Medicolegal Issues

EHRs and medicolegal risk: How they help, when they could hurt

OBG Manag. 2013 March;25(3):1e-4e

References

1. The Casebooks Project. History of Medical Record-keeping. http://www.magicandmedicine.hps.cam.ac.uk/on-astrological-medicine/further-reading/history-of-medical-record-keeping/. Accessed February 26 2013.

2. US Department of Health and Human Services. EMR vs EHR—What is the difference? Health IT Buzz. http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/emr-vs-ehr-difference/. Accessed February 20, 2013.

3. Health Information Technology for Economic and Clinical Health Act of 2009. HITECH Act. Pub L No 111-5 Div A tit XIII Div B tit IV Feb 17 2009, 123 stat 226, 467. Codified in scattered sections of 42 USCA.

4. Mangalmurti S, Murtagh L, Mello M. Medical malpractice liability in the age of electronic health records. N Engl J Med. 2010;363(21):2060-2067.

5. Reid P, Compton D, Grossman J, et al. Building a Better Delivery System: A New Engineering/Healthcare Partnership. Committee on Engineering and the Health Care System, Institute of Medicine and the National Academy of Engineering. Washington, DC: National Academies Press; 2005.

6. Grossman J. Disruptive innovation in healthcare: challenges for engineering. The Bridge. 2008;38:10-16.

7. Murphy E, Oxencis C, Klauck J, et al. Medication reconciliation at an academic medical center; implementation of a comprehensive program from admission to discharge. Am J Health-System Pharmacy. 2009;66(23):2126-2131.

8. Schuler R. The smart grid: a bridge between emerging technologies society and the environment. The Bridge. 2010;40:42-49.

9. Haberman S, Feldman J, Merhi Z, et al. Effect of clinical decision support on documentation compliance in an electronic medical record. Obstet Gynecol. 2009;114(2 Pt 1):311-317.

10. Hasley S. Decision support and patient safety: the time has come. Am J Obstet Gynecol. 2011;204(6):461-465.

11. Lagrew D, Stutman H, Sicaeros L. Voluntary physician adoption of an inpatient electronic medical record by obstetrician-gynecologists. Am J Obstet Gynecol. 2008;198(6):690.e1-e6.

12. Dolan PL. $100,000 HIPAA fine designed to send message to small physician practices. American Medical News. 2012. http://www.ama-assn.org/amednews/2012/04/30/bisd0502.htm. Accessed February 26, 2013.

13. US Department of Health and Human Services. Massachusetts provider settles HIPAA case for $1.5 million [news release]. September 17 2012. http://www.hhs.gov/news/press/2012pres/09/20120917a.html. Accessed February 26, 2013.

14. US Department of Health and Human Services. Alaska settles HIPAA security case for $1,700,000 [news release]. June 26, 2012. http://www.hhs.gov/news/press/2012pres/06/20120626a.html. Accessed February 26, 2013.

15. National Information Standards Organization. Understanding Metadata. Bethesda MD: NISO Press; 2004. http://www.niso.org/publications/press/UnderstandingMetadata.pdf. Accessed February 26, 2013.

16. McCoy M, Diamond A, Strunk A. Special requirements of electronic medical record systems in obstetrics and gynecology. Obstet Gynecol. 2010;116(1):140-143.

17. The Berkman Center for Internet and Society at Harvard Law School. The Federal Rules of Civil Procedure: The Impact of Digital Discovery. http://cyber.law.harvard.edu/digitaldiscovery/digdisc_library_4.html. Accessed February 26 2013.

18. Quinn M, Kats A, Kleinman K, et al. The relationship between electronic health records and malpractice claims. Arch Intern Med. 2012;172(15):1187-1188.

Another area of risk involves communication with the patient via email. A failure to reply could result in claims of negligence, and information overload could obscure pertinent pieces of information. And a departure from clinical decision support could be used by the patient to defend allegations of negligence.

With widespread use of EHRs, improved access to data could change the “duty” owed to the patient. In addition, clinical decision support embedded within the software could become the de facto “standard of care.”

The learning curve can be steep

The learning curve for EHRs may be steep and, at times, discouraging. One reason is that data are organized differently than in the conventional paper record, where information is read and analyzed in a progressive and stepwise manner, as in an analog or vertical system. The EHR is a digital format, so finding information requires digital (horizontal) inquiry. Information is, therefore, utilized in both horizontal and vertical formats in everyday situations. If data are entered incorrectly, all subsequent decisions could be flawed. And if the EHR suggests a plan, and that plan is not performed by the provider, the risk of liability could increase.

Privacy could be jeopardized

Inadvertent violation of the Health Insurance Portability and Accountability Act (HIPAA) with an EHR could increase medicolegal risk. For example, HIPAA allows for patients to make corrections to inaccurate information in their personal documents, but access by the patient could require the physician to review all records viewed by the patient after visit notes have been entered. This could drive up the cost of practice and reduce face-to-face time between physician and patient. Patients are not necessarily the best judges of which information is most important in their medical records.

Internet access raises concerns about the privacy of sensitive issues and misuse of information. Making a patient’s protected health information accessible electronically leaves physicians and hospitals at risk for a government fine or lawsuit. In several instances, the US Department of Health and Human Services (HHS) has levied fines against small practices and government agencies.

In one case, HHS fined Phoenix Cardiac Surgery in Phoenix, Arizona, $100,000 for posting surgery and appointment schedules on an Internet-based calendar that was accessible to the public.¹² In another, HHS fined the Massachusetts Eye and Ear Infirmary in Boston $1.5 million after it reported the loss of an encrypted personal laptop containing the protected health information of patients and research subjects.¹³ The Alaska Department of Health and Social Services (DHSS) agreed to pay HHS $1.7 million after it reported the loss of a USB drive—possibly containing protected health information—from the vehicle of a DHSS employee.¹⁴

In traditional physician practices that employ handwritten records, the potential for compromise of patient information is limited. An organization may lose a few patient charts in the office and recover from the loss without incident. With the EHR, the loss poses a significant threat. The cases mentioned above were attributed to negligence or ignorance. The consequences could be worse if the compromise of EHR data is determined to be intentional. On September 4, 2010, hackers may have exposed the personal information of approximately 9,493 patients at Southwest Seattle Orthopaedics and Sports Medicine in Burien, Washington. Even with the best encryption technology, any electronic system remains vulnerable to external attack.

Metadata reveal how original data are used

Another concern regarding EHRs involves metadata—”data about data content.”¹⁵ Metadata is structured information that describes, locates, explains, or manages information. Metadata relevant to the EHR includes the data and time it was reviewed by the provider and whether it was manipulated in any way. Clearly, there is a potential for use and misuse by third-party reviewers.

Specialty-specific EHRs are recommended

Many ObGyns have found that most EHR systems are inadequate to the task of recording and analyzing information relevant to their specialty. Obstetric care is episodic and frequent. Data are added into the flow that must be considered at each visit, such as gestational age, fetal growth, labs (and normative values), prenatal diagnostic studies, and so on, representing both vertical and horizontal processing.¹⁶

The legal discovery process poses challenges that have not yet been resolved

The legal discovery process grants all parties to a lawsuit equal access to information. Under ideal circumstances, the EHR can provide comprehensive data more quickly than traditional records can. The problem is determining what constitutes relevant data and which party has the burden or benefit of making that decision. Uncontrolled access has the potential to violate privacy and privilege requirements.

Rules regarding discovery are still being debated in regard to their applicability to digital discovery.¹⁷ Even before a lawsuit is filed, the potential for “data mining” by third parties could lead to allegations of malpractice.