Another area of risk involves communication with the patient via email. A failure to reply could result in claims of negligence, and information overload could obscure pertinent pieces of information. And a departure from clinical decision support could be used by the patient to defend allegations of negligence.
With widespread use of EHRs, improved access to data could change the “duty” owed to the patient. In addition, clinical decision support embedded within the software could become the de facto “standard of care.”
The learning curve can be steep
The learning curve for EHRs may be steep and, at times, discouraging. One reason is that data are organized differently than in the conventional paper record, where information is read and analyzed in a progressive and stepwise manner, as in an analog or vertical system. The EHR is a digital format, so finding information requires digital (horizontal) inquiry. Information is, therefore, utilized in both horizontal and vertical formats in everyday situations. If data are entered incorrectly, all subsequent decisions could be flawed. And if the EHR suggests a plan, and that plan is not performed by the provider, the risk of liability could increase.
Inadvertent violation of the Health Insurance Portability and Accountability Act (HIPAA) with an EHR could increase medicolegal risk. For example, HIPAA allows for patients to make corrections to inaccurate information in their personal documents, but access by the patient could require the physician to review all records viewed by the patient after visit notes have been entered. This could drive up the cost of practice and reduce face-to-face time between physician and patient. Patients are not necessarily the best judges of which information is most important in their medical records.
Internet access raises concerns about the privacy of sensitive issues and misuse of information. Making a patient’s protected health information accessible electronically leaves physicians and hospitals at risk for a government fine or lawsuit. In several instances, the US Department of Health and Human Services (HHS) has levied fines against small practices and government agencies.
In one case, HHS fined Phoenix Cardiac Surgery in Phoenix, Arizona, $100,000 for posting surgery and appointment schedules on an Internet-based calendar that was accessible to the public.12 In another, HHS fined the Massachusetts Eye and Ear Infirmary in Boston $1.5 million after it reported the loss of an encrypted personal laptop containing the protected health information of patients and research subjects.13 The Alaska Department of Health and Social Services (DHSS) agreed to pay HHS $1.7 million after it reported the loss of a USB drive—possibly containing protected health information—from the vehicle of a DHSS employee.14
In traditional physician practices that employ handwritten records, the potential for compromise of patient information is limited. An organization may lose a few patient charts in the office and recover from the loss without incident. With the EHR, the loss poses a significant threat. The cases mentioned above were attributed to negligence or ignorance. The consequences could be worse if the compromise of EHR data is determined to be intentional. On September 4, 2010, hackers may have exposed the personal information of approximately 9,493 patients at Southwest Seattle Orthopaedics and Sports Medicine in Burien, Washington. Even with the best encryption technology, any electronic system remains vulnerable to external attack.
Metadata reveal how original data are used
Another concern regarding EHRs involves metadata—”data about data content.”15 Metadata is structured information that describes, locates, explains, or manages information. Metadata relevant to the EHR includes the data and time it was reviewed by the provider and whether it was manipulated in any way. Clearly, there is a potential for use and misuse by third-party reviewers.
Specialty-specific EHRs are recommended
Many ObGyns have found that most EHR systems are inadequate to the task of recording and analyzing information relevant to their specialty. Obstetric care is episodic and frequent. Data are added into the flow that must be considered at each visit, such as gestational age, fetal growth, labs (and normative values), prenatal diagnostic studies, and so on, representing both vertical and horizontal processing.16
The legal discovery process poses challenges that have not yet been resolved
The legal discovery process grants all parties to a lawsuit equal access to information. Under ideal circumstances, the EHR can provide comprehensive data more quickly than traditional records can. The problem is determining what constitutes relevant data and which party has the burden or benefit of making that decision. Uncontrolled access has the potential to violate privacy and privilege requirements.
Rules regarding discovery are still being debated in regard to their applicability to digital discovery.17 Even before a lawsuit is filed, the potential for “data mining” by third parties could lead to allegations of malpractice.