8 Malpractice Dangers in Your EHR

Neil Chesanow


August 26, 2014

In This Article

EHRs Are Full of Legal Risks

Many physicians are so concerned about being sued for malpractice that they routinely order unnecessary tests and procedures to practice defensive medicine. And yet, when it comes to legal risks in using their electronic health records (EHRs), their concern is often nonexistent, experts assert.

Many doctors use their EHRs in nonstandard ways, without considering how this may affect them in a liability suit. Or they gloss over other aspects of using an EHR.

"Every aspect of EHR selection, implementation, and use may be examined in the course of medical malpractice discovery to uncover the source of the incident, or undermine the records that are being presented in defense of the malpractice claim," warns Ronald B. Sterling, CPA, MBA, an EHR expert in Silver Spring, Maryland, and author of Keys to EMR Success.

"Anything could be a malpractice issue," Sterling says, "from the product itself, to the way it was set up, to how you've been using it."

Are your EHR practices setting you up for a rude awakening should a patient sue you for malpractice? Let's take a look.

Who's to Blame if Your EHR Doesn't Work Properly?

Sometimes EHRs don't function properly owing to design flaws or bugs. For example, data you enter into the opening screen may fail to populate the fields of other screens correctly, or authorized software upgrades may alter the presentation of historical data that you've entered, Sterling says.

If problems related to bugs in a faulty product figure into a malpractice suit, who is ultimately responsible for the EHR's performance?

To understand who is liable for an EHR's bugs and flaws, Sterling likes to use the analogy of purchasing a hammer to build a house. You can ask the salesperson for advice on how to use the hammer, he says, but if the house then comes out lopsided, whose fault is that?

"The Health Insurance Portability and Accountability Act (HIPAA) specifically states that the healthcare provider is the covered entity responsible for maintaining the integrity of the patient's medical record -- not the EHR vendor, not the consultant, not the systems integrator," he says.

"A doctor can be held liable because most vendors' contracts essentially say, 'We do not practice medicine; it is up to the physician to make sure this EHR is being used correctly.' Practices must understand what they're using and verify that the system is appropriately set up to document the care they provide."

If you find bugs or flaws, contact the vendor and insist that the glitches be fixed, Sterling advises. Vendors may be more responsive than many doctors assume. And document each attempt to get the vendor to fix buggy software, so that you have a record of trying to remedy the situation.

Look at it from the perspective of a plaintiff attorney. If you didn't know about the flaw, why not? Didn't you sign a contact saying that you understood how the EHR worked? If you did know about the flaw and made no attempt to get it fixed, then, it could be argued, you knowingly jeopardized your patients.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.