We will be performing site maintenance on our learning platform at learn.aaos.org on Sunday, February 5th from 12 AM to 5 AM EST. We apologize for the inconvenience.

If electronic health records and paper charts are not accurately coordinated, physicians will have to check both to avoid malpractice risks.
Courtesy of Comstock\Thinkstock


Published 8/1/2012
Thomas Fleeter, MD; David H. Sohn, JD, MD

Potential Liability Risks of Electronic Health Records

Due to federal incentive payments, electronic health records (EHR) are rapidly becoming a part of the U.S. healthcare landscape. Although EHRs may offer opportunities to improve health care, electronic record keeping may also result in unforeseen liability exposure for physicians.

For example, consider the following scenario: In the preoperative holding area, a nurse enters the patient’s relevant health history into the hospital’s EHR. The patient’s history of sleep apnea is buried in the nursing note section but not recorded in the paper chart, and the patient does not mention it when questioned by the surgeon or anesthesiologist. After the surgery, the patient receives intramuscular narcotics overnight. At 3 a.m., the patient is found unresponsive and expires from a respiratory arrest. During the root cause analysis, the nurse’s note reflecting the history of sleep apnea is revealed, highlighting the danger that can occur when electronic and paper records are not accurately coordinated.

Advantages of EHRs
EHRs may offer solutions for correcting medical errors and reducing waste and duplication in medical care while creating new research opportunities. Ideally, EHRs may help eliminate systemic errors. Electronic prescribing, in particular, may help reduce liability.

Because most medical errors are due to unavoidable human error, rather than negligence, threatening greater punishments and calling for greater vigilance is insufficient. Systemic changes are needed, including electronic prescriptions to help reduce otherwise unavoidable human mistakes such as dosage errors, handwriting errors, and missed medication allergies or drug interactions.

Using logistic regression, one study found that physicians who embraced EHR had lower paid malpractice claims than those who did not. Similarly, a Harvard Public Health study in 2008 compared the percentage of payout between “high users” and “low users” of EHR. Just 5.7 percent of high users had paid malpractice claims, compared with 12.1 percent of low users. Despite potentially confounding variables (eg, physicians who voluntarily embraced EHRs before they were mandated may naturally be more vigilant or meticulous than others), the general thrust of the Harvard study suggests that EHRs may have some advantages in reducing malpractice risk.

Disadvantages of EHRs
Others, however, contend that EHRs may increase a physician’s liability. With the widespread implementation of EHR comes potential data breach violations, obligations to use EHR, and obligations to know the entirety of an exponentially increased volume of data included in the electronic chart.

In a case in Oklahoma, critical information about a patient’s condition was available on the hospital computer but misfiled and not in the patient’s paper chart. Assuming he could rely on the paper chart, the physician neglected to check the computer data, resulting in a misdiagnosis that led to serious harm. The court ruled that the physician had a duty to look in both the paper chart and the EHR, effectively doubling the chart reviews that physicians must do.

EHRs also increase hindsight liability. For example, an EHR with the patient’s complete medical history could have critical information buried within the voluminous data. A specific treatment plan might result in complications that would only be uncovered by a time-consuming review, but the failure to identify this key information could result in a liability claim against the physician.

The proliferation of EHRs may raise standards of care, potentially exposing physicians who practice in facilities that do not have EHRs to additional liability. For example, most EHRs have a fail-safe mechanism that alerts physicians to potential drug interactions or allergies. A physician practicing without an EHR may not become aware of the potential drug interaction until it occurs.

Physicians using an EHR are responsible for maintaining and protecting patient privacy. This may require frequent logging on and off to prevent unauthorized persons from viewing private medical records.

Online communications must use a secure network. Standard e-mail programs (ie, Gmail, AOL, or Hotmail) are not secure and do not comply with the security and privacy provision of the Health Information Portability and Affordability Act (HIPAA). (See “Healthcare Texting in a HIPAA-Compliant Environment.”) Additionally, the provider is responsible for ensuring the identity of any correspondent.

Minimum standards for patient authentication must be established. Prior to using online communication, the provider should have the written consent of the patient, outlining the appropriate use of email. For example, patients should understand that electronic communication is not to be used in an emergency situation. The physician should carefully select which patients and/or issues are suitable for online discussions.

Electronic data are also more easily stolen, which places more responsibility on physicians to guard against data breaches. Electronic data are more compact and more easily stored and transmitted than paper data. They are also more easily stolen and may require the data keepers to meet a higher standard of protective care.

For example, several computer disks were stolen from a medical office in Oregon in 2009, affecting more than 365,000 patients. A lawsuit was filed, based on patient concerns of future losses and the need to monitor credit reports. Ultimately, the case failed, but not because the defendants did not owe a duty for better data protection. It failed only because in that case, no harm actually came to the plaintiffs. It is not hard to see, however, that providers have a duty to keep electronic health data secure.

EHR programs are generally very useful and can provide an improved level of care. However, they place an increased burden on the physician to review both paper and electronic charts. They also require vigilance to protect patient health data, because digital data can be stolen much more easily.

Thomas Fleeter, MD, and David H. Sohn, JD, MD, are members of the AAOS Medical Liability Committee. They can be reached at feedback-orm@aaos.org


  1. EHR Incentives Programs. 2012 June 5, 2012]; Available from: https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/EHRIncentivePrograms/.
  2. Kohn LT, Corrigan JM, Donaldson MS: To Err is Human: Building a Safer Health System. Institute of Medicine, Washington, D.C. 1999
  3. Virapongse A, Bates DW, Shi P, et al: Electronic health records and malpractice claims in office practice. Arch Intern Med 2008;168(21):2362-2367.
  4. Carter B: Electronic medical records: A prescription for increased medical malpractice liability? Vand J Ent Tech 2011;13(2):385-406.