The increase of Electronic Health Records (EHR) has resulted in an increasing number of patients who bring their medical records to their doctors using computer media like a USB drive. What is the best way to handle patient USB drives?
The proliferation of Electronic Health Records, patient health portals and the general increase in digital medical information has resulted in an increasing number of patients who bring their medical records to their providers of care, using some form of computer media like a USB drive.
Hospitals are experiencing this in their emergency departments, and medical practices are experiencing this with both new and established patients.
However, simply accepting the data creates risks for any health care entity and certainly for HIPAA covered entities. Two of these risks are:
• If the data is not accurate you may not want to integrate it into your EHR or paper record.
• If the computer media has a virus or malware on it then you risk your computer network by introducing the infected media.
Q&A With David Ginsberg
Q: A patient brought in a CD with their medical records on it. We have printed those out and filed them in the chart. Is this appropriate?
A: No: Without verifying the source and accuracy of the information you may be adding inaccurate information that has little value in patient care and might not belong in your record. At the very least a provider should consider whether this information is reliable and useful. It should be prominently marked as patient generated if not directly attributable to another health care provider.
Q: A patient arrived in the ED and gave us their records on a USB drive. We uploaded those into the EHR. Is this correct?
A: No: The USB drive may be infected and uploading it put your entire network at risk. Consider using a workstation that is not connected to the network (domain) in any way to verify the USB drive’s integrity and then printing the relevant data.