Information systems can transform healthcare. Better quality healthcare can be achieved by using safety-focused electronic health information, sharing of patient data between providers, and analyzing aggregate data from thousands of patients. A recent trend in this regard includes combining DNA biorepositories with Electronic Medical Record (EMR) systems to enhance clinical care and research (Klitzman, Appelbaum, & Chung, 2013).
When patients have blood drawn, especially for DNA sequencing, the sample may be preserved for future research. The ethical assumptions are first, that the patient would not object to having the blood used for research and second, that the sample is not identified with the patient. The amount of genomic data in research banks, or biorepositories, has grown substantially in the past five years; yet there are inconsistent practices regarding storage, identification of samples, and informed consent from patients. There may be great benefit for research conducted on these samples, but the patients must be made aware that their blood may be used for research.
Much can also be gained by using electronic networks, such as the eMERGE Network, which collects genetic materials from patients to develop large-scale, genetic research studies (Masys, 2014). Genomic data can be used for disease identification and to develop individualized treatment plans by combining the traditional information in the patient’s medical record with the patient’s genetic and genomic information and comparing treatments for patients having similar medical issues. Although such merging of information appears to be beneficial, the associated ethical, privacy, and safety concerns need to be addressed.
This column will discuss the emergence of the EMR, security of genomic data and electronic medical records, rights and responsibilities, and the benefits of EMRs and genomic data base. Understanding safe and ethical use of genomic data and EMRs is relevant to nurses who need both to know and understand the risks and benefits for their own safety, and to teach patients and families about their rights and the risks and benefits of participating in genomic studies, as well as the risks and benefits of having their medical records on line. It is important that nurses become aware of the policies, infrastructure, legal ramifications, and day-to-day issues surrounding the collection and use of genomic data and electronic medical records.
Emergence of the EMR
Electronic Medical Records (EMRs) are health records kept in a provider’s clinic, a pharmacy and/or a hospital. Their development has been a focus in the United States (US) for over a decade. In 2004, then President George W. Bush made enhancing the development of electronic medical records a priority of his administration. During his presidency, the Office of the National Coordinator for Health Information Technology for Economic and Clinical Health (HITECH) was established. In addition, several laws focusing on electronic medical records were passed, including the HITECH Act and the American Recovery and Reinvestment Act (AARA) in 2009. A budget of 17.2 billion dollars was designated for EMR use and the Health Information Exchange (HIE) development. This funding helped to initiate efforts to encourage and coordinate public healthcare through health information technology (HIT).
Security of the records is one of five essential elements discussed by Wainer, Campos, Salina, and Sigulem (2008); the other four elements include confidentiality, control, integrity, and legal value. Additionally, electronic records need to be up to date and useable. Even though all of these critical elements seem logical, they are not easy to accomplish. The security of EMRs requires extensive funding, high level technological security, and constant re-assessment. Although electronic records today are more secure than in past years, additional work is needed to make records even more secure (Nelson, Joos, & Wolf, 2014).
A Multidisciplinary Conceptual Framework for Using and Evaluating Information Systems (Siarkowski Amer, 2014) illustrates complex issues, all of which are factors in the safe and ethical use of electronic medical records (See Figure). EMR use, one of the four critical elements in this Framework, refers to the potential benefits of EMRs, such as improving coordination of care and the future link with genomic data. The second critical element, safer care, refers to the utilitarian ethical framework of ‘the most benefit for the most people,’ so that in-spite-of possible security breaches, which are rare, the benefits of using EMRs outweighs their harm. The third critical element is security. Security needs to be the highest priority with EMRs; otherwise the use and benefits of EMRs will not reach their full potential. Finally, the knowledge and education element is critical for nurses. It is essential that nurses understand the risks and benefits of EMRs.
