Physician Liability: Electronic Medical Records

4 downloads 12 Views 160KB Size Report
Jun 29, 2009 - Medicaid Health Information Technology. (HIT) throughout ... ers involved in their care with electronic ..... ct; PHI, protected health information.


the red section

nature publishing group

Physician Liability: Electronic Medical Records Richard E. Moses, DO, JD1, Kayla A. Feld, BA2 and Andrew D. Feld, MD, JD3 Am J Gastroenterol 2011;106:810–814; doi:10.1038/ajg.2011.95


As part of the American Recovery and Reinvestment Act of 2009 (1), the Health Information Technology for Economic and Clinical Health Act (HITECH) (2) was passed to promote the use of Medicare and Medicaid Health Information Technology (HIT) throughout the United States over the next five years (3). HITECH is a powerful stimulus to spur health-care systems, group practices, and individual physicians to make the financial commitment to adopt electronic medical records (EMRs) (4). Providers who demonstrate “meaningful use” (5) of EMRs before 2015 will receive up to $44,000 in bonus payments under the Medicare Incentive Program and $63,750 under the Medicaid Incentive Program (6,7), whereas those who fail to adopt EMRs by 2015 may be penalized. Background

HIT is “the software and infrastructure used in the clinical practice of medicine to support documentation, storage and exchange of patient data” (8). HIT has been touted as a panacea to improve health-care quality, prevent medical errors, reduce adverse events, reduce health-care costs, increase administrative efficiencies, decrease paperwork, expand access to affordable care, aid early detection of infectious-disease outbreaks, enhance monitoring of chronic disease, aid clinicians in decision-making processes, streamline clinician workflow, Temple University School of Medicine and James E. Beasley School of Law, Temple University, Philadelphia, Pennsylvania, USA; 2School of Law, Tulane University, New Orleans, Louisiana, USA; 3Group Health Cooperative, University of Washington, Seattle, Washington, USA. Correspondence: Richard E. Moses, DO, JD, 700 Cottman Avenue, Building B, Suite 201, Philadelphia, Pennsylvania 19111, USA. E-mail: [email protected] 1

The American Journal of Gastroenterology

improve communication, provide evidence-based support, and prevent waste, despite a lack of data supporting these expectations (9–11). Such improvements would be realized through increased physician access to the patient’s complete medical history and data, electronic reminders and alerts, increased capabilities of communication with patients and other health-care providers involved in their care with electronic chart access, decreasing the cost of data collection, and building population databases. Experts project cost savings of $44 billion to $170 billion annually through the computerization of US health records (12). Although it seems that use of EMRs should decrease medical malpractice liability (13), a recent study found little difference in cost and quality (14). Noticeably absent from the discussions is the possible increase in physician exposure to lawsuits created by EMRs (15). The health-care system operates within a complex legal environment. EMRs may revolutionize documentation management in health-care records, and reduce medical errors and adverse events, thereby decreasing medical malpractice lawsuits. However, just as clinical practice guidelines were initially developed to defend physicians in medical-practice situations by outlining recommended approaches to medical problems but have been used for the opposite purpose, to argue a deviation from the standard of care (16,17), EMRs may actually increase medical malpractice risk (18). The purpose of this article is to explore the potential areas of medical malpractice litigation created by the adoption of EMRs (19). We will discuss physician liability as it relates to the physician–patient relationship, the standard of care, and the statute of limitations. We will

conclude with suggestions that a gastroenterology practice should follow to improve patient safety and risk management when using EMRs, thereby attempting to limit liability exposure. Basic legal liability concepts: negligence and standard of care

A brief discussion of negligence and the standard of care is necessary to understand how EMRs relate to medical malpractice cases. A tort is defined as a civil wrong for which a plaintiff can receive money damages (20). The most common form of malpractice action against a health-care provider is the tort of “negligence.” The plaintiff ’s attorney must prove four elements to be successful: (i) that a provider has an obligation of care for the individual (“duty”), (ii) that the duty was violated by practice below the standard of care (“breach”), (iii) that substandard practice caused the harm alleged (“proximate cause”), and (iv) that the plaintiff suffered compensable harm as a result (“damages”) (21). The physician’s duty is defined by the legal “standard of care.” A physician must exercise that degree of care that would be exercised by a physician in good standing in the same medical specialty in like circumstances (22). Some states impose geographical limitations to the standard (23,24). Physician exposure to medical malpractice suits and EMRs

