e-Record, e-Liability: Addressing Medico-Legal Issues in Electronic Records

by Michael Vigoda, MD, MBA; Jill Callahan Dennis, JD, RHIA; Michelle Dougherty, MA, RHIA, CHP

Physicians face unique medico-legal implications when using EHRs. Careful planning and practice help minimize risk.

While payers, patient safety groups, the federal government, and healthcare systems advocate widespread deployment of electronic health records (EHRs), physicians have been somewhat reticent. Electronic records offer the promise of improved quality of care, increased patient safety, reduced costs, and increased efficiencies, but physicians have been wary of the implementation expenses, unknown changes in workflow and workload, and reported de-installation rates approaching 20 percent.1

These are legitimate concerns that require wide-reaching collaboration if EHRs are to flourish. However, focusing solely on cost and workflow may cause physicians and others to overlook some of the unique medico-legal implications that come with using an EHR, such as the resulting changing standard of practice, unique documentation issues, and the impact of e-discovery. Successfully addressing these issues involves system selection, implementation, and day-to-day practice.

The issue of medical liability and electronic record systems is not new; initial issues were raised more than a decade ago.2 However, there was scant interest until recently.

Concurrent with increased EHR adoption, the courts have redefined the discovery process for claims involving electronic record systems. National organizations have also taken note of the medical liability dimensions of EHRs. Both the Certification Commission for Healthcare Information Technology, which certifies EHR products and their networks, and Health Level Seven, which develops standards for clinical and administrative data, are expanding their involvement in this area.

Medico-Legal Benefits

It should be noted that EHRs also may offer physicians some degree of protection from claims of malpractice.

There are several reasons for this, including improved access to legible patient records; standardized documentation; automatic notification of laboratory results; and increased efficiency of information transfer between referring and consulting physicians. If a claim is filed, the defense is likely to be aided by an ability to show adherence to evidence-based clinical decision support reminders and pop-ups and the ability to produce a complete, legible record.3

A survey from the Medical Records Institute indicated that nearly 20 percent of respondents reported receiving discounts from their malpractice underwriter as a result of having an EHR.4 Almost half felt that having an EHR reduced their vulnerability to malpractice claims. For the 20 percent who had an EHR and were involved in a malpractice case, more than half viewed the EHR as helpful to the defense.

Concerns for the Practicing Physician

The issues that require attention, however, are significant. The electronic transmission and storage of patient data raise medico-legal issues beyond the applicability of tort law to issues of telemedicine and e-mail communication. These include protection of patient confidentiality, documentation-related issues, restricted access, and hardware- and software-related issues.5

Unanticipated consequences of computerized physician order entry implementation also present risks—mismatches between workflow and clinical information systems; juxtaposition errors (e.g., mistakenly selecting an adjacent patient name or medication from a list); and “illusion of communication” (e.g., when physicians assume that medications that were ordered have been administered or that order entry implies that others will see and fulfill the order).6

Ideally, “the EMR should be the basic tool for a risk reduction process that works to minimize physician liability through proactive case intervention.”7 However, it appears that in their current form these systems exemplify those healthcare environments where “visitors to this setting see the smooth surface that clinicians have created and remain unaware of the conflicts that lie beneath it.”8

There may still be time to address these issues, as studies continue to confirm low rates of adoption of EHR systems. Overall, 4 percent of physicians use a fully functional system, while 13 percent have implemented a basic system.9 Rates are significantly higher in some categories, however; larger practices and primary care practices are more likely than average to have electronic systems.

Given the low (but growing) rates of adoption, it is time for product developers to seek greater input from medical liability experts, clinicians, health information managers, and risk managers when designing medical software. Until such time, physicians should acquire a better understanding of how the legal system regards electronic data in order to reduce their liability exposure.


Missing functionality, poor implementation, or improper use of EHRs can expose physicians to liability. Examples include:

  • Lack of time synchronization between various electronic charting systems indicates that a child is born before a C-section is performed.
  • Relying on electronic capture of physiological data, an anesthesia care team fails to document 90 minutes worth of vital sign data.
  • Following their paper-based documentation practices, physicians document events before they actually occur.
  • An emergency room physician documents patient care four hours after actual treatment, but the system records the entry as occurring at the time of treatment.
  • During the discovery process of a malpractice claim, the printed record contains current information, not the information available at the time of care.
  • A progress note dictated on the wrong patient is not corrected because the system does not require the physician to verify dictation.

