Virtual and Traditional Medical Scribes
Updated: Aug 19
Physicians in the modern medical industry are always pressed for time. A physician's time is often taken up with documentation, interfering with the care of patients. As a result, many physicians have become unhappy data entry clerks. Is this the best use of a physician's training and abilities? No, it's not! We need to free physicians from these tedious data entry tasks. To do so, hire a medical scribe to provide documentation support. Considering that both in-person and virtual scribes are available, you may wonder which is best for you.
To help you make an informed choice, let's discuss some of the benefits of virtual over traditional scribes.
Physician dictation and patient encounters are recorded in medical records by medical scribes. They can significantly speed up the documentation of a patient's electronic health record (EHR). It was traditional for medical scribes to accompany physicians to patient appointments to document their records. Some healthcare organizations are now using virtual medical scribes who observe physicians from a distance rather than traditional medical scribes.
Some healthcare organizations may be interested in virtual team members due to the cost benefits and flexible schedules. Still, some may wonder whether such benefits outweigh the potential HIPAA and liability risks associated with granting virtual scribes access to patients' EHRs containing protected health information (ePHI).
Healthcare organizations can mitigate HIPAA and liability risks associated with virtual medical scribes by utilizing the measures outlined in this article.
HIPAA and Liability Risks Associated with offsite Medical Assistants’
Since virtual medical scribes are considered business associates (BA) of covered entities (CE), they must safeguard ePHI in compliance with HIPAA. Virtual scribes, like other BAs, could be penalized for failing to comply with the HIPAA Security Rule. If the CE fails to vet or monitor a BA properly, the CE will also be held accountable for the BA's HIPAA violations. Before hiring a scribe or service, healthcare organizations must ensure that adequate safeguards are in place to protect ePHI to avoid such HIPAA risks.
Aside from HIPAA concerns, healthcare organizations should also be aware of the unique liability risks posed by a virtual team member. The level of supervision required and the tasks the team member can and cannot perform are critical to an understanding before choosing a service.
Healthcare companies can use the following risk management tips when selecting an offsite medical scribe to prevent being penalized for a scribe's HIPAA violation and reduce liability exposure.
Virtual Medical Team Member HIPAA Compliance Tips
1. Identify the steps taken by the service to ensure compliance with HIPAA.
See if the service has implemented HIPAA compliance measures on its website. Without assurances that the service will adequately safeguard your patient's ePHI, you may not want to use the service if it claims to be HIPAA-compliant but fails to provide details on how it maintains compliance.
2. Speak with the medical assistant or service provider about obtaining a Business Associate Agreement.
An ePHI-accessing Business Associate Agreement (BAA) must be between a CE and a BA. The scribe service provider or the individual scribe must sign a BAA before granting access to any ePHI to healthcare providers. The BAA should include the following minimum requirements:
Describe the permitted and required uses of ePHI;
Business associates are contractually or legally obligated not to use or disclose ePHI in any other way.
Ensure the business associate uses appropriate safeguards to prevent unauthorized use or disclosure of ePHI.
To ensure its HIPAA-compliant platform, the service providers must sign a BAA if they use proprietary software to connect with physicians or receive ePHI. In contrast, if the service supplies scribes who will work exclusively with your company's EHR, and no ePHI is passed on to the service provider, only the individual scribe would need to sign a BAA.
3. Document the HIPAA training certificate before onboarding
Healthcare providers should receive and document the HIPAA training certificates of scribes who claim to have completed HIPAA training before allowing them access to ePHI. You should consider training your scribe on HIPAA compliance if he or she has not been trained.
4. Minimize access to ePHI
Providers should restrict access to ePHI by requiring each scribe to have their username and password for accessing your EHR during working hours. To document the notes dictated by the physician, they only need access to the part of the EHR necessary to do so.
In addition, if the scribe works exclusively through your EHR, ePHI should never be accessible directly to the scribe's device. Individuals are less likely to lose ePHI if they cannot download any.
