What do electronic medical records require from the health care personnel?

Infection Control in Healthcare Personnel: Infrastructure and Routine Practices for Occupational Infection Prevention and Control Services (2019)

Recommendations

For healthcare organization leaders and administrators

Recommendation

Establish systems to maintain confidential work-related healthcare personnel health records, preferably in electronic systems, that:

Recommendation

limit access only to authorized personnel,

Recommendation

enable rapid access by authorized clinical providers,

Recommendation

facilitate aggregation and de-identification of information,

Recommendation

allow tracking and assessments of trends in infectious risks, screening tests, exposures, and infections, and

Recommendation

enable confidential reporting to internal departments and individuals or external groups.

Recommendation

Consider enabling electronic system features that:

Recommendation

notify occupational health services when occupational infection prevention and control services are due, and

Recommendation

communicate work restrictions with other healthcare organization data systems (e.g., human resources information systems).

For occupational health services leaders and staff

Recommendation

Participate in the development of policies and plans that facilitate confidential, efficient exchange of healthcare personnel health information.

Recommendation

Maintain healthcare personnel records and databases that include medical evaluations, infectious disease screening, evidence of immunity and immunizations, exposure and illness management, and work restrictions.

Recommendation

Maintain confidentiality, use appropriate authorizations, and provide only necessary information when sharing healthcare personnel records.

Recommendation

Facilitate healthcare personnel data aggregation for reporting performance measures and supporting occupational health services quality improvement activities.

Recommendation

Make copies of individual records promptly available to healthcare personnel upon their request, preferably within 15 days.

Background

• EHR = Electronic Health Record
• HCP = Healthcare Personnel
• HIPAA = Health Insurance Portability and Accountability Act
• IPC = Infection Prevention and Control
• NHSN = National Healthcare Safety Network
• OHS = Occupational Health Services
• OSHA = Occupational Safety and Health Administration

OHS collects, maintains, reports, and ensures confidentiality of HCP health information in order to provide efficient occupational IPC services. OHS maintains HCP information related to preplacement, periodic, and episodic medical evaluations as provided by OHS or other consulted external medical providers, such as:

• job-related, infectious diseases screening,
• evidence of immunity to vaccine-preventable diseases,
• offered and administered immunizations [1],
• exposure and illness management services, and
• counseling services.

Information systems designed to record and rapidly retrieve confidential HCP data, such as evidence of immunity, can enable efficient responses to infectious exposures and outbreaks. The systems can also highlight trends in infectious disease risk, exposures, and illnesses among HCP.

Electronic health records and electronic information systems

Electronic health record (EHR) and other electronic health information systems can provide options that might enhance HCP records management. EHRs can automatically generate alerts, such as those about the need for postexposure follow-up, immunizations, or other services. They can also facilitate access to HCP-related information entered by other departments, such as information on work restrictions entered by the human resources department, to allow communication and shared decision-making about HCP.

The use of EHRs can expedite mandated reporting of immunization data and trend analyses of vaccination coverage [2], as well as facilitate other risk assessment and reduction activities and quality improvement efforts. EHR use can improve documentation of vaccine contraindications and reduce medical discrepancies (e.g., HCP receiving an immunization despite reporting an immunization contraindication) to ensure HCP safety.

Selected HCP record documentation and retention requirements

OSHA requirements related to occupational exposures and acquired infections include establishing and retaining employee medical records, maintaining confidentiality, and providing records to employees when requested [3-6]. OSHA requires employers to record certain work-related injuries and illnesses on the OSHA 301 “Injury and Illness Report” form, maintain the OSHA 300 “Log of Work-Related Injury and Illnesses,” and annually complete the OSHA 300A “Summary of Work-Related Injury and Illnesses [7].” In addition, the OSHA Respiratory Protection standard requires documentation of medical clearance and other services related to respirator use. Other federal, state, and local documentation requirements for occupational IPC services may exist.

Reporting HCP information

OHS may need to report aggregated (and de-identified) health information to various sources, and to do so electronically. Sources might include internal departments or individuals, such as IPC services and senior management, or external sources, such as NHSN [8].

Confidentiality and security of HCP health information

Safeguarding the confidentiality of HCP health information ensures compliance with requirements [9] and can build HCP confidence in OHS. Defining who may access confidential HCP health records can facilitate protection of HCP information and enforcement of record access restrictions. Keeping HCP records and information in the same system as patient care information can risk unauthorized staff access to private information. Some HCO separate patient and HCP records by using separate paper files or electronic systems. State and local requirements for the separation of patient and HCP records may exist.

The 1996 HIPAA Privacy Rule [10] provides federal protections for individually identifiable health information held by covered entities and their business associates, and grants patients several rights with respect to that information. Requesting or providing HCP medical information or records may require HIPAA-compliant consent, depending on the purpose and recipient of the information.

What is required for EMR?

What are the 5 components of the electronic medical record?

What are the most important components of an EHR?

What are the most important functionalities of the EHR that need to be implemented at the practice?