Electronic Medical Records: 18 Ways to Reduce Legal Risks

Carolyn Buppert, NP, JD

Disclosures

January 13, 2010

Risks of Transition to Electronic Medical Records

Let's start with the transition from paper to digital. The first issue is getting everyone on board. Early adopters make the move, but others resist change. An example is the cancer center that decided to adopt electronic order entry and documentation. Some physicians obliged by quickly learning how to use the electronic ordering system, but others, 9 months later, still refuse to make the switch. The result is that the hospital is forced to maintain 2 systems for ordering and recording data. This requires nurses to know which physicians use EMRs and which use paper and to switch back and forth between paper and EMRs. Not only does this take more time than when each patient has only 1 record, but orders for changes in chemotherapy doses or other important medications may also be overlooked, leading to patient mishaps.

The second problem is how to capture paper documents. Old records can be summarized in the EMR, but this takes time and attention to detail. The accuracy and completeness of the summary depend on the dedication of the clinician writing the summary. Copies of forms brought in by patients and filled out by practitioners are not going to get into the EMR unless they are scanned. This takes time, and a hurried clinician may just decide to put it off or simply forgets to do it.

The third issue is that of complying with federal requirements so that a practice or facility can avail itself of stimulus funds. On February 17, 2009, President Obama signed the Health Information Technology for Economic and Clinical Health (HITECH) Act, as part of the American Recovery and Reinvestment Act (ARRA). Under the HITECH Act, the government will financially reward physicians who purchase and make "meaningful use" of EMRs. "Meaningful use" has not yet been defined. Medicare may pay $44,000 in incentives to physicians, including doctors of medicine or osteopathy, doctors of dental surgery or medicine, doctors of podiatric medicine, doctors of optometry, and chiropractors. Nurse practitioners and other advanced practice nurses were not included in the HITECH legislation. However, Medicaid will pay incentives to physicians, dentists, certified nurse-midwives, nurse practitioners, and physician assistants who are practicing in federally qualified health centers or rural health clinics led by a physician assistant.

The incentive payments are scheduled to begin in 2011 and gradually decrease. Starting in 2015, providers are expected to have adopted and be actively using a certified EMR in compliance with the "meaningful use" requirements.

The risk of starting EMRs too soon is that the rules are not yet in place (at time of this writing) and that even when the rules are in place, differing interpretations of the language and a need for clarifications will be likely. Recouping payments will take some time and effort. A Health Information Technology (HIT) Policy Committee is in charge of defining meaningful use. For more information on this process, visit http://healthit.hhs.gov.

On the other hand, the risk of waiting until the last minute to introduce EMRs is insufficient time to shop for a system, purchase it, and implement it by 2011. So, a top legal issue is staying abreast of governmental regulations, as they are published, and complying with them. These things should be on most providers' "to do" lists for the next 2 years.

Components of Electronic Medical Records

Once an electronic medical system is up and running, other issues are bound to occur. It is helpful to know what the risks are and where other EMR users have had mishaps. The components of EMRs are computerized provider order entry, documentation of patient procedures, tracking, and billing. Ideally, all of these components interact and mesh with the others, and the components must be designed in such a way that patients' privacy is protected.

Computerized order entry. The government's objective for 2011 is for eligible providers to be using computerized order entry for 100% of their orders. Hospitals must be using computerized ordering systems for at least 10% of all their orders by 2011 and must be up to 100% by 2013. "Orders" include orders for medication, laboratory and diagnostic testing, procedures, immunizations, and referrals.

Here is an example case in which the safeguards of the EMR order entry did not work because the clinician did not use them:

A nephrologist ordered prednisone 120 mg every other day for a patient with renal failure. The office nurse sent the order to the pharmacy as prednisone 120 mg every day. The EMR notified the nephrologist of the order, but the nephrologist signed off on his email notification of the prescription without reading it. The pharmacist's computer system flagged the dose as too high. The pharmacist called the nurse, and the nurse confirmed the dosage. The nurse looked at her own documentation in the computer rather than looking at the physician's original order. The patient's wife also questioned the nurse about the high dose, but the nurse assured her it was correct. Nine days into the course of prednisone, the patient presented for a Procrit® injection complaining of tremors, esophageal burning, hiccups, stomach pain, and swallowing problems. The nurse reported these symptoms to the nephrologist by email, but the physician never looked at the email. Eight days later, the patient called the physician, who was still unaware of the error, and complained that he was not feeling well. The physician told him to cut the dose of prednisone to 10 mg daily. The patient arrived the next day with hypotension and tachycardia. He was admitted to the hospital with severe dehydration, gastrointestinal bleeding, and sepsis. He died 2 days later. On autopsy, the patient had angioinvasive gram-positive microorganisms, multiple ulcers of the colon with full penetration through the muscular wall, peritonitis, and interstitial lung fibrosis. The family sued the nephrologist for prescribing a high dose of prednisone, failure to monitor the patient's progress, failure to supervise staff, and failure to give appropriate medical orders to stabilize and maintain the patient's deteriorating condition. The nurse and the practice also were named in the lawsuit.

