art Gross has offered three easy-to-understand, concrete suggestions on how medical practices should protect themselves when they’re first rolling out their EMR.

Gross suggests they consider the following steps:

*  HIPAA security:  Gross recommends hiring HIPAA security services to help train employees and implement protocols which will make sure protected patient information isn’t compromised.

* Off-site data backup:  Few medical practices do more than back up their existing files to tape, but as he notes, data gets corrupted, backups are sometimes overwritten by mistake and disasters (fire, floods and more) can destroy on-site archives.

* Disaster recovery:   To be prepared for all contingencies, practices must have more than one copy of current data available, methods for accessing that data and detailed procedures in place for accessing the duplicate data.

Sure, companies with big IT staffs would do these things as a matter of course, but many small physician practices don’t even have a single full-time IT employee, relying instead on consultants to do basic maintenance.  That drive-by consultant is unlikely to be evaluating the practice’s overall readiness to keep an EMR up and running securely.

Reminding doctors that they must be careful custodians of their new digital data is a good idea.  Let’s hope more consultants )and vendors) dealing with small practices are preaching this gospel.