Knowledge, planning vital to avoiding legal pitfalls of EHRs

It's not necessarily surprising that electronic health records can both decrease and increase a provider's risk of being sued for malpractice, as some of the same features that make EHRs so attractive in the first place can inadvertently leave physicians vulnerable to legal risks.

But while malpractice liability may arguably be the most visible legal concern to providers when it comes to their EHRs, there are other legal headaches to watch out for, such as:

Improper/false billings: "I regularly hear of physicians using standard templates [and other automatic EHR features] that clearly don't reflect the true nature of the patient's visit," warns Jonathan Bertman, a family practitioner and Clinical Assistant Professor at Brown University's Alpert School of Medicine in Providence in Rhode Island. Some of the standard programs in an EHR that can be problematic include: 

  • Automatic back dating of original notes to the date the notes were started, instead of the date they are finalized, erroneously indicating that all of the information was documented on the earlier date;
  • Coding wizards that suggest and fill in codes, which can cause upcoding;
  • Cloned notes, when a physician copies and pastes more information from an earlier visit or other record than he should have;
  • Default templates, which can fill in blanks for services that weren't actually provided;
  • Pre-formatted text, which can cause errors. 

Privacy and security violations: EHRs, especially mobile ones available via laptops and tablets, are more vulnerable to being lost or stolen since they're so small and portable. And since EHRs can hold a lot of records, when a breach occurs it can potentially impact a lot more patients than a paper breach, says Peter Polack, a doctor with Ocala Eye.  "EMRs add a level of complexity to security and privacy," he notes.

Litigation non-compliance. A physician responding to a request for patient records in a lawsuit must provide all of the records, including those in electronic form (sometimes called "e-discovery"). But since an EHR holds a patient's data on multiple screens, the physician may fail to provide a complete record. 

Luckily, there are ways for providers to avoid these problems. For example:  

  • Make sure you know how the EHR system operates. Ask potential vendors about these issues and the ability to modify the EHR software as needed, Bertman says.
  • Customize templates so they reflect what you actually do when you treat patients: You can also avoid using some of the automated tools, such as the coding wizard, says Polack.
  • Make sure you have the ability to override the system: For instance, if you're going to use the automatic form completion feature, make sure you have a way to add or override the text, suggests Christine Kelly, president of Baltimore-based CMK Consulting.
  • Watch for mistakes: Don't assume that your records are accurate, suggests Resnick.  Test the features and look for these issues when reviewing or auditing charts.
  • Take special precautions to avoid violating HIPAA and state privacy and security laws: Ensure who has access to the network, don't allow EHRs to be left unattended, and make sure that passwords are being used and not shared, Polack says.

- Marla