You might want to rethink those paper records.
The behavioral EHR is not just the future, but where things are today. Perhaps more than any other medical profession, those of us in the mental health field have been reluctant to step fully into the Digital Age. Even though most of us have a smart phone, laptop or desktop – maybe even a tablet, we pride ourselves on keeping our clients’ notes, perhaps even the bulk of our clients’ records, in hand-written format. At the very most, we might use software like Word or QuickBooks. “It’s safer,” we explain. “Keeping records in the Cloud is impersonal and exposes the data to hackers and who-only-knows-what-else.”
The Behavioral EHR
One colleague explained it to me this way, “When I write a note on the web, it’s ‘out there’ somewhere that I don’t understand. When I write a paper note, it’s ‘in here’” – and she clutched a piece of paper to her heart. I got that 100%. I do feel that as a profession we tend to have more personal, protective feelings toward our clients than any other medical profession. We generally see our clients regularly and they often share very personal details of their lives with us. That’s very different from those in other medical professions who might see a patient two or three times a year and focus primarily on physical symptoms.
However, our patients may not share our mindset. I was quite surprised recently when a neighbor mentioned that she’s so used to her doctors using electronic records that if she went to a mental health professional that did not, she would see them as a bit antiquated and wonder if their treatment methods were up to date. Even if we hold our hand-written notes and record keeping as sacred, the clients we serve may not.
Setting personal preference aside, there are some additional factors to consider:
If you maintain your own client records, you’re 100% responsible for meeting all HIPAA requirements. On the other hand, if you’re using a HIPAA-compliant EHR (Electronic Health Record), that company is responsible for most of the security compliance issues, i.e., they do it for you. Those are issues you no longer need to worry about.
Making backups of paper records can be a pain, whether you’re using paper backups or digital. Paper backups are costly in terms of both time and supplies. Also, with paper backups, you’ve effectively doubled your storage needs. Storage issues are less of a problem with digital backups (CDs, thumb drives, portable hard drives, etc.), but digital media degrade after a few years, which means you’ll need to redo your backups from time to time. In contrast, a good EHR company routinely backs up their data. Again, this is another issue that is pretty much taken care of for you.
Over the years, the amount of paper generated by a typical therapist’s office can become daunting. Retrieval of older information can be an issue if you have to sort through boxes of old files to find what you need. Furthermore, Hurricane Katrina taught us that disasters like floods, tornados, fires, etc., can wipe out an entire set of paper records in just a few minutes.
None of these issues exist on the web. With most web-based EHRs, you can typically retrieve even the oldest records with just a few clicks. Servers are routinely replaced and/or maintained as needed. Additionally, most companies keep several backups in more than one geographical location to mitigate against any type of local disaster.
Surprisingly, data stored on the web with a reputable, HIPAA-compliant company is actually safer than what you can provide yourself. We tend to worry about data on the web being hacked. While it’s true that nothing can ever be 100% safe, whether it’s in your office OR on the web, around 75% of healthcare data breaches are from theft or loss of either paper records or laptops. In other words, 75% of the problem has nothing to do with the web. As you can see from the table below, only 2% of reported breaches are from hackers or other types of IT incidents:
The majority of breaches are caused by normal, non-web types of things: people stealing or misplacing client files or data, people disposing of records improperly, people missending emails or regular mail, people leaving records in public view and failing to secure them properly.
In contrast, reputable EHR companies typically house their data with commercial grade hosting companies. Such server data centers normally have military grade perimeter control. Physical access is strictly controlled by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Furthermore, backup servers are offered at redundant co-location facilities that are geographically dispersed to help ensure that even if a catastrophic event happened in one part of the country, you would have a backup available in another part of the country. It’s pretty unlikely that any of us in private practice would be able to match this level of security for the computers we maintain in our homes or offices.
So how should you maintain your client records? That’s up to you. However, keep these things in mind:
- Data stored on the web with a reputable, HIPAA-compliant company is actually safer than what you can provide yourself.
- When you maintain your own records, you’re responsible for all aspects of HIPAA-compliance. When you’re with a HIPAA-compliant company, they do most of the security part for you.
- Over the years, the amount of paper generated by a typical therapist’s office can become daunting. This issue doesn’t exist when you’re storing records on the web.
- Public opinion may actually be turning so that our clients are beginning to expect us to use digital notes and records instead of paper. The older view of a psychotherapist doing everything by hand may soon be viewed as antiquated.
For the reasons above, more and more therapists are turning to web-based EHRs not JUST to simplify their bookkeeping, billing and note-taking, but because it’s safer, more convenient, and saves them time. If you’re not familiar with the world of EHRs, you might want to check them out. Most offer free trials and/or free demos and will be happy to answer questions about their product.
For more information on safety and EHRs, go to: “Are Web EHRs Safe?”
Author: Susan C. Litton, Ph.D. is the creator and driving force behind PSYBooks, a practice management system/telemental health platform for mental health professionals.
Dr. Litton is a weird mix: passionate about both clinical work and technology, holding degrees in both fields. As a practicing psychologist in Decatur, GA, when the first practice management systems came out many years ago, she just HAD to have one. Over the years, she tried several, liked certain things about each but disliked other things.
Fascinated by the possibilities, she eventually decided to build one herself, with the goals of making it so user-friendly it would practically teach itself, and so feature-rich, it would have everything a mental health clinician might need. PSYBooks launched on July 7, 2014, as a full-fledged EHR and is continually adding new features to also become a complete set of tools for those providing telemental health services.