Changing Standards for Use of Electronic Information in Litigation

It is important for physicians to be informed of the emerging rules for e-discovery, the identification and use of electronic data as evidence in legal proceedings. Attorneys recognize the abundance of information stored in electronic systems that paper records do not offer.10

In 2006 the Supreme Court approved an amendment to the Federal Rules of Civil Procedure, reflecting changes in the discovery process governing the handling of electronically stored information. The amended rule went into effect on December 1 of that year, and it applies to all litigation in the federal court system. The rule fundamentally changed the trial preparation process from the pretrial conference through the disclosure process and includes the introduction of new sanctions.

This is relevant for physicians because state courts, which handle healthcare litigation such as malpractice claims, are following suit, using the federal e-discovery rule as a foundation. More than half of the states have enacted or are in the process of amending their rules to address e-discovery.

In an electronic alert to its health information and technology practice group earlier this year, the American Health Lawyers Association judged that “healthcare’s e-discovery honeymoon is over,” citing five recent cases that were affected by e-discovery.11 In fact, the role of e-discovery and metadata in healthcare litigation involving clinical care may be underreported, because cases settled out of court are not well publicized.

Physicians should familiarize themselves with the key concepts of the federal e-discovery rule to understand how EHRs (not just the printouts from them) and other electronically stored information may be used in litigation in the near future. The following are key issues:

  • Early attention to e-discovery. Recognizing the complexity, volume, and potential cost of e-discovery requests, the federal rule provides a framework for the parties and the court to discuss e-discovery issues. These include pretrial conferences, preservation, form of production, and assertion of privilege. Attorneys representing a physician must be aware of (and able to discuss) all potentially relevant information, both electronic and paper, early in the litigation process.
  • Duty to disclose. The legal obligation to disclose relevant information and records extends to electronically stored information, including EHRs; clinical, administrative, and financial information systems; databases; documents created on word-processing software; e-mail; and spreadsheets. If the information is relevant to the claim or the defense, it must be retained and disclosed regardless of format.
  • Preservation. When a party receives notice of litigation, or can reasonably anticipate one, it has a duty to preserve all relevant information and suspend normal destruction processes. This applies both to information kept on paper and in electronic systems. The party must take steps to preserve information that would be automatically destroyed or overwritten by an information system.
  • Reasonably accessible. The e-discovery rule recognizes that not all electronic information is reasonably accessible and may be costly to produce (such as information on back-up tapes). It provides a mechanism to balance cost and burden versus value of the information produced.
  • Native file format and metadata. The rule allows for the parties to request or produce native electronic files with metadata intact. The native file is the source file—the actual electronic record or file—not a printout or conversion to a different format such as PDF. The courts recognize that there is relevant information in metadata and that it must be produced along with the electronic record. EHR metadata includes information such as date and time stamps, access logs, and other audit data.
  • Sanctions and safe harbors. Failure to disclose or produce relevant information can result in sanctions. There are exceptions if information was lost as a result of good faith practices, including normal destruction processes that occurred prior to knowledge of impending litigation. However, if relevant information was destroyed once there was knowledge of impending litigation, sanctions could be applied.

How Physicians Can Best Minimize Risk

Armed with awareness of the changing legal landscape and the areas of potential risk, physicians can take important steps in limiting their liability exposure. They can:

  • Openly discuss with their medical liability carriers the advantages and pitfalls in using an EHR
  • Reach out to HIM professionals within their organizations, networks, or communities for support in ensuring that their EHRs meet their legal, business, and records management needs
  • Ask in-depth questions of potential vendors to ensure that their products address medico-legal issues

Physicians, as key users, must demand the functionality that supports both their clinical and business needs.

Achieving the benefits and avoiding the risks associated with EHR implementations can only occur if physicians take an active role in raising medical liability issues. These concerns are critical at several stages: system evaluation, testing, and selection; system training and implementation; and identifying changes needed post-implementation.

System evaluation, testing, and selection. Many organizations use multidisciplinary teams to evaluate competing EHR systems. Without active physician representation, the features and functions most likely to be used by physicians will be evaluated by team members who are less familiar with clinical workflows. Physician input on the testing scenarios used to simulate actual day-to-day use will help ensure that the systems are properly evaluated. Knowledge of the criteria and functional specifications being developed by the Certification Commission for Healthcare Information Technology and Health Level Seven, as noted earlier, is an excellent first step in preparing to raise medico-legal concerns.

