Fear Factor: Ambiguities in State Law Leave Some Providers Hesitant to Adopt EHRs

By Chris Dimick

Although the federal government has stepped in to give healthcare a push into the digital age, some providers remain hesitant, spooked by antiquated and ambiguous state laws that still identify paper records as the legal standard.

Their confusion is delaying their transition to electronic health records (EHRs) until it is clear that their state laws support them, according to Julie Roth, JD, RHIA, a healthcare attorney with Lathrop and Gage, based in Overland Park, KS.

This confusion is not only inhibiting the purchase of EHRs, it also is muddling their use once installed, says Roth, who spoke on state legal barriers during the AHIMA Legal EHR Summit in Chicago last August. In recent months, Roth has seen an increase in clients who are interested in purchasing an EHR but have many legal questions surrounding the technology.

“There is still a lot of confusion about the relationship of the HIPAA privacy rule and the state health information law,” Roth says. “When you add an electronic health record into that situation, it just creates another layer of confusion and uncertainty for a lot of providers.”

No Specific Legal Recognition

Healthcare is heavily regulated by multiple state and federal agencies. In fact, the legal expectations placed on healthcare are some of the most complex in the business world, Roth notes. With all of these laws and regulations, it can be intimidating to a provider to change workflow processes by installing an EHR. The chance of unintentionally falling out of compliance with a law is something all providers want to avoid.

Many state laws do not address electronic health records, mainly because they were written at a time when paper records were the norm. “A majority of states are silent as to the format of records when they define a record,” Roth says. Many do not spell out that electronic medical records can be used as the legal “written record” requirement.

HIM professionals should lobby state lawmakers to expressly define in healthcare law that electronic health records can be used—in addition to paper—as the legal health record.

Some states have already taken this step. Recently in New Mexico, state legislation enacted an electronic medical records law that expressly states an EHR satisfies the written record requirement under state law, Roth says. The law also states that EHRs can be expressly used to retain health records. The new law puts to rest some providers’ fears that their electronic records did not meet state requirements.

“States that have enacted laws just giving express legal recognition to electronic medical records, I think, do clear up some confusion and uncertainty among the providers that are using those records,” Roth says.

Fear of Liability

Fear of liability can be high enough to keep some providers away from EHRs. This fear mainly comes from not understanding the expectations of state and federal law on providers who use EHRs, Roth says.

One fear providers have is that electronic records will increase their risk of information breaches. A total of 45 states have passed health information breach laws, and the first federal laws went into effect this fall. The federal laws allow the penalization of negligent providers and require breach notifications be sent to patients, the government, and possibly the media.

The intent of the laws is to increase transparency, help protect consumers, and motivate healthcare entities to improve their privacy and security practices. However, Roth says, “I imagine that there will be providers who may say, ‘This is too high of a risk for my practice and I don’t want to deal with that potential risk, so I am just going to stay with paper.’”

Another fear around using an EHR comes from the possibility that those providers using the technology could be held to a different standard of care. For example, many EHR systems alert physicians of possible negative outcomes, such as adverse drug interactions.

If an adverse event does occur and a malpractice suit is filed, the EHR could play a key factor during litigation. Prosecution could seek to discover if prompts or alerts were seen and followed by the physician and what impact those alerts could have had on patient care.

These possibilities are real, but whether a provider sees them as barriers is mostly a state of mind. While penalties have increased for information breaches, personal health information can be electronically secured to minimize the risk that a breach leads to adverse events, and strong privacy programs can deter inappropriate access to information.

As for prompts and alerts, providers can create policies on how to address them and whether they become part of the organization’s legal record. HIM can help educate physicians and other administrative staff on the benefits and risks associated with EHRs and the policies and procedures that guide proper use and minimize liability.

Electronic Signature

Sometimes a state law can discourage a business function just by being silent. Not commenting on a healthcare practice, such as electronic signatures, leaves providers wondering if the functionality is acceptable.

Electronic signatures allow providers and patients to sign various electronic documents for legal purposes—from consent forms to clinical documentation.

While some states do specifically address the legality of electronically signing healthcare documents, others have offered no law endorsing or admonishing the act, Roth says.

“State laws generally don’t address the validity of electronic signatures, especially when it comes to patient-signed documents,” she says.

When the law is silent, healthcare providers are left to wonder if an electronic signature will be considered valid by a state or federal regulation agency. Questions arise whether an electronic signature could be validated in court as the actual signature of the individual. Since some forms of electronic signatures can be copied and pasted from one record to another, providers fear they cannot prove a patient actually signed the document.

Questions also could arise as to whether the patient truly understood what they were signing. On a paper consent form, for example, everything patients agree to with their signature is laid out in print above the dotted line. Providers may fear they could not prove patients saw all the necessary information about the document they were signing when they marked their signature on a screen, Roth says.

As states revise their laws, Roth hopes rules governing electronic signatures will be made clearer. HIM professionals can advocate for such clarification, she says.

State Law Sources of “Records” Regulation

State regulations that pertain to health information often are scattered across many administrative agencies and statutory chapters. Sources of regulation can include:

  • State Board of Pharmacy
  • State Dental Board
  • State Emergency Services Board
  • State Board of Optometry
  • State Social Rehabilitation Services (Medicaid regulations and manuals)
  • State Insurance Commission
  • State Department of Health and Environment (hospitals, ambulatory surgery centers, home health agencies, hospices, adult care homes, laboratories)
  • State Board of Healing Arts
  • State Board of Behavioral Sciences
  • State Department on Aging

Take Action

Tracking down and understanding state law can be confusing. Regulations that pertain to health information often are melted into the body of other laws. When confused about how the implementation of an EHR would affect compliance with a certain regulation, Roth recommends contacting the state agency that regulates and enforces the law. Because state laws vary greatly, the specific state agency is the best place to look for answers.

The time has arrived to move EHRs into the forefront of healthcare law, Roth says. HIM professionals should contact their lawmakers and ask them to address those healthcare laws that serve as barriers to EHR implementation and use.

Tweaks to existing legislation may be all it takes to bring many ambiguous laws into the twenty-first century of health information. A major step in tearing down these EHR barriers is getting state law to expressly authorize the use of electronic records in meeting state agency requirements and laws, Roth says.

“That will remove some confusion about whether or not electronic records are permissible or meet all the state law requirements,” she says.

Chris Dimick (chris.dimick@ahima.org) is staff writer with the Journal of AHIMA.

Article citation:
Dimick, Chris. "Fear Factor: Ambiguities in State Law Leave Some Providers Hesitant to Adopt EHRs" Journal of AHIMA 80, no.11 (November 2009): 50-51.