Security of Genomic Data and Electronic Medical Records
The ethical framework of utilitarianism, which encourages the most good for the most people, is useful in supporting sharing because the benefits of having easily accessible EMRs can save lives (Thede, 2008). For example electronic communication between providers and pharmacies for the purpose of medication reconciliation can prevent severe drug interactions or unintentional overdosing; these actions outweigh the risks of possible security breaches.
The security of current electronic health records is variable. Some hospital-based systems have elaborate anti-hacking programs; yet other systems have minimal storage and security measures. Because no system is completely secure, specific policies need to be in place to maintain the highest possible level of security and confidentiality.
The following are examples of policy elements that I encourage hospitals to use for the purpose of enhancing security:
- All sensitive data, such as HIV or psychiatric records, maintained on Electronic Medical Records and/or hardcopy must be secured in strict accordance with hospital policy.
- Patient records may be accessed by authorized persons only. Audit trails of record access need to be maintained and regularly checked; penalties for access misuse need to be clearly delineated and enforced. Authorized persons may include medical staff and clinical contract personnel, for example registered nurses, registered dietitians, and therapists, as well as medical records and administrative management personnel. These persons will access only clinical information pertinent to patients for whom they are providing care or treatment.
- Two separate, but complete copies of the patient EMR must be maintained and protected from data loss, including fire and water damage. To achieve these two separate but complete copies, the EMR needs to be maintained in geographically separated, mirrored servers. Backing up of electronic records must be done daily; and when applicable, hard copies of forms and documentation that are considered part of the patient’s medical record must be maintained.
- Inactive patient records in paper format or electronic format need to be stored as required by state regulation.
Rights and Responsibilities
Patients should have the right to decide which healthcare providers have the right to view their records. In healthcare today, there is an assumption that all providers, including nurses, physicians, dietitians, and others can access and use the record as long as the provider is caring for the patient. One needs to remember that patients do have rights regarding who has access to their information, as provided by the Health Insurance Portability and Accountability Act (HIPPA), and described by the U.S. Department of Health and Human Services.
Ethical concerns surrounding EMR usage emerge from risks associated with breaches of confidentiality. Beyond inappropriate provider access as discussed above, there is the potential for data access by rogue sources. In Chicago, a 2013 theft of hospital computers with patient data brought on a public panic upon realizing that up to four million patients with data in their Advocate System may have had their data compromised (Frost & Wernau, 2013). Although the computers had security codes that made it very difficult to access health record data, this type of case is an example of the risks of having information stored electronically. In the future, EMRs will need to be stored in a cloud-based system with very tight security and no access from computer hard drives or thumb drives. Presently, the storage of data remains variable with each provider using their own system. Ideally, the future will hold more uniform data storage, access and security regulations. Unfortunately, the current concerns with technology security have limited the universal use of EMRs. Hence a key question remains: does the risk outweigh the benefit?
Benefits of Electronic Medical Records and Genomic Data Bases
The use of genomic data and EMRs, along with larger aggregate health information data bases, ‘big data,’ and technologies, are transforming patient care. More extensive use of EMRs can avert needless deaths from preventable medical errors which can be traced back to poor records regarding patient prescription and over-the-counter medications. Other errors that occur with miscommunication between hospital personnel can be decreased with more active use of EMR’s. Although EMRs have the potential to improve communication, they do require extensive orientation and instructional support (Baille, Chadwick, Mann, & Brooke-Read, 2013).
Genomic information paired with patient health information from their EMR has strong patient care and research potential. Both patients themselves and our greater society can benefit from research in this area. Unfortunately, there remains the potential for many security and privacy breaches. Nurses need to be aware of the issues associated with genomic information sharing and EMRs. In addition to awareness, nurses should be actively involved in shaping policy and legislation relating to the security and proper archiving of patient data. Nurses also need to serve on ethics boards and research committees at their institutions so that nursing has a voice in promoting safe care related to genomics and EMRs.
Kim Amer, PhD, RN
Health Information Technology (2013). Understanding special emergency use of IT. www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/index.html