Furthermore, to minimize additional exposures, the healthcare organization should be able to immediately suspend access to ePHI by the scribe in the event of a breach.
5. Maintain and monitor the access to ePHI
Keeping and reviewing logs of the medical assistant’s access to ePHI should be a regular practice. An individual's access to ePHI should be suspended immediately if it is discovered that he or she accessed it unnecessarily or terminated.
Additional risks are associated with virtual medical assistants outside the United States under HIPAA.
In light of the relatively recent development of overseas virtual medical scribes, it remains uncertain how the Office of Civil Rights (OCR) - the entity that enforces HIPAA - will handle non-compliant virtual scribes operating abroad. As OCR's jurisdiction is limited to the United States, it is unlikely to pursue foreign BAs. Overseas vendors have little chance of paying their fines voluntarily. Although the domestic covered entity (CE) was compliant with HIPAA at all times, it is unlikely that the OCR will pursue the foreign BA.
What can healthcare organizations do to prevent their overseas virtual scribes from violating HIPAA? To put it simply, they can't. Healthcare organizations will likely be liable for HIPAA violations committed by overseas scribes they hire since the OCR is not likely to find offenders located outside its jurisdiction.
Furthermore, the HIPAA Security Rule requires CEs to analyze and manage risks in light of the possibility that foreign vendors may be more susceptible to certain types of cyber threats. As a result, healthcare organizations contracting with overseas scribes should be aware of their region's cyber threats. As part of the BAA, the medical assistant or service should be required to take specific precautions to mitigate such threats.
Virtual Liability Risk Management Tips
1. In the employment contract, clearly define the duties of the new team member.
Scribes should be clearly defined in the employment contract as documenting patient encounters and dictating into the EHR. In their employment contract, they should also be prohibited from performing clinical duties, such as diagnosing a patient or ordering medications.
2. Provide EHR training at onboarding
Your EHR platform will be unfamiliar to most virtual scribes. To ensure that they are sufficiently familiar with your organization's EHR system, they should be trained before starting to document. In addition to training on how to sign into and out of the system, inform physicians of system alerts, sign entries, and date them, the medical assistant should also receive instructions on how to sign and date entries.
3. Develop a performance audit policy
Healthcare providers are advised to develop a policy for comparing the performance of virtual medical scribes before hiring them. A healthcare organization should periodically audit the scribe's performance to ensure compliance with its guidelines, including confirming that the scribe is not performing any clinical tasks. Additionally, performance audits will allow the healthcare organization to provide the scribe with constructive feedback.
4. Review all entries for accuracy
Since the healthcare provider will ultimately be liable for errors in the electronic health record, the physician should carefully review the notes dictated to the scribe to ensure there are no mistakes. A patient's EHR should be carefully reviewed for all entries by his/her scribe, but particular attention should be paid to those entries that may affect the course of the patient's treatment. To confirm that the physician was present at the patient visit and that the scribe's entries are accurate, the physician should electronically sign and date the EHR after reviewing the scribe's entries.
5. Make sure that the medical assistant is up-to-date on all training
As healthcare organizations change policies, federal guidelines, and state regulations, ongoing training should be provided to virtual scribes in addition to initial EHR training.
6. Notify patients of the medical assistants’ presence
Physicians should inform patients before appointments that scribes will observe and listen to their appointments and explain the role of the scribe. Additionally, the physician should inform the patient that the scribe may not attend all appointments or only certain sections.
The bottom line is that choosing a virtual medical scribe is an important decision that should be weighed carefully, with the pros and cons. Virtual Medical Scribes can be seen as more suitable for practice than traditional medical scribes due to their lower cost, greater flexibility, and patient-centered approach.
Looking for a new virtual medical scribe? Concierge Elite can help!
Do not rely on any information provided as legal advice. This article is for educational purposes only.