Obviously, EMRs do not eradicate human error. A clinician may become overwhelmed with the volume of electronic notifications and may ignore them. If clinicians do not check messages, the EMR's safeguards are worthless. In addition, clinician A may assume erroneously that clinician B is aware of a problem because an electronic notification has been sent, and so, therefore, clinician A does not personally follow up. In the old-fashioned method of communication, in a face-to-face conversation or telephone call, clinician A normally would know whether clinician B received a message.

Another risk occurs when a clinician typically uses the e-prescribing function of an EMR, but because the computer is temporarily unavailable or the clinician is away from the computer, prescribes on paper. The prescription is not entered into the system, so not are safeguards lacking, but the next prescriber has no knowledge that the medication was ever prescribed.

These warnings are not meant to discourage clinicians from embracing EMRs and e-prescribing. Most of the approximately 7000 deaths that occur each year in the United States as a result of medication errors are caused by illegible handwriting, dose errors, and missed drug-drug or drug-allergy reactions. Most EMRs have the ability to detect drug-drug interactions and to warn the prescriber if the patient is known to be allergic to a prescribed medication. It is a simple matter of heeding the warnings. The following table highlights 18 recommendations for reducing legal risks with EMRs.

Table. Risk-Reduction Measures: EMRs

Number Measure
1 Establish personal and practice policies regarding electronic order entry.
2 Develop systems and policies for dealing with orders that occur when the clinician is not at his or her workstation or that occur when the system is temporarily down.
3 Print out progress notes from time to time, and evaluate them from the viewpoint of an auditor or expert witness.
4 When printing out records for an auditor or for litigation, go over the printout carefully to be sure it includes relevant and necessary data from other tabs or screens.
5 Highlight important aspects to template information.
6 Beware of generic templates.
7 Do not set up the system such that the template data automatically repopulate.
8 Become familiar with the tracking features of the EMR.
9 Back up. Check the back-up method frequently. You may think you are backing up, but the hard drive or network storage mechanism may be faulty.
10 Install virus protection software on server and workstation computers.
11 Eyes and ears need to remain attuned to the patient, while the patient is in the room.
12 Understand how the system records who is accessing and writing in the record.
13 Print out a note from time to time to be sure your entries are in your own name.
14 Understand how the time-stamp feature works, so that you can time your documentation accordingly.
15 Ensure that only appropriate staff members have access to records.
16 Protect records from inappropriate viewing -- set up screensavers, and require a password for reentry.
17 Develop and implement security measures to protect the confidentiality of health information that is transmitted electronically.
18 Identify an individual responsible for security.

 

Risk-reduction measure No. 1. Establish personal and practice policies regarding electronic order entry. Be scrupulous about reading messages from the system. If email messages are too frequent, unsubscribe from unnecessary emails from other sources, or tailor the EMR such that it does not generate messages except for a serious error or warning.

Risk-reduction measure No. 2. Develop systems and policies for dealing with orders that occur when the clinician is not at his or her workstation or that occur when the system is temporarily down.

Documentation of Patient Procedures: Template Issues

A trainer for a Medicare administrative contractor recently stated that EMRs have led to "cookie cutter charting." He cited the example of an audit that asked a physician's office for 17 progress notes for specific patients on a specified date. When the charts were reviewed, 15 were essentially the same.

Auditors, expert witnesses who work for attorneys, investigators for licensing boards, and other clinicians find that lengthy notes generated by click-box templates do not necessarily paint a picture as well as short free-text notes. It is so easy to click a box, and, for example, once a clinician has clicked the box for "heart regular without murmur or S3," the clinician cannot delete "S3," even if he or she did not actually evaluate the S3. So, it is possible that a clinician may not have carefully assessed everything that is included in a template's phrase.

Some clinicians may be tempted to use free text. However, if the EMR has the option of using free text, and if clinicians use free text, then the analyses that are possible with EMRs cannot be done or cannot be done as readily. Clinicians must come to some safe middle ground between using free text and producing voluminous, meaningless records via templates.

Here are some additional potential pitfalls of EMR documentation:

  • An important finding can become buried in template charting;

  • It is easy to inadvertently select the wrong patient from drag-down menus; and

  • If hospital staff relies on electronic capture of physiological data, but a computer glitch occurs or the leads fall off, a long span of vital sign data could go unrecorded.

Risk-reduction measure No. 3. Print out progress notes from time to time, and evaluate them from the viewpoint of an auditor or expert witness. Are the records easy to evaluate? Do the records accurately portray what the clinician did for the patient?

Risk-reduction measure No. 4. When printing out records for an auditor or for litigation, go over the printout carefully to be sure it includes relevant and necessary data from other tabs or screens.

Risk-reduction measure No. 5. Highlight important aspects to template information.

Risk-reduction measure No. 6. Beware of generic templates. These can yield undesirable documentation, such as noting, "Alert and oriented to person, place and time" for a newborn patient.

