Published 7/1/2010
Howard Mevis

Electronic medical records: Liability is lurking

The two sides to using electronic medical records

With more than 75,000 medical liability lawsuits filed annually, does the electronic medical record (EMR) provide physicians with some security against an action? It certainly can. But with new rules and regulations on protecting patient information, can an EMR put physicians at risk for additional liability? Almost certainly, yes.

According to Douglas W. Lundy, MD, chair of the AAOS Medical Liability Committee, “If we are less than diligent in our choice of an EMR system, its customization, and its use, it may become our enemy—decreasing care quality and increasing traditional tort and regulatory liability. The EMR is a double-edged sword. We need to learn its pitfalls and use it as carefully as we do our instruments in the operating room.”

Reducing risk with EMRs
Over the next 5 years, using an EMR will become the standard of practice for physicians. Imagine a trial attorney asking a physician on the stand: “Why don’t you use an EMR when the technology is known to improve patient documentation and can help avoid adverse drug interactions?”

An EMR can help prevent adverse events through improved documentation of the patient encounter, a reduction in medication errors through computerized physician order entry (e-prescribing), and improved tracking of lab tests combined with better patient follow-up communications. These benefits positively impact patient care, patient adherence to treatment, and outcomes (Table 1).

Better patient care documentation
An EMR can enable physicians to create more accurate documentation compared to the typical free-form, paper-based patient record. The EMR template provides a roadmap to documenting the patient interview, physical examination, analysis of studies, differential diagnosis, and final diagnosis.

Templates make it possible to document findings that are complete and accurate for each patient. A template detailing a comprehensive orthopaedic examination of the knee is much more extensive than a brief handwritten summary. This wealth of information enables a systematic review of findings during the entire patient care continuum. It can be critical to the orthopaedic surgeon who must mount a defense against a medical liability claim—with one exception. When using an EMR, the surgeon should never “clone” patient documentation notes from an earlier appointment.

EMR software—used correctly and with complete, accurate documentation—better prepares an orthopaedist to make a defense against allegations of improper care. Information that might have been missing in a paper record can easily be found with the EMR template.

William J. Mallon, MD, a member of the AAOS EMR Project Team, reports, “In our practice, referring physicians, my partners, and I have seen substantial limitations in standard EMR-generated notes. Templates can solve the issue of creating text-like notes that look like a typical doctor’s note with all the necessary information.”

Most EMR systems will require the creation of several different templates to address different patient populations and problems. Documenting findings about a child’s metatarsus adductus requires a different template than the one used for an adult patient with patellar chondromalacia.

(See the online version of this article at www.aaosnow.org for two sample templates developed by Dr. Mallon.)

Using an incorrect template, however, may lead to incorrect documentation of findings, and attorneys will certainly take advantage of this mistake if an adverse event occurs. Similarly, cloning notes from previous appointments may also create problems.

“Attorneys tell me that they think EMR systems produce poorly written and hard-to-interpret notes that improve the likelihood of a decision in favor of the patient for an adverse event. Most doctors dislike EMR-generated notes for similar reasons,” says Dr. Mallon.

“If all the notes look alike because they’ve been ‘cloned’ from one visit to the next,” he continues, “attorneys may say that the doctor really never did the exam or the documented test. They may postulate that the physician simply filled in the blanks and did not actually complete some or all of the exam.”

Improving patient relations, communications
When used correctly, the EMR can improve patient relations and patient/physician communication. The immediate access to patient data enables physicians to focus on the patient rather than fumbling through paper files for information from previous appointments.

EMR systems include secure e-mail functions that can improve patient communications between visits. Patients can follow up with their physician through e-mail reporting. This additional communication helps ensure patient adherence to treatment and may reduce the likelihood of a medical liability claim.

Physician-to-physician communications may also be enhanced through EMR technology. Accurate and complete information sharing improves documentation of the patient’s problem as well as follow-up communication. Using secure e-mail, a physician may notify a patient of new information received from another physician. This also enhances patient relations.

New liability problems on the horizon
At the same time, the Health Information Technology for Economic and Clinical Health Act (HITECH) creates new responsibilities for orthopaedic surgeons using an EMR system. These include increased requirements for data security, breach of privacy reporting, and auditing access to electronic data files.

Orthopaedic practices will need to develop new policies and procedures regarding access to patient information for physicians and other practice personnel. Agreements will be needed with outside businesses such as external laboratories, hospitals, and others. New security controls focusing on access to unencrypted or encrypted patient data will be necessary.

Avoiding a data breach is paramount. In developing necessary policies and procedures, practices should take the following issues into consideration:

  • Passwords for log-in and log-off to data files
  • Second defense authentication methods
  • Unoccupied workstation security
  • Use of shared workstations
  • Auditing log-ins for accessing patient data
  • Standards for data exchange between covered entities
  • Locking out or suspending access privileges

HITECH also increases compliance requirements under the Health Insurance Portability and Accountability Act (HIPAA) in the following ways:

  • Requiring the Department of Health and Human Services (HHS) to investigate and impose penalties for violations that are determined to be “willful neglect”
  • Requiring HHS to audit covered entities for compliance
  • Assessing both individual and organizational accountability
  • Increasing penalties for violations to a maximum of $1.5 million per entity per year
  • Creating the potential for prosecution for criminal violations
  • Enabling civil damages for patients ‘injured’ by HIPAA violation

Requiring that you contact each patient if a breach of confidentiality occurs

The HITECH Act also expands patients’ rights to obtain an accounting of disclosures of their health information. This requirement places an added burden on physician practices and, according to the Medical Group Management Association (MGMA), will be “extremely difficult to achieve without an enormous outlay of resources.”

According to MGMA, the Act requires physicians who use an electronic health records system to include administrative data—such as disclosures for treatment, payment, and healthcare operations—in response to patient requests for an accounting of their protected health information.

Two sides of the story
Using an EMR for patient care documentation and patient relations has both positives and negatives. Physicians and practice executives are investing more and more time learning about the pros and cons of the EMR. The American Recovery and Reinvestment Act, the HITECH Act, and new HIPAA requirements are driving this interest. By making meaningful use of an EMR, beginning in 2011, orthopaedic practices have the potential to receive a federal subsidy of up to $44,000 per physician. Failure to make meaningful use by 2014 may result in a reduction in Medicare payments in 2015.

S. Jay Jayasankar, MD, sums up the positives and negatives, “EMR is neither boon nor bane. If you continue your excellent clinical and communication skills and use EMR with appropriate templates and features, it can be your trusted aide to increase patient safety, care quality, and patient satisfaction and compliance. Remember the ‘garbage in, garbage out’ principle.”

Template: Final POV – Total Knee Arthroplasty (PDF)

Template: First Office Visit – Rotator Cuff

Howard Mevis is director of the AAOS electronic media, evaluation programs, course operations, and practice management group. He can be reached at mevis@aaos.org

Editor’s Note: Articles labeled Orthopaedic Risk Manager are presented by the Medical Liability Committee under the direction of contributing editor S. Jay Jayasankar, MD.

Articles are provided for general information and are not legal advice; for legal advice, consult a qualified professional.

E-mail your comments to feedback-orm@aaos.org or contact this issue’s contributors directly.

Bottom line

  • Focus on the patient, not the software.
  • Ensure complete, accurate documentation using patient- and problem-specific templates.
  • Keep patients engaged in their care.
  • Review and update data security and patient information confidentiality policies and procedures.