E-Health: Electronic Medical Records And E-Discovery In The Digital Age
by Robin K. Vinson, Smith, Anderson, Blount, Dorsett, Mitchell & Jernigan, LLP, Raleigh, NC
The advent of personal computers and electronically stored information (ESI) has produced both opportunity and challenge for today's healthcare providers. In a modern world dependent on automated processes, storing and transferring health information in a digital format creates speed and efficiency. At the same time, however, the dependence on ESI may result in frustrations and new liability risks for the unwary. Indeed, a paperless medical office may inundate even the brightest healthcare provider with mounds of information which is everywhere, yet nowhere, at the same time. As discussed in this article, effective electronic medical records management will allow healthcare professionals to succeed in a complex healthcare marketplace, while reducing waste and inefficiency.
In general, ESI includes any information, data or process that can be stored or read in a digital format: e-mail, word processing files, web pages, financial reports created by spreadsheet applications, documents scanned and stored in various formats, audio files, x-rays, MRIs, and photographs and other digital images. Such electronic information is uniquely different from its former paper counterpart in several significant ways. First, electronic documents are created and transferred at a much faster pace than paper documents. Second, electronic documents are harder to dispose of than paper documents, in that the deletion of a file from a desktop does not remove it from the computer's storage devices. Third, unlike paper charts and flat x-ray films, computer information is dynamic and can be reviewed in many ways, and also may be susceptible to change without human intervention, such as a software application that is designed to update files automatically. Finally, electronic data is dependent on its software or data base environment in order for the material to be accessed and used effectively, which can be problematic when technology changes require the movement of data from one software program to another while upgrades are taking place.
The New Paradigm
For most physicians and their practices, ESI and it related technology is a constant learning process. Today's digital age requires the physician to learn a completely new language relating to the creation and management of electronic information. While most of us have come to understand concepts like desktops, laptops, PDAs, CPUs, hard drives, memory, and encryption, the world of e-health, electronic medical records, and e-discovery in litigation requires a speaking acquaintance with terms like ghost image, forensic or mirror image, allocated and unallocated space, hash value, metadata, legacy data, orphan records, WORM media, and life-cycle management. With ESI usually accessible and searchable, many providers have developed a false sense of security as to their ability to safeguard and manage effectively the information captured and created on a daily basis. IT vendors have, for years, sold proprietary health information software and network applications which allow both large and small providers to treat their patients efficiently, integrate their processes, and maintain regulatory compliance. In most cases, providers have navigated, albeit awkwardly, the various record retention requirements and regulations in areas involving Medicare, Medicaid, JCAHO, OIG, Stark, and other authorities. To ease the burden of storage, IT professionals have created automatic archival and deletion protocols which, in large measure, operate consistent with health policy and regulatory objectives.
Electronic Medical Records -- Rewards and Challenges
An electronic medical record (EMR) is a medical record in a digital format, that is, a patient record that is created, stored and transmitted electronically. First conceived as a way to reduce medical errors and increase efficiency, the use of EMRs has revolutionized the practice of medicine in less than a generation. EMR technology has been shown to reduce medication errors drastically by eliminating the use of handwritten prescriptions and easier checking for contra-indications and drug interactions. The use of computerized physician orders (from simple email formats to hand-held scanners and bar-coding systems) may reduce medication errors by as much as 85% in certain patient populations. Similarly, although there are substantial upfront costs, automated claims processing has reduced overhead and increased the net payments for many providers, reducing financial strain on busy practitioners in the process. EMR technology has also been shown to facilitate clinical integration and efficiencies across large provider groups, whereby clinical alerts and reminders in computer-based medical records have resulted in significantly faster and more complete adoption of practice guidelines in various areas of disease management.
