Liability considerations with electronic health records

The more things change, the more they stay the same. The increasing use of Electronic Health Records (EHRs), “cloud-based” applications, Application Service Providers (ASPs), and offsite electronic storage has led to an increase in laws and court rulings governing them—and these could affect your practice.

Expect more oversight from federal and state governments. Two reports recently issued by the inspector general of the Department of Health and Human Services found that the drive to connect hospitals and doctors via EHR is being “layered on systems that already have glaring privacy problems.” Audits of health systems in seven large hospitals in different states found 151 security vulnerabilities, most of which were classified as “serious.”

Among the serious problems were inadequate passwords, computers that did not automatically log off inactive users, and unencrypted patient data on laptops. Most hospitals had problems with wireless access (an inability to detect unauthorized intrusion), lack of firewall, and not updating computer software to defeat known bugs.

As security issues and oversight move through the electronic systems, one area of interest is sure to be external vendors providing ASP services, which have made EHRs possible. Web-based programs for medical records, charts, and financial information are discoverable, making doctors responsible for information to which they have reasonable access.

To protect your practice and your patients, strongly consider the following:

  • Make sure that whatever model is used, there is data security and adequate encryption.
  • Build in a backup service. How many times have you had trouble checking your e-mail in the last year? Imagine how your office might be crippled if the service goes down.
  • Review your contract with storage providers to limit data recovery costs in the event of a failure.
  • Review your contract with EHR providers to clarify what should happen in the event of a subpoena of records.

To address the growing risk posed by the implementation and storage of EHRs, The Doctors Company leadership participated in the development of Medical eRisk Considerations. These considerations are intended to help medical professionals with all aspects of liability concerning EHRs, including personal health records, social media, and electronic prescriptions.

David Troxel is Chief Medical Officer of The Doctors Company.

Submit a guest post and be heard on social media’s leading physician voice.

Comments are moderated before they are published. Please read the comment policy.

  • Marc Gorayeb, MD

    Interesting bullet points. The principles outlined are reasonable. The solutions to the issues raised either don’t yet exist or will cause you no end of grief.
    -Even the largest bank in the world can’t protect its online systems from hacking. I have personally had to cancel two credit cards in the past two months because of unauthorized electronic use. There is no password system, encryption, etc.. that hasn’t been hacked.
    -The best backup systems may be able to effect a smooth transition to normal operations, but they are very expensive. Add that to the cost-benefit equation for EHR.
    -Review your contract? Most contracts with vendors are take-it-or-leave-it documents. Small suppliers may be able to modify a contract, but they’re also the ones more likely to go bankrupt and leave you high and dry no matter what the contract says.
    -You can forget about asking EHR providers what to do about subpoenas. What they say is irrelevant. It’s what the court and the opposing attorney will say. With a paper record, the response is simple: copy the paper record and send it. With an electronic record, the response is very complex, and the attorney requesting the material will never be satisfied. That’s what’s happening right now in civil litigation all over the country in the area of discovery involving electronic records. Good luck!

  • horseshrink

    A computer lets you make more mistakes faster than any invention in human history – with the possible exceptions of handguns and tequila. ~Mitch Ratcliffe

    In a few minutes a computer can make a mistake so great that it would have taken many men many months to equal it. ~Author Unknown

    http://www.quotegarden.com/computers.html

    How many billions (yes, billions) of dollars have been paid out due to health information breaches so far … just HEALTH information …. ?