When a patient seeks out a physician, and medical services are then provided, the relationship/duty is easy to understand (25). Some courts have found an “implied” duty between a physician and a patient, such as when a doctor takes affirmative action to participate in the care and treatment of a nonpatient (26). The issue then Volume 106 | may 2011

© 2011 by the American College of Gastroenterology

Response to your patient’s e-mail from an unsecured e-mail account

Patient e-mails about black stool and dizziness at 10 am. You review your e-mails at 6 pm and contact patient

Your staff e-mails that the above patient called to report melena and dizziness; puts red emergent check on the message. You are doing procedures and are offline until 5 pm

E-mail query from family practitioner about whether to treat a hepatitis C patient on the basis of lab tests and biopsy

E-mail query from colleague in your multispecialty group: “Please check the CT scan on this patient with abdominal pain and tell me what to do next”

Accidentally select wrong drop-down box in prescription menu, and patient gets not a 30-day supply of omeprazole, but a 10-day supply of twice-daily omeprazole with the rest of an H. pylori set of medications, and develops C. difficile colitis The physician uses a voice-recognition system to enter the history into an EMR and the system enters an incorrect phrase that distorts the intended meaning, gives the opposite advice, or is insulting to the patient and referring physician


Standard of care: time of response

Standard of care: time of response

Standard of care: informed consent

Standard of care: consultation

Standard of care: electronic prescription

Standard of care: notification of lab results

Standard of care: accuracy of documentation

Salient portions of those data have changed since original entry despite having been carried forward by multiple different physicians over time Lab test results are logged into EMR during the physician’s vacation. There is failure to notice a high-grade dysplasia in a Barrett’s-screened patient, and failure to notify the patient and plan follow-up, with resultant bad outcome

The physician incorporates the medical record into current consultation data, including previously entered medications, allergies, and past medical history.

Internet question from nonpatient

Duty to patient

Standard of care: dictation



Table 1.  Examples of liability exposure

Failure to follow up lab testing is below standard of care, with resultant liability

Your consultation document is expected to accurately reflect your opinion and may be relied on to guide therapy. If the document is incorrect, and incorrect approaches are taken to the patient, you may be held responsible A consultation with incorrect data is currently below standard of care

You are asked for a consultative opinion, but without opportunity to obtain your own history, perform a physical exam, or take the usual amount of time necessary for a consultation. If you respond, and your response is communicated to the patient as the specialist’s opinion, you could be held to the standard of care for a consultation One is liable for the incorrect prescription

Informed-consent discussion necessary for appropriate recommendation. Can you assure that will accompany a recommendation attributed to you?

This timing of response is not within the standard of care for gastrointestinal bleeding. Unless warned to use phone communication in emergency, patients may not understand that your e-mail system is not continuously checked This timing of response is not standard of care for gastrointestinal bleeding. Unless warned to use phone communication in emergency, staff may take the easiest route of sending electronic message marked “urgent”

Responding may establish a duty of care to that patient, beyond the original e-mail question—e.g., “How do I treat my IBS?” Your answer puts you at risk if the patient really has cancer HIPAA violation: secure server required. If PHI is hacked/leaked, you may be responsible

Liability risk

Establish a system of follow-up for lab results in EMRs. An EMR makes this easier and more accurate than current paper systems

Data brought forward from prior EMR notes must be accurate and current

Proofread all documents

Be careful with e-prescribing. Before, you may have been called by the pharmacist. Now, the prescription is electronically flawless—although incorrect

Set clear expectations with staff about route of communications in emergency. Remind staff to follow your policies regarding when to page you, and to verify the message is received. Avoid e-mail communications for potential emergencies by directing patients to call the office (via notice/reply on e-mail) Although response to simple queries, such as what antibiotic to substitute for H. pylori treatment in a penicillin-allergic patient, may be appropriate, suggest a consultation rather than respond to complicated queries Although virtual medicine practices will evolve, and will have merit in some associated efficiencies, and standards of care for virtual consultation may become acceptable, it is our opinion that one cannot assume that current standard of care for a virtual consultation is different from that for an in-office consultation. Avoid virtual consultations

