Electronic health records can help providers improve care and operate more efficiently. But they can also create new legal risks for organizations that aren’t prepared.
The switch from paper records to EHRs has created a number of new legal challenges and questions for healthcare providers, according to the American Medical Association. That includes everything from the expanded role of electronic data as evidence in lawsuits to the potential liability for breaches of electronic patient data.
Here are the top legal risks face as they move to electronic records — and the steps they can take to reduce those risks:
1. Medical data breaches
Hospitals and doctors’ offices hold a lot of sensitive information — including patients’ medical and financial data, both of which are highly coveted by cybercriminals. And when patient information is stolen, the provider could be held liable for failing to protect it from attacks.
For example, one health insurer recently paid a $1.5 million settlement after disk drives containing health information was stolen from one of its facilities.
As more health information becomes electronic, more organizations are likely to experience data breaches. To minimize liability for those incidents, providers must take a two-fold approach:
Work to secure systems to prevent breaches, and
Prepare in advance to properly respond if a breach does occur.
Read our earlier posts for more information on protecting patient health information and properly responding after a data breach.
2. E-discovery issues
In 2006, new rules were passed regulating how electronic data can be used in court and what organizations must do to preserve electronic evidence when they’re involved in legal cases. E-discovery is likely to become an especially big issue in health care, experts say, as more records become electronic.
Organizations can get in trouble for failing to properly retain necessary electronic documents. For healthcare providers, that can include electronic health records and lab reports, as well as emails and other files.
To prepare for e-discovery, organizations must well before they’re involved in any legal action. Experts recommend all organizations create record retention policies so they’re consistent about what types of data they hang on to and for how long. The goal should be to only keep what’s necessary, which will make the discovery process easier.
Once a lawsuit begins, organizations must apply a so-called “litigation hold” — meaning that as soon as the organization knows it may be involved in a court case, it must start saving all potentially relevant documents. Preparing for that requires quick communication between all parts of the organization so that whoever is in charge of record retention knows about legal action as soon as possible.
3. New malpractice claims
Greater use of technology could lead doctors to make some mistakes that could open them up to malpractice lawsuits. Examples might include an incorrect diagnosis that was based on a recommendation from an EHR system, or an error that was made because a doctor accidentally pasted incorrect information into the system.
To avoid those issues, experts recommend organizations make sure all doctors — as well as other staff members — are properly trained to use the EHR system before it’s implemented.