As a clinician, you want to know if data being entered into the system is accurate, clean, correct and useful. Data validation often called “validation rules” or “check routines” are built into systems such as EHR systems. These rules check for correctness, meaningfulness, and security of data. For example, the system would automatically disallow or question a user trying to enter eligibility results into the patient’s address field. Validation rules may be automated because the software company uses a data dictionary, or data may be checked by an explicit application program validation logic. To participate in quality reporting, such as meaningful use, PQRI or ePrescribing reimbursement incentive programs, you want to know if the data extracted from the system will be accurate and relevant.
HIPAA’s Security Rule is as much about good business practices as it is about securing confidential patient information. Data integrity, one of the pillars of HIPAA’s Security Rule, contains overarching security themes that pose layered questions, such as, how does the system’s functionality allow you to know who has been in the system, what did the user do with the content after he or she accessed it, or did the system block a potential intruder who did not use the correct user ID and password?
When evaluating an EHR system, you want to ask how data validation functionalities work. So during the EHR due diligence, I would ask, “How does your EHR software enable the practitioner to generate quality measurement reports, (suggest you hold up the Meaningful Use Matrix), and how do we validate the data going into the system is accurate and placed in the correct fields?” As an EHR project manager, I request a data validation report on the third and fifth day of Go-Live week so that we can quickly catch and retrain data entry errors.