Use a HIPAA-compliant secure e-mail process. Redirect any e-mail from an insecure source (without including PHI) to your secure system before responding, or encrypt your response if the patient has the ability to de-encrypt it Set clear expectations about route of communications for an emergency. Follow your stated policies regarding response times for electronic communications

Offer an appointment, explaining that you may not give advice without adequate information

Potential solution

the red section

The American Journal of Gastroenterology


CT, computed tomography; EMR, electronic medical record; HIPAA, Health Insurance Portability and Accountability Act; PHI, protected health information.

An automated reminder system that has been selected by the group will define the group’s personally selected standard of care. Failing to address that standard may be interpreted as practice below standard of care EMR produces an automated notice that colon cancer screening is due and that a newly prescribed medication will interact adversely with current medications. Both alerts are ignored, with resultant bad outcome Standard of care: automated reminder systems

Follow alerts and reminders, or detail the reason for not accepting the alert recommendation

Liability Risk Event Category

Potential Solution

the red section

Table 1.  Continued


The American Journal of Gastroenterology

becomes what constitutes an affirmative action to participate in the treatment of a patient. A telephone call may be enough to create an implied physician–patient relationship if the doctor suggests a course of treatment to a prospective patient “and it is foreseeable that the patient would rely on the advice.” For example, what is a physician’s liability if a patient e-mails the physician regarding an urgent matter, but the busy provider does not become aware of the e-mail until after harm occurs (27)? The analysis from a telephone call to communication via EMRs is intuitive. Medical malpractice exposure may arise when a doctor affirmatively accepts the care of a potential patient through an initial e-mail or website inquiry, or review of the individual’s EMR. Electronic communications between health-care providers and patients raise concerns about legal liability resulting from a failure to timely answer a patient’s e-mail message (28). EMRs may create new standards of care. As EMRs are increasingly adopted, plaintiffs may argue that health-care providers who do not use EMRs do not meet the standard of care (29). Electronic accessibility also creates a number of issues. Digital access to a patient’s health-care information may cause a new standard of care, requiring the provider to be continually available should a patient issue arise. Transmission of EMRs across state lines may erode the traditional geographic standards, establishing national standards of care (30), which could lead to attempts by plaintiffs to move cases to jurisdictions perceived as more plaintiff oriented (31). This is commonly referred to as “venue shopping.” Providers might be held liable for errors created by EMR software or hardware problems. For example, electronically transmitted automated notifications and reminders to patients are becoming increasingly common, used for appointment reminders, routine lab-work monitoring, colonoscopy and upper endoscopy monitoring, result notification, etc. If the automated system fails to notify the patient, the physician may be held liable for a negligent delay in diagnosis that causes injury if the patient

does not become aware of a test result or a need for follow-up testing or procedures (32). Liability may develop if diagnosis of a condition could have been made sooner, increasing the patient’s chance of survival, but the electronic-communication failure prevented earlier detection. A claim of negligent delay in diagnosis may also be successful where the plaintiff proves that the defendant’s negligence increased the risk of harm to the plaintiff and a jury determines that the increased risk of harm was a substantial factor in causing the ultimate injury (33). The statute of limitations is essentially a law establishing a time limit for suing based on the date when the injury occurred, was discovered, or should have been known to the plaintiff (20). After this time limit, a lawsuit cannot usually be filed. The statute of limitations in a civil matter is usually finite—two to three years, for example— and varies by jurisdiction. Some states use a “continuing treatment rule”: “if there existed a physician–patient relationship where the patient was treated for the same or related ailments over a continuous and uninterrupted course, then the plaintiff could wait until the end of treatment to complain of any negligence which occurred during treatment” (34). Since an EMR chart could be automatically updated and the physician immediately notified of the changes, this may extend the statute of limitations and the physician’s liability exposure indefinitely, especially in jurisdictions applying the continuous treatment rule. Finally, EMRs could simply fail to function properly, because of either human error or computer system failure. Software glitches are common in the computer world and may affect the EMR world as well (35). Summary

