Directory Calendar Washington University in St. Louis Washington University School of Medicine in St. Louis
Skip navigation links
ABOUT US
FPP SERVICES
PATIENT SERVICES
FPP POLICIES
QUICK LINKS
CONTACT US
HOME
   
HOME > FPP POLICIES > EMR-Authenticity of Authorship

 EMR - Authenticity of Authorship

 

Printable Version of Policy

 Approved:  October 13, 2009

  

 

Authorship:  Authenticity of Authorship in the Electronic Medical Record (EMR)

 

PURPOSE:  The purpose of this policy is to define authorship and establish parameters to assure the highest level of authorship consistency when creating electronic notes, note sections, and/or entering discrete data with that of the EMR audit trail.  Providers and/or provider support staff documenting in the EMR must avoid indiscriminately creating notes and/or entering discrete data under any other author other than themselves.

 

POLICY: 

1.   Authorship is the origination of recorded information. This is an action attributed to a specific individual or entity, acting at a particular time. 1  

2.   All users of the electronic health record should comply with the Washington University HIPAA Privacy Policy #17:  Security Measures Required to Comply with Privacy Policies.  Specifically, in compliance with section 5.  Washington University Workforce Accountability2:

  • Each member of the WU Workforce should access only those electronic systems or other electronic PHI repositories that they are authorized to access.
  • Each person is responsible for keeping his or her password secure.
  • Passwords should NOT be shared with anyone else.
  • Users should NOT log onto any system or PHI repository for someone else.
  • Passwords should NOT be posted where they can be easily viewed.
  • DSO’s should require password changes regularly and consistently until single sign on capability is in place.
  • Users SHOULD use passwords that are difficult to guess.
  • Each person should take reasonable steps to keep PHI secure from unauthorized individuals. For example:

       - Workstations should not be left unattended and/or unprotected in public areas.

       - Users should log out of any system or workstation when they have finished using it.

  • Each person should report all security breaches or violations through one of the following channels (in order of preference):

      - Individual’s supervisor

      - Supervisor’s supervisor

      - Privacy Liaison of the Business Unit

      - Privacy Office

      - Compliance Hotline (anonymous)  

  1. Education and workflows related to creating electronic notes, note sections, and/or entering discrete data should encourage users to sign after each session and/or entry of data is completed.

 

REFERENCES:

  1. AHIMA e-HIM Work Group on Maintaining the Legal EHR. “Update: Maintaining a Legally Sound Health Record—Paper and Electronic.” Journal of AHIMA 76, no. 10 (2005): 64A–L.
  2. Washington University HIPAA Privacy Policy #17:  Security Measures Required to Comply with Privacy Policies

 

 

 
     
    Washington University Physicians