Wednesday, May 23, 2012

Leveraging email in the clinical workflow

Even though the EHR software has a communications module built-in, we are looking to introduce email in a much bigger way at the facilities, and one of the places we are looking at is nursing. It would be nice if nurses could be included in all the planned email notifications about admissions, transfers, discharges, or quick access to an initial documentation packet from a hospital admission prior to the patient entering the building.

The plan:
Setup a terminal at the nurses' station that would be accessed via group login, and there would be a group Exchange mailbox per station that all nurses would be able to monitor via Outlook open on their shared terminal. Obviously, they would have individual logins to the EHR, but to the machine/network/Exchange, they would all be grouped behind a shared login. I'm still not clear on how nurses would indicate to each other that they've processed an incoming email, or it still needs response etc

The problem:
I'm being told that this setup is a HIPAA violation for 2 reasons.
1) A nurse will typically visit a diagnostics/lab website, and save results down to the terminal's desktop or a network folder. Since there is no way to tell which of the nurses behind that group login subsequently looks at the file containing PHI, that constitutes a violation.  
2) Cannot tell which of the nurses is looking at the mail in the Exchange mailbox which might contain PHI as well.

My response:
Every one of those nurses grouped into a shared login/mailbox already has full access to the same PHI in the EHR itself. The only difference is that in the EHR, I can tell who logs in and out, but the scope of access is identical.

What do you think?


Joseph Frank, CIO
Omni Health Systems of NJ
Avery Eisenreich, CEO

No comments:

Post a Comment