EMRs are quickly becoming a reality in clinical practice and will likely be universally used within the next decade. To reduce exposure to medical malpractice liability: 1. Include a disclaimer on the website

that clearly states it is intended to be educational and general in nature and Volume 106 | may 2011

the red section

not intended to offer specific medical advice. 2. Ensure that all e-mail communica-

tions with patients are compliant with the Health Insurance Portability and Accountability Act (HIPAA) and limited in scope. Inform patients to take precautions to ensure that others cannot access their e-mail. Encrypt and password-protect messages.

3. Make sure a timely confirmation of

receipt by the patient is obtained or a mechanism is in place to timely detect communications failures, to prevent delays in diagnosis.

4. Clearly state on your website and in

e-mails that these technologies should not be used for emergencies. Direct all potential emergencies to your emergency telephone number or instruct the patient to go to the nearest emergency department or call 911.

5. If your website is used for making

appointments or entertaining patient questions and is not passwordprotected for established patients, avoid creating an implied duty of care of nonpatients. State that no doctor–patient relationship exists until your practice confirms the requested appointment. Do not answer questions from nonpatients. Doing so may create a duty of care with that person, even though you have not charged the patient for your advice. Offering an appointment is generally less of a risk.

6. As EMRs develop, gastroenterolo-

gists will be increasingly requested to give a diagnosis or suggest treatment based on virtual information. Be cautious about diagnosing or treating a patient solely on the basis of electronic information, without a physical examination or without ability to give informed consent.

7. Document all electronic notices and

other communications (e.g., reminders, lab and radiology results, missed

© 2011 by the American College of Gastroenterology

appointments, and e-mails) to ensure availability for review at the patient’s next office visit, or if needed for a legal proceeding. 8. Never make claims on your website or

in e-mails that are not 100% accurate or that you cannot fulfill.

9. Read all articles and visit all websites

that you link to your website, and review them regularly to ensure that they remain accurate. Anything conveying inaccurate or poorly worded information may increase your liability. Referencing a well-established peer review website, such as that of the National Institutes of Health (http://, is the best approach for reliable information.


Patient safety and best outcomes are issues at the forefront of medicine, payers, and government. EMRs are a reality, and their use is a burgeoning field in health care today. EMRs will change many standards over the next decade or sooner. Defensibility of EMR documentation is beginning to be tested in courts even as this technology is still being developed and accepted by the medical community and health systems. EMR documents are permanent, and user access is easily tracked. Poor documentation input results in poor documentation output. EMR systems alone do not guarantee better documentation. Using the Internet to communicate with patients creates additional potential liability risks. This article has offered an understanding in addition to some suggestions to providers in gastroenterology to lessen liability exposure in the dynamic and evolving area of EMRs. Table 1 offers some examples of potential liability. CONFLICT OF INTEREST

Guarantor of the article: Richard E. Moses, DO, JD. Specific author contributions: All authors contributed significantly in the planning, research, and writing of this article. Financial support: None. Potential competing interests: None.


