Reducing Risks Associated With Electronic Signatures
Laura M. Cascella, MA, CPHRM
Accurate and thorough documentation is vital in healthcare; it provides essential patient information, historical details about the course of patient care, and a record of services provided. Healthcare providers’ signatures are a crucial part of documentation; they carry authority to authorize tests and services, and they attest to the authenticity and accuracy of patient records. Thus, protecting the integrity of provider signatures is imperative.
Prior to the large-scale implementation of electronic health records (EHRs) and other electronic systems, healthcare providers typically ink signed or stamped documentation to provide authorization, take responsibility for authorship, or confirm the veracity of information. During these times, safeguarding physician signatures involved strategies such as preventing forgery, securing signature stamps, and limiting access to prescription pads.
In modern day, electronic identification and verification processes have largely replaced the acts of physically signing and stamping records, forms, and orders. Yet, the need to protect and secure providers’ signatures has not diminished. Despite introducing new ways to secure information, technology also has unique characteristics that create risk exposure. Failing to address these risks can compromise the integrity of electronic signatures (e-signatures) and potentially lead to patient harm.
The following strategies and recommendations can help healthcare organizations assess their current policies and procedures related to e-signature, identify areas of potential risk, and work toward practical solutions:
- Convene a multidisciplinary team to develop and provide oversight of your organization’s e-signature policy and associated processes. The team should have expertise in various aspects related to e-signature, such as laws, ethics, technology, and documentation best practices.
- Verify that all of your organization’s documentation policies — including those related to e-signature — align with federal and state laws, accreditation standards, payer requirements, and professional best practices for documentation.
- Ensure your organization’s e-signature policy:
- Defines what types of e-signature functionality are acceptable within the organization, as determined by the multidisciplinary committee. E-signature may encompass electronic checkboxes, digital images of signatures, biometric identifiers, PIN codes, digital signatures, and more.
- Limits the authority to use e-signature only to those healthcare professionals who have privileges to document in clinical records. Make sure these individuals are aware that e-signatures generally have the same legally binding effect as an ink signature.
- Stipulates that authors of clinical documentation must review content for accuracy and completeness prior to attestation (i.e., applying an e-signature).
- Specifies timeframes, based on organizational policy, for which healthcare professionals must complete clinical documentation and provide attestation.
- Takes into account policies related to co-signatures (e.g., in the case of residents and supervising physicians or when scribes are used to document care).
- Includes guidance related to when it’s acceptable to import electronic documents that contain e-signatures into the EHR system and legal health record.
- Determine whether your EHR system:
- Captures appropriate information during the e-signature process, such as the author’s name, credentials, and the date and time.
- Prevents users from deleting or altering entries and e-signatures after the author has provided attestation.
- Has a specific process or workflow for corrections, addendums, or late entries in records that will maintain the integrity of the original entry and e-signature.
- Implement physical and technical safeguards to ensure the integrity of the e-signature process and to prevent unauthorized access to EHRs. Examples include prohibiting employees from sharing passwords, using two-factor or multi-factor authentication technology, using encrypted digital signatures, and tailoring employees’ access to EHRs based on their roles and responsibilities.
- Perform due diligence of new documentation software or software updates to identify how they will affect your organization’s current e-signature policies and processes. Proactively identify potential issues and develop strategies to address them.
- Provide staff training and education related to:
- Documentation policies and protocols, including those related to e-signature.
- Patient safety and liability risks associated with electronic documentation (e.g., in relation to copy/paste, structured content, and meta data/audit trails).
- Privacy and security of protected health information and best practices for safeguarding e-signature processes.
- Any changes in e-signature policies/processes resulting from new or updated software or any other changes related to documentation and e-signature policies.
- Monitor and periodically audit providers’ compliance with your organization’s e-signature policy and processes. Provide feedback and reminders as needed to reinforce organizational standards.
- Make sure your organization’s e-signature policy clearly delineates disciplinary actions for individuals who do not comply with the policy. Disciplinary actions should be applied consistently across the organization.1
For more information about managing risks associated with electronic documentation, see MedPro’s Risk Resources: Electronic Health Records.
Endnote
1 AHIMA. (2013 [last updated]). Electronic signature, attestation, and authorship. Retrieved from https://bok.ahima.org/doc?oid=300221#.ZEA4rHbMKUk; AHIMA. (2013 [last updated]). Appendix C: Electronic signature model policy. In Electronic signature, attestation, and authorship. Retrieved from https://bok.ahima.org/PdfView?oid=107152; Berlin, M., Creedon, M., Chong, C., McDonald, K., & Gates, S. L. (2022). E-signatures: when they’re legal and best practices for implementation. The National Law Review, XII(136). Retrieved from www.natlawreview.com/article/e-signatures-when-they-re-legal-and-best-practices-implementation