EMR (Electronic Medical Records) have their own advantages, no doubt, but they pose certain challenges for physicians making the transition from paper to electronic records. There are certain legal implications involved with EMRs that medical providers need to be wary of. Let us look at some of these legal issues.
- Possibility of medical errors: Any software is vulnerable to bugs and shortcomings that may prove costly ultimately. Though EMR software is believed to have the capability of reducing medical errors, the opposite is sometimes true. Studies show that popular computerized physician order entry systems are susceptible to many types of medication error risks. Examples are pharmacy inventory displays being mistaken for dosage guidelines, CPOE display screens that prevent a clear view of the prescribed medications, rigid ordering formats that produce wrong orders and so on. Another problem is that physicians’ tendency to copy-paste patient data can result in mistakes that get repeated across various data forms. This simple copy-paste function of the EMR also creates problems as regards authorship when a medical record is investigated for some legal purpose. Other issues include the risk of viruses, bugs and technological glitches.
- Medical Malpractice Risk: Errors that are prone to increase when a practice transitions from a familiar system to the new EMR system can prove really damaging for practitioners. Electronic medical records can have an impact on medical malpractice litigation by increasing the availability of documentation and facts that can either prove or defend a malpractice claim. EMR metadata that comprise every single electronic transaction including time stamps of clinical activity, input of orders, etc., are discoverable in civil trials. This can very well increase the possibility of prosecutors discovering some evidence of malpractice among a team of providers. Yet again, a physician relying too much on EMR resources such as clinical decision support, follow-up reminders, clinical prediction rules, and so on can also land in trouble if the EMR system is faulty or erratic.
- Improper Billing Risk: EMR systems are considered avenues for improper billing claims, and are subject to OIG (Office of the Inspector General) scrutiny.
- Unauthorized Access to PHI: Data breach following unauthorized access to protected health information is another vulnerability of electronic medical record systems. HIPAA violation penalties are very high for data breaches that occur. Hospitals should have comprehensive HIPAA policies and procedures, and train their workforce to comply with such policies. When an HIPAA-related incident occurs, hospitals must provide a timely and appropriate response. The incident should be reported in the proper manner according to the HIPAA breach rules, and accurate documentation related to the incident should be retained for future use. Usually, fines may not be imposed if it is not an egregious violation or if the violator has cooperated with the government.
Providers must ensure they are well-informed about compliance and legal risks involved with electronic health record systems. Physicians and other members in a clinical team can be provided one-on-one training in a private environment, which is often more useful and effective. In hospitals, there should be excellent cooperation between the hospital’s IT department and physicians. This will encourage the clinical team to accept the transition more easily, and accustom themselves with the new technology.