There are basically 2 types of signatures you will need to capture for audits, users on your EHR-S (clinicians, doctors, supervisors, etc.) and clients / legal guardians.
USER signatures -
There are several ways to capture the clinician's signature:
- physically sign it...
Then what? Well, you need to get it into the client's record, so you will need to scan it in and attach the scanned document to the chart/electronic record...............this is probably not the way you want to go for user signatures. See below under Client signature options, for more details on this approach.
- sign each time on an e-signature pad
Regulations produced by Secretary of State say that electronically signed contracts are legally binding. We already sign at the market and at the door for packages with electronic pads, therefore, I believe this is going to be acceptable in our industry as well. A bit tedious and unnecessary though, to expect clinicians to do this on every form and every update they do. This next method is a better way to capture electronic signatures from clinicians and other EHR-S users.
- rely on the security access features of your system/network to assure the person typing is the person signing. (possibly adding a digital representation of the signature to the screen/record by entering in an additional password)
This is likely your best approach for user signatures. If you have established HIPAA compliant, adequate security policies and solutions with your EHR-S, then the clinician's log in and password can stand for their signature. As Gary Renslo presented at 2007 CIMH, you should assure that the e-signature is:
- Unique to the individual
- Under the signer’s sole control
- Capable of being verified (signature valid for a legitimate, active user
- and that the system can detect if data has been changed after signature was applied, or prevents changes after signing: e.g. Timestamp data and signatures separately, e.g. use hash totals (a “message digest”) and audit logs
Keep in mind that an electronic representation of the clinician's signature is a "nice to have", it doesn't really need to be added to the screen or e-document to assure signing, technically. We are not yet sure what method the state and county auditors will prefer. See below.
Now, for client signatures ....... there are two basic approaches, physically sign the paper / scan/ attach or use e-signature pads. There are other more sophisticated methods, such as fingerprint scans, but I will focus on the ones most likely to be adopted here. Your decision here should be based on cost and workflow.
CLIENT signatures -
Here are a couple of basic ways to capture the client's signature:
- physically sign it...
Then what? Well, you need to get it into the client's record, so you will need to scan it in, this should create a read-only image of the document with the signature on it.
Now you need it in the client's chart, and not just in the chart/electronic record, but in a place where you can find it later. This requires the EHR-S to have an appropriate filing system that accepts 3rd party files, like .gif or .jpg, into the client's record.
But... does the system know that the signature was obtained? How will you prepare for an audit if you don't know this? One simple method to address this is:
- create a check box on an EHR-S screen to indicate the document was signed/scanned/attached; you may also want to indicate along with the check box, the date the document was signed, that way when you run the compliance report you will also know when it was signed;
- and require the person scanning in the document to check the box and indicate the date signed;
- now you can create a report to tell you which documents have been signed and scanned.
Set all this up with your vendor and staff prior to Go-Live.
You should also think about your community based staff. They will need to either have a portable printer with their laptop, or carry forms around with them for signatures. I think the e-pads below are a better way to go.
For scanning, you can assign one centralized person per site to do all the scanning, attaching to the chart, and checking the box for compliance tracking. Consider the current file clerk who won't have any files to file!
Don't forget, you also need a policy on shredding; once scanned the original may need to be shredded so that the scanned image becomes your legal document! See below.
- sign each document on a signature pad
This requires that you purchase the signature pads for all clinical staff, or set-up a central client kiosk where they can be logged in and sign.
The e-signature pads run about $100 each. For examples, see this site: http://www.topazsystems.com/products/lcdindex.htm.
Be sure to ask your EHR-S vendor if the system recognizes that the signature was obtained? Ask them if the pads have been "integrated" into the product so that the product tracks when each document has been signed. If not, see check box method above.
What else do you need to do once you have the signature captured?
Don't forget to assure you are maintaining only one legal record. If you have scanned in the signature on the document, you must determine which one is the legal record. You really need to have an internal policy, process, and training to assure you know which one is the legal record and which one is the 'copy'. Thinking ahead to an EHR environment (which the audit bodies need to catch up to), I recommend you shred the original hardcopy document, establishing the electronic one as the legal record (once you are sure the electronic image is acceptable for audits). If your auditors have not established a policy to accept e-signatures, then you may need to retain the paper version. In this case I would still scan it in etc., but establish the signed e-document as the 'copy' for now. Then once you can use the e-document for audits, shred all the hardcopies and change your internal policy to reflect the e-document as the legal document and any paper version as a 'copy', which should not be maintained. You should probably assign a staff member to be your Legal EHR Coordinator, much like your HIPAA Coordinator role. Your Coordinator can assure you have policies in place, training, and resolve issues. AHIMA.org is a great resource.
You must also assure your EHR-S is tracking that the signature was captured (see above).
So, don't forget these steps, depending on your approach:
- Establish internal written policies for legal electronic records and signature documents, in support of your audit compliance needs; train your staff on the policies;
- Assign a staff member to be your Legal EHR Coordinator;
- If you must continue to use paper documents to capture signatures, then, scan in the signed document and attach it to the client's electronic record;
- If you are using e-signature pads, provide each clinician with a pad to capture the signatures needed;
- Assure the EHR-S is tracking that the signature was obtained; e.g. use a check box on an EHR-S screen or integrate the e-pad with your EHR-S;
- Shred the 'copy' or mark the e-document with "COPY" if you continue to retain paper signatures (depends on your internal policy).
AUDIT of Signatures:
Now, how do we assure audit compliance?
Medi-Cal auditors may still be requiring handwritten signatures on printed copies of electronic records, but the Governor’s Executive Order S-12-06 asks for 100% electronic health data exchange in 10 years.
We know that California DMH's Gary Renslo presented at CIMH in 2007 that a regulation has been drafted to support these strategies above for e-signatures. This state e-signature regulation was drafted some time ago and is being batted around by the attorneys at hand.
Most recently, local LACDMH's Marvin Southard stated, "DMH will accept electronically signed documents as evidence of services provided", in a letter to contract providers. No details were given on what an acceptable e-signature is, so further debates may occur.
Some agencies and auditors are performing electronic audits today, it seems to differ auditor by auditor.
Clear as mud, I know.
I recommend each agency move toward a full electronic record, including e-signatures and maintain a back-up plan for audits until we receive written policies for compliance. That may mean retaining original paper signatures for the time being. If you implement a policy on this, you can quickly move to eliminate the paper when appropriate. For example, collect the signature on paper, scan it in and attach it. Archive the original signed paper. Create a policy that the scanned image is your legal record and the paper is an archived original. Provide the scanned version for an audit and if it is not acceptable, pull out the hardcopy original. Once we have written policies for e-signature, then shred the hardcopies and modify your policy to assure all originals are shredded after scanning.
But in the end, you need to make the right decision for your organization!
ACHSA continues to pursue this at the County and State levels for closure.
by Keely McGeehan, Sahara Management Solutions, Inc.
No comments:
Post a Comment