At the same time, with the increased use of EMR technology, there will likely be new and challenging issues for physicians and healthcare attorneys alike. First, liability risks may arise regarding possible violations of the Health Insurance Portability and Accountability Act (HIPAA). For any health care provider who transmits health information in an electronic form, HIPAA defines and limits the circumstances under which an individual's protected health information can be used or disclosed. The existing HIPAA privacy and security rules require physicians to establish safeguards to protect the integrity, confidentiality and availability of electronic protected health information. At the very least, practitioners should establish secure log-on and password procedures to assure authentication, and install adequate firewall software on all devices to avoid contamination.
Second, any donor program between hospitals or similar entities and physicians need to meet the safe harbor exceptions in order to avoid anti-kickback and Stark law violations. In 2006, the Centers for Medicaid and Medicare Services and the Office of the Inspector General simultaneously established rules creating an exception to the Physician's Self-Referral Law ("Stark") and a new safe harbor to the Anti-Kickback Statute, whereby donations of technology will not violate the Stark Law and the Anti-Kickback Statute if certain conditions are met. The e-prescribing regulations allow certain limited donations of e-prescribing technology to physicians, which may include hardware, software, and training services necessary to receive and transmit electronic prescription information. The new EMR regulations allow various healthcare institutions to donate EMR systems to physicians and physician group practices, as long as the software is interoperable, the use is left unrestricted, and a written agreement reflects certain required cost--sharing arrangements.
Third, new and challenging risks may arise in medical malpractice and liability cases involving EMR programs and electronic protected health information. In many respects, the physician's decision-making process during patient encounters is influenced by the template based software and text written by the EMR vendor, which may not reflect actual custom and practice in a particular jurisdiction. Commentators have suggested that use of EMR systems may, over time, create national standards of care which do not exist at present. In addition, where templates automatically make entries into the patient record without supervision, and automatically update prior records with new information, the patient record could be rendered inaccurate. Further, in cases where the template suggests and assigns claims codes to patient encounters, there exists the possibility of possible false claims issues. Any one of these untoward events could spawn a myriad of additional issues concerning product liability and indemnification claims.
The ability to create and store electronic data and information has resulted in increasing demands by litigants to preserve, retrieve and produce metadata (data showing date, time and manner of use of patient record, for example) and other encrypted information ancillary to the patient EMR information. Whereas presently only a few reported decisions have applied e-discovery principles in medical malpractice cases, there will likely be an increasing emphasis on computer forensics in these cases in the future. Recent amendments to the Federal Rules of Civil Procedure and the procedural rules of many states have adopted rules regarding the management and use of ESI in the litigation arena, and these new rules will likely require litigants to meet and confer early in the litigation process to identify and preserve ESI that may be subject to discovery. Indeed, discovery depositions of IT personnel familiar with EMR systems and the analysis of metadata may become routine in medical liability litigation.
The Future of Health Information Technology
The Bush Administration has called for the nationwide adoption of EMR programs covering the majority of Americans by 2014. To facilitate that effort, on July 23, 2008, a congressional panel approved a major health IT bill which would provide approximately $560 million in loans and grants available to physicians and other health care providers in rural and underserved areas and in small practices over the next five years.
The year 2009 may see yet additional congressional funding for incentives to providers adopting EMR systems. As healthcare professionals move toward uniform use of EMRs, and in light of recent e-discovery trends, there will likely be an increasing demand for IT personnel who have both medical and forensic expertise. Likewise, physician groups should expect and demand that their legal counsel be well-versed in the technical jargon of electronically stored information and electronic medical records and their requirements and uses in clinical, compliance and litigation contexts.
*Robin Vinson is a partner in the Raleigh law firm of Smith, Anderson, Blount, Dorsett, Mitchell & Jernigan, LLP, practicing in the areas of corporate, contract and healthcare law and complex corporate, commercial and healthcare litigation. He earned his bachelor's and law degrees from Wake Forest University. He has written and spoken on compliance, record-retention and risk-management issues for physician and provider organizations.
The ABA Health eSource is distributed automatically to members of the ABA Health Law Section . Please feel free to forward it! Non-members may also sign up to receive the ABA Health eSource.