Legal Issues with Electronic Medical Records

Sep 28 10:56 2009 Gen Wright Print This Article

When medical practices change over from paper to electronic medical records (EMR), steps must be taken to ensure that the records remain legally sound.

The change to electronic medical records brings up some issues with compliance,Guest Posting privacy, and security. Below you will find some important considerations to make when switching your practice over to EMR.

When writing and exam on a piece of paper and signing it, you create a legal document. You are most likely familiar with the problems that can result from changes to medical records, and the importance of good documentation. The Healthcare Information and Management Systems Society (HIMSS) asserts that electronic medical records must be stored legally. Otherwise, these records can be challenged as hearsay and deemed invalid.

This is important, because when electronic medical records do not meet the legal requirements, a payor can sometimes deny a claim. Also, you could create the risk of an adverse outcome in litigation. In addition to being sure your electronic records aren't altered, you must also be able to demonstrate the procedures which are used to ensure this.

How, then, can you be sure your electronic records can't be altered? Ask yourself the following questions:

Does the system keep a record of who is accessing and writing to the record? You wouldn't want your name appearing as the author of another user's entry.

Does it contain a security protocol which is strict but not too time consuming? Features could include an automatic time-out after a period of inactivity, and periodic changes to the alphanumeric passwords.

Does it use a secure 'lock-out' feature? Perhaps the doctors could be able to make changes at the end of the day, but after a certain amount of time has passed the record should lock.

Does the system write time stamps on all entries to show an audit trail? For example, the system could write an unalterable draft of each event and entry.

By paying attention to these important considerations, you'll be on your way to ensuring your electronic medical records system is legal and usable.

Patient Privacy

Do you remember when the HIPAA first appeared on the scene? No more can you even keep a patient check-in form at the front desk, or risk having a patient learn who else had been in on that day. The penalty could include jail time.

Undue Burden

Some recent legal cases have established that data which is accessible must be able to be produced, including backup data. Although this may seem an unfair burden for a medical practice, experts dealing with these sort of legal cases believe that EMR will result in a decrease of malpractice suits, as as result of better documentation and a lower rate of medication-related mistakes. Even so, if data is kept on a failed hard drive, and the costs of recovering the data is significant, it could create an undue burden; judges could rule that the expense be shared between the two parties.


In the world of paper records, charts that are more than seven years old that were purged are considered legally 'inaccessible.' If a plaintiff's attorney asks you to produce the record, it is impossible. When it comes to electronic information, however, inaccessibility could be more difficult to prove, as electronic data can almost always be recovered. In fact, most of the current EMR software systems don't even let a provider delete patient records.


Discovery is the pre-trial phase in a lawsuit. Each party can compel production of evidence by means of a subpoena or a deposition. E-Discovery refers to information saved in an electronic format. The collection of digital evidence has even spawned the field of cyberforensics. This column cannot adequately cover a topic as broad as E-Discovery. The bottom line for medical practices is that a reliable and secure backup process is a must.

Eventually, rational minds emerged victorious, and some of the more inane regulations have relaxed a bit. There are still privacy issues which are specific to the electronic aspects of medicine, in regard to inappropriate disclosure of patients' data. An unauthorized email, unsecured wireless network, a computer monitor left on in view of another patient are some prime examples.

Source: Free Guest Posting Articles from

About Article Author

Gen Wright
Gen Wright

By the way, do you want to learn more about implementing EMR in your own practice? Download my free report "Getting Through The EMR Maze." Click here for the free EMR report

View More Articles