1. Pub. L. No. 111-5, 123 Stat. 115 (2009) . Accessed 25 April 2010. 2. Pub. L. No. 111-5, 123 Stat. 227 (2009). (Title XIII in Division A, pp 112–165, and Title IV in Division B, pp 353–398, cover the HITECH portion of the American Recovery and Reinvestment Act.) 3. The HITECH Act . Accessed 25 April 2010. 4. Kessler HB, Jones DS. At the intersection of radiology and the EHR. Radiol Bus J November 2009 . Accessed 25 April 2010. 5. Centers for Medicare and Medicaid Services. CMS proposes definition of meaningful use of certified electronic health records (EHR) technology . Accessed 25 April 2010. 6. Centers for Medicare and Medicaid Services. 75 Fed. Reg. (13 January 2010) at Table 22. Accessed 25 April 2010. 7. Dolan PL. “Meaningful use” takes time. Am Med News 2010 . Accessed 25 April 2010. 8. American Medical Association. Health information technology terminology . Accessed 25 April 2010. 9. Schleiter KE. The dinosaur in the office: a consideration of the technical and ethical issues surrounding the adoption of digital medical data and the extinction of the paper record. Ann Health Law 2007;16:353–74. 10. Health Information Technology. Strategic Health IT Advanced Research (SHARP) Projects Program: Frequently Asked Questions . Accessed 25 April 2010. 11. Hillestad R, Bigelow J, Bower A et al. Can electronic medical record systems transform health care? Potential health benefits, savings, and costs . Accessed 25 April 2010. 12. Leavitt J. Selecting an electronic medical record (EMR) for a gastroenterology practice. Am J Gastroenterol 2008;103:2423–7. 13. Harvard study finds reduced malpractice rate tied to use of electronic medical records. PRWeb, published online 7 March 2009 . Accessed 25 April 2010. 14. Lohr S. Little benefit seen, so far, in electronic patient records. New York Times, 15 November 2009, p B3. 15. Kern SI. Hidden malpractice dangers in EMRs . Accessed 25 April 2010.

The American Journal of Gastroenterology



the red section

16. Moses RE, Feld AD. Legal risks of clinical practice guidelines. Am J Gastroenterol 2008;103:7–11. 17. Hymans AL, Shapiro DW, Brennan TA. Medical malpractice guidelines in malpractice litigation: an early retrospective. J Health Polit Policy Law 1996;21:289–313. 18. Terry K. Will an EHR affect your malpractice risk? Med Econ 2007;84:55–8. 19. Hoffman S, Podgurski A. E-health hazards: provider liability and electronic health record systems. Berkeley Technol Law J 2009;24:1524–81. 20. Black’s Law Dictionary, 8th ed. West Publishing Group: St Paul, MN, 2004. 21. Moses RE, Feld AD. Physician liability for medical error of nonphysician clinicians: nurse practitioners and physician assistants. Am J Gastroenterol 2007;102:6–9. 22. Report of the Council on Ethical and Judicial Affairs, American Medical Association . Accessed 25 April 2010.

The American Journal of Gastroenterology

23. Mello MM. Of shields and swords: the role of clinical practice guidelines in medical malpractice litigation. Univ PA Law Rev 2001;149:645–710. 24. Palandjian v. Foster, 446 Mass. 100,104, 842 N.E.2d 916,920 (2006). 25. Jones SC, McMenamin J, Kibbe DC. The interoperable electronic health record: preserving its promise by recognizing and limiting physician liability. Food Drug Law J 2008;63:75–87. 26. Sterling v. Johns Hopkins Hospital, 802 A.2d 440,445 (Md. Ct. Spec. App. 2002). 27. Cogswell by Cogswell v. Chapman, 249 A.D.2d 865,866, 672 N.Y.S.2d 460,462 (N.Y.A.D. 3 Dept. 1998). 28. Hill JW, Langvardt AW, Massey AP. Law, information technology, and medical errors: toward a national healthcare information network approach to improving patient care and reducing malpractice costs. Univ Ill J Law Technol Policy 2007;7:159–237. 29. The TJ Hooper, 60 F.2d 737 (2d Cir. 1932).

30. Vinson RK. E-health: electronic medical records and e-discovery in the digital age. ABA Health eSource 2008;5:1 . Accessed 25 April 2010. 31. Sorrell AL. Liability by locality: practical standard or outdated notion? Am Med News 2010 . Accessed 25 April 2010. 32. Garcia JW. Automated notification systems: risk management, risk creation or just good medicine? NJ Law J 196 N.J.L.J. 865, 29 June 2009, Section 3, S-1-2. 33. Scafidi v. Seiler, 119 N.J. 93,104, citing Evers v. Dollinger, 95 N.J. 399,417 (1984). 34. Grubbs v. Rawls, 369 S.E.2d 683,687 (1988). 35. Schulte F, Schwartz E. Electronic medical record shift: signs of harm emerge as doctors move from paper. HuffPost Politics (20 April 2010). Accessed 25 April 2010.

Volume 106 | may 2011

Suggest Documents