System training and implementation. End-user training is often relegated to a small group of staff who must meet the needs of a wide variety of users. As a result, they may tend to approach system training in a generic way, rather than focusing physician training on those features and processes most important to physician users. Physician input into training design and scheduling can result in better training results through increased participation. Better physician user training, in turn, can help physicians avoid documentation practices that pose medico-legal risks, such as indiscriminate use of “copy and paste” functions, and can ensure that physicians understand the most efficient and reliable ways of retrieving needed patient information.

Identifying changes needed post-implementation. Even in thorough selection, training, and implementation processes, adjustments likely will be needed after the “go-live” date to support changes in work processes and in clinical decision support tools. A systematic method of collecting, organizing, and prioritizing physician input can contribute to higher satisfaction among physician users and less of a need to develop unofficial “workarounds” to accommodate individual preferences and habits.

Workarounds can result in inconsistent documentation practices and even inconsistencies in where key patient information can be found. If, for example, 10 different physicians use 10 different methods for documenting a patient allergy to codeine, it becomes far more likely that entries will not agree, not be updated, and perhaps not even be seen. These inconsistencies pose a potential for medico-legal risk by increasing the chances that key patient information could be overlooked by other users.

An organized process for considering changes also permits advance study of the medico-legal implications of those suggested changes prior to their adoption. Ideally, that advance study should include physicians in partnership with risk managers, legal counsel, health information managers, and perhaps compliance managers as well as other key users of the record.

As physicians invest in and adopt EHRs it is critical that medico-legal issues and risks be raised and discussed openly. The legal landscape related to EHRs is still fluid and evolving, but important progress is being made—research is being conducted, case law is emerging, and standards are being established. The full value of EHR systems will be realized when design and implementation support the physician’s workflow and clinical needs as well as the record’s medico-legal needs.


  1. Medical Records Institute. “Ninth Annual Survey of Electronic Medical Records Trends and Usage, 2007.” Available online at www.medrecinst.com/MRI/emrsurvey.html.
  2. Grams, Ralph R., and Ernest H. Moyer. “The Search for the Elusive Electronic Medical Record System—Medical Liability, the Missing Factor.” Journal of Medical Systems 21, no. 1 (Feb. 1997): 1–10.
  3. Certification Commission for Healthcare Information Technology. “CCHIT Certified Electronic Health Records Reduce Malpractice Risk.” 2007. Available online at www.cchit.org/files/wpCCHITPhysicianBusinessCaseforCertEHR.pdf.
  4. Medical Records Institute. “New Survey Addresses Relationship of EMRs to Malpractice Risk.” Press release, August 7, 2007. Available online at www.medrecinst.com/press/pr_releases/pr_080707.html.
  5. Hodge, James G., Lawrence O. Gostin, and Peter D. Jacobson. “Legal Issues Concerning Electronic Health Information.” Journal of the American Medical Association 282, no. 15 (Oct. 20, 1999): 1466–71.
  6. Ash, Joan S., et al. “The Extent and Importance of Unintended Consequences Related to Computerized Provider Order Entry.” Journal of the American Medical Informatics Association 14, no. 4 (Apr. 2007): 415–23.
  7. Grams and Moyer. “The Search for the Elusive Electronic Medical Record System.”
  8. Nemeth, Christopher, and Richard Cook. “Hiding in Plain Sight: What Koppel et al. Tell Us about Healthcare IT.” Journal of Biomedical Informatics 38 (2005): 262–63.
  9. DesRoches, Catherine M., et al. “Electronic Health Records in Ambulatory Care: A National Survey of Physicians.” New England Journal of Medicine 359, no. 1 (July 3, 2008): 50–60.
  10. Carlson, Scott A., and Ronald L. Lipinski. “eDiscovery: A New Approach to Discovery in Federal and State Courts.” Illinois Bar Journal 95 (Apr. 1, 2007): 184–87.
  11. Shay, E. “Healthcare’s e-Discovery Honeymoon Is Over.” E-mail alert, Feb. 25, 2008. American Health Lawyers Association, Health Information and Technology Practice Group.

Michael Vigoda (mvigoda@med.miami.edu) is director, Center for Informatics and Perioperative Management, Department of Anesthesiology, at the University of Miami Miller School of Medicine. Jill Callahan Dennis is senior vice president, public and industry leadership, at AHIMA. Michelle Dougherty is director of practice leadership at AHIMA.

Article citation:
Vigoda, Michael M.. "e-Record, e-Liability: Addressing Medico-Legal Issues in Electronic Records" Journal of AHIMA 79, no.10 (October 2008): 48-52.