[MCOH-EH] Employee Health electronic record keeping

[Dr Joe Fanucchi]

On 8/11/2015 1:02 PM, Cindy Hansen wrote:
>
> We are beginning our build for a Employee Health software that will 
> basically enable us to go paperless.  Do those who currently have 
> electronic Employee Health / Occ/Med files have any protocols or 
> guidance to share regarding transition from paper to electronic and 
> then what about the BBF files that are required to be kept for 
> 30years. If it is all electronic and you decide to upgrade or change 
> systems what then?
>
> Cindy Hansen, RN, MSN, CCM, CSIWCP
>
> Employee Health Manager
>
------------------------------------------------------------------------
Cindy,

I'm certain that any vendor of electronic medical recordkeeping systems 
will be happy to advise and assist you in the transition from paper to 
electronic records. We have software customers, for example, who have 
made a 100% switch and no longer store any paper records: although paper 
documentation is still relatively common, all "hard copy" records are 
scanned and stored in each Employee's electronic record for future 
retrieval and viewing when necessary.

As for keeping records for 30 years, it's anybody's guess what data 
management systems and storage media will be available in the year 2045. 
Back in 1980, customers would ask whether my software would be capable 
of storing records for the duration of employment plus 10 or 20 or 30 
years for an employee who was hired at age 18 and ended up working for 
40 years for the same hospital. At that time MediTrax, like every other 
employee health database solution, was DOS-based -- and we were using 
5-1/4" floppy diskettes for most storage. I would hold up one of those 
"floppies" and admit I didn't know how we'd be storing records 70 years 
in the future -- but it certainly wouldn't still be on floppy diskettes.

As you know, hospitals change administrations (and recordkeeping 
systems) all the time, and more than a few electronic databases have 
become obsolete or unsupported or unable to maintain HIPAA-compliant 
confidentiality in the past 35 years. My advice would be:

 1. The primary goal is to ensure you're using a data system which
    maintains the /_absolute_/ /_confidentiality_/ of employee medical
    information. That means more than simply establishing a policy that
    unauthorized access will be punished by discipline or termination:
    we frequently discover hospitals which store confidential employee
    medical information in enterprise-wide databases designed for
    storing patient information or personnel/payroll data. The rationale
    for storing such data in a system which is accessible by coworkers
    is usually that "hospital administration says it's a business
    necessity." But HIPAA says you must /_prevent_/ (not simply
    /_prohibit_/ /_or_/ /_punish_/) data access by individuals who have
    not been given permission by the employee whose information it is.

 2. The second goal is to ensure you're entering and saving your data in
    a /_consistent_, _accurate_, _efficient_ _(easy_ _to_ _use)_, _and_
    _extractable_ _(portable)_/ format, so that all data are entered in
    a reliably consistent manner and saved in a format which enables
    data tables to be exported to (for example) spreadsheets or text
    files for conversion into whatever recordkeeping system is in use
    many decades in the future.

If you're interested in reading more about the subject, you might 
consider obtaining a copy of Dr Roderick Neame's excellent 2012 book 
*_Health Informatics_*.

Regards,

Joe Fanucchi
-- 
*Joe Fanucchi MD FACOEM*
President and Medical Director
MediTrax / OHS, Inc. <http://www.meditrax.com/>
/MediTrax software: Everything you need, at a fraction of the cost!/
o:925-820-7758
c:925-368-3367
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mylist.net/archives/mcoh-eh/attachments/20150811/56e03378/attachment.html>