HIMSS News

Secrets of EMR Governance

By R. Dirk Stanley, MD, MPH

HIMSS Clinical Informatics Insights, June 2012

Implementing an Electronic Medical Record (EMR)? Then you’ll want to know something about EMR governance. It’s a subject that’s not well-understood, but in this article I’ll provide some background. EMR Governance is the process by which you standardize your clinical practices and set them up to work electronically. Without predictable clinical practices, you won’t be able to get predictable clinical outcomes, and your EMR implementation will be challenging.

What is governance?
Although the Oxford dictionary defines governance as “the action or manner of governing,” a quick Google search reveals this NIST (National Standards of Standards and Technology) definition:

“…the controls and processes that make sure policies are enforced.”

So why should clinical professionals worry about policies? After all, aren’t they documents that administrators are paid to worry about?

What is a policy?
The reason clinical professionals should care about policies is because they are the central nervous system that quietly controls your organization.

Policies are essentially your organization’s standards. They reflect your values and describe, in writing, what you’ve decided to do. If your standard is to give all patients a gluten-free, diabetic cupcake on admission, then your organization could decide to write that standard down on a piece of paper :

All patients will get a gluten-free, diabetic cupcake on admission.”

Of course, you may decide to pursue more meaningful standards, but for now we’ll use this simple policy as a teaching example.

What is a procedure?
If a policy describes what you do, then the procedure describes how exactly you go about doing it.

A good model for a procedure is a food recipe. Every line contributes to the end result. For example, to describe how to achieve the cupcake policy above, you might write this procedure:

  • Kitchen staff will bake 100 cupcakes daily.
  • Couriers will bring cupcakes to floor.
  • Nurses will give cupcakes to patients on admission.

You’ll notice a common theme in the procedure above: Each line answers, at a minimum, the who and what, but also can explain the when, where, why, and how. Note : Some legal advisors recommend avoiding “will” and substituting other terms like “should” and “may.” Check with your legal counsel for advice before writing policies.

When do I write a policy and procedure?
By writing your policy standard and a procedure describing exactly how to achieve that standard, you now have a very valuable document. Together, these documents give you a meaningful change management mechanism.

Some people, when they learn about policies and procedures, suddenly want to develop policies for everything. Try to resist this urge. Too many policies can make it hard for employees to comply with them. On the other hand, too few policies might mean you’re not standardizing your operations. Ideally, you want a happy medium.

And so, you should only write policies when:

  • The policy is required to meet a legal, regulatory or operations need.
  • The policy addresses a common occurrence or practice.
  • You have the resources to implement the policy.
  • You can enforce the policy.

And, you should only write good policies.

What’s a good policy?
A good policy is one that creates clarity and harmony in your organization. End-users should be able to find it, read it, and immediately understand your expectations. It should be a valuable management tool for leaders and directors, and should always reflect your values and current practices.

A bad policy is one that creates confusion, chaos or in a best-case scenario, changes nothing. A bad policy conflicts with your values, does not reflect practice, is published where few people can find it, and many employees don’t know it exists.

So what about hospital governance?
Before discussing IT and EMR policies, it helps to understand a little about the difference between administrative and clinical policies.

Let’s say you were building a hospital from scratch—you would need two teams to help you :

  • A clinical team, who know all about giving care, treating diseases, and doing surgeries and procedures
  • An administrative team, who know all about finance and operations and regulations and legal issues.

Neither team can live without the other; virtually all hospitals need both. So we generally divide their standards into:

  • Clinical policies – Those that define patient care and clinical standards.
  • Administrative policies – Those that define employee and administrative standards.

The key ingredient needed for these two teams to work together harmoniously is good communication at all levels of your organization.

So what about IT and EMR Governance?
After you have a good understanding of your organization’s policy and committee structure, you can go about examining your current standards. Do you have any documents that spell out basic clinical practices such as:

  • Electronic Documentation – How/when to create it, sign/authenticate it, use it?
  • Medication Order Standards– How/when to order certain medications? Non-formulary medications? In code blue/emergency situations? Over the phone?
  • Standards for lab/radiology orders– How/when to order certain tests?
  • Training standards – How do you train new employees? Existing employees?
  • Clinical Tool Development – How do you develop order sets? Policies? Protocols? Documentation?

Look for these documents because you will need to examine them and probably modify them after your EMR implementation to help make your processes more efficient. In general, the standards get tighter, and the demand for resources increases after your EMR go-live.

Finally – A common question is, “Where should I publish my IT and Informatics policies? In the administrative or clinical policy manual?” Surprisingly, most informatics and clinical IT policies belong in the clinical policy manual. While it’s tempting to think of them as administrative issues, most of them have a strong impact in clinical functions and strongly impact the day-to-day operations of clinicians. When in doubt, ask yourself: “Who is the end-user of this policy?

10 DOs and DON’Ts to remember with EMR and Health IT Governance
DON’T: …write policies in a rush. The more time you spend on them, the clearer and more effective they will become.
DON’T: …write too many policies. They should only be for things that address absolutely necessary legal, regulatory, or workflow issues, and those that you have resources to monitor and implement.
DON’T: …make policies automatically punitive. Non-compliance with a policy should give a leader a reason to pause and reflect: Why didn’t the policy help reinforce the desired outcome?
DON’T: … forget to document reasons why you knowingly didn’t comply with a policy. They carry legal risk and weight, so any non-compliance should be well-documented and discussed with leadership.
DON’T: … keep policies hidden! For them to work best, it helps to keep them in a common place where everyone can find them.

DO: … practice writing policies, and have end-users look them over to help check for clarity.
DO: … spend time learning your organization’s governance structure, including your bylaws, policy manuals, policy writers, reviewers, and approval bodies.
DO: … keep reading more and look for classes on operations and policy development.
DO: … consult legal counsel when needed, especially to tackle tricky risk or compliance issues.
DO: … network with other healthcare technology colleagues, to share tips, tricks, and lessons learned.

About the Contributor
Dirk Stanley, MD, MPH, is the Chief Medical Informatics Officer at Cooley Dickinson Hospital in Northampton, Mass. He earned his medical degree from St. George’s University in the West Indies, completed his internship and residency at Albany Medical Center in Albany, NY, and is board-certified in Internal Medicine. In addition to his Health IT duties, Dirk works clinically as a hospitalist and writes, blogs, and lectures on healthcare technology, governance, and patient safety issues. Follow Dirk's blog at http://www.dirkstanley.com or on Twitter http://www.twitter.com/dirkstanley