Risk-reduction measure No. 7. Do not set up the system such that the template data automatically repopulate. For example, complaints should not automatically default, in subsequent visits, to "resolved."

Tracking Issues

Missed diagnosis and failure to follow up are the 2 most common reasons why physicians and nurse practitioners are sued. One advantage of EMRs is the ability to track referrals and tests to determine whether they have been completed. Obviously, to be effective, the clinicians must use the tracking feature. For example, if a practice has an EMR with a tracking function and a clinician does not use it, and a patient is injured because the clinician failed to note that a much-needed follow-up Pap smear was not done, a plaintiff's attorney is going to ask "Why didn't you use the safety functions of your EMR?"

The good news is that some EMRs have a feature that when a test is ordered, the office note remains in an inbox until a result is received. Results come electronically to the inbox, with the note awaiting signature. The bad news is that a hurried or careless clinician may be derelict in checking this inbox.

Risk-reduction suggestion No. 8. Become familiar with the tracking features of the EMR. Decide which tracking feature will reduce risks for the clinician and the practice or facility. Commit to using those functions.

System Crashes

A clinician who fails to back up files and loses 600 patient records is going to have problems with payers when it comes time to audit, and, if the clinician is sued, will have no documentation for his or her attorney to use for defense.

Risk-reduction measure No. 9. Back up. Check the back-up method frequently. You may think you are backing up, but the hard drive or network storage mechanism may be faulty.

Risk-reduction measure No. 10. Install virus protection software on server and workstation computers.

The Issue of Distraction

Some clinicians who shy away from EMRs say that they do not want their attention diverted from the patient to the computer screen and keyboard. If a clinician's attention truly is diverted, this is a problem. However, clinicians certainly can work on their EMR just as clinicians have traditionally written their notes -- while the patient is undressing or dressing. If the EMR generates questions for the clinician such that it is necessary to enter a patient's response before moving on, perhaps the system can be set up so that the patient can answer questions before he or she sees the clinician.

Risk-reduction measure No. 11. Eyes and ears need to remain attuned to the patient, while the patient is in the room.

Authorship Issues

With some EMRs, it is possible for one clinician's entry to appear as another clinician's entry because the first clinician did not sign off the record or log out. Obviously, this is a problem. The first aspect of this problem is that a bill may be submitted under the first clinician's name, although documentation appears to be written by the second clinician. A payer may demand a refund if such a medical record is submitted during an audit. The second aspect of this problem is that when a mishap occurs and a patient suffers an injury, both clinicians will want authorship of the medical record to be correct when the entry is printed for litigation defense purposes.

Risk-reduction measure No. 12. Understand how the system records who is accessing and writing in the record. If a security protocol for logging in and out exists, it should be strict, but not too time consuming. One common feature is an automatic time-out after a period of inactivity. Clinicians may want to override automatic time-outs so that they can make entries later in the day. That may be reasonable, but note that if a record is never locked, clinicians can make changes up until the day the record is sent to auditors or litigators. This might not be helpful to the case of a clinician who is being reviewed. Perhaps clinicians should be able to make changes at the end of the day, but after a reasonably short amount of time has passed, the record should lock. If information needs to be added or comments made after the entry has been locked, a new entry should be written and clearly identified as an addendum, with current date, reference to the date being amended, the reason for the late entry, and electronic signature.

Risk-reduction measure No. 13. Print out a note from time to time to be sure your entries are in your own name.

Time-Stamp Issues

It is useful that EMRs record the time of a medical record entry. However, some clinicians have become accustomed, in paper and pen days, to documenting procedures before they actually occur. This is a problem when the record is electronic. For example, an obstetrician does not want a record to state that a child was born before a cesarean section was performed.

Risk-reduction measure No. 14. Understand how the time-stamp feature works, so that you can time your documentation accordingly.

Confidentiality

Under HIPAA of 1996 regulations, facilities and practices need to make sure that only those individuals who have a legitimate reason to access a medical record may access the record. Legitimate reasons include treatment, healthcare operations, and payment. If a patient finds out that someone who has no business viewing the chart has had access, the patient may report the individuals involved, and the US Office of Civil Rights may prosecute.

Risk-reduction measure No. 15. Ensure that only appropriate staff members have access to records. Create a process to handle staff breaches of security. Have password protected log-in. Have automatic sign-out if a clinician forgets to log out.

Risk-reduction measure No. 16. Protect records from inappropriate viewing -- set up screensavers, and require a password for reentry.

Risk-reduction measure No. 17. Develop and implement security measures to protect the confidentiality of health information that is transmitted electronically.

Risk-reduction measure No. 18. Identify an individual responsible for security.

It is likely to take at least a decade before the medical community understands all of the unintended consequences -- legal and otherwise -- of EMRs. Meanwhile, it makes sense to purchase a system that has been used for a few years by other practices or facilities, learn the system's safety features, and commit to interact with the features that are most likely to reduce the risk for medical errors.

Comments

3090D553-9492-4563-8681-AD288FA52ACE
Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as:

processing....