If you get sick today and have to see a doctor that is not your primary care physician, it is often the case that you have to fill out a thick stack of forms that explains your medical history. If it is a more serious procedure, doctors have to get in touch with your past health care providers, oftentimes multiple past providers, to collect information on your medical history and try to piece it together. Soon it will be the case that doctors will be able to have access to all of that information in a standardized form with just a few swipes of their fingers on an iPad. This is due to the easy transferability of electronic health records.
The New Health Care Law and Electronic Health Records
The Patient Protection and Affordable Care Act (PPACA), passed by Congress and signed into law by President Barack Obama in March of 2010, calls for new regulations to go into effect in 2012 that will increase the use of electronic health records (Patient Protection and Affordable Care Act, Pub. L. No. 111-148, 124 Stat. 119 (2010). Summarily, the new law “will institute a series of changes to standardize billing and requires health plans to begin adopting and implementing rules for the secure, confidential, electronic exchange of health information. Using electronic health records will reduce paperwork and administrative burdens, cut costs, reduce medical errors and most importantly, improve the quality of care (The Affordable Care Act – Implementation Timeline).” Electronic records can be stored electronically and easily shared among health care providers in ways that paper records cannot. These same benefits also raise concerns about the security of the sensitive information contained in health records.
The liabilities created through the extensive use of electronic health records are far and wide. A variety of events could trigger a potential suit. The servers where information is stored could be hacked or a laptop containing the information of patients could be stolen. Suits over patient information that is stolen can be brought under the tort theories of invasion of privacy and breach of confidentiality (E-Health Hazards: Provider Liability and Electronic Health Record Systems, 24 Berkeley Tech L.J. 1523 (1558-60)). Patient information is also protected by statutes such as the Health and Information Privacy Protection Act (HIPPA) and a variety of state laws (Id. at 1559).
Potential Litigation From the Increased Use of Electronic Health Records
On the receiving end of this litigation would be health care providers who input and store the information. Intuition is in favor of protecting patients’ privacy at all costs. This has the potential, however, of an excessive burden on doctors. The potential number of victims affected by a security breach involving electronic health records is far greater than one involving physical records. A pocket-size hard drive could easily hold the medical history of a doctor’s entire catalog of patients. This exposes health care providers to a deluge of lawsuits. A balance needs to be found between protecting the privacy of patients and protecting doctors or hospitals from an onslaught of lawsuits brought by all of their former patients. It also would not be far fetched to think that in the event of information being hacked and stolen, liability might extend to the developers and manufacturers of the software and hardware that is used to store the records.
Solutions to Increase Security and Prevent Lawsuits
One idea is to incorporate the liability into malpractice insurance for health care providers. This should not greatly increase their premiums since the benefits from electronic health records, namely higher quality of care, should work to offset some of the additional costs from the security risks of electronic health records. Another possibility is to incorporate a cap on the liability that doctors are exposed to through tort reform. This is unlikely, as tort reform did not make it into PPACA and is an issue that is politically volatile.
In their article, “E-Health Hazards: Provider Liability and Electronic Health Record Systems,” Professors Sharona Hoffman and Andy Podgurski discuss a two part method for protecting patients and health care providers that utilize electronic health records. The first step is to require that the government heavily regulate electronic health record systems. This will ensure some aspect of quality control. Having a high standard for the software and hardware that is used to keep electronic health records will ensure that health care providers use robust and secure tools. Second, government agencies should develop clinical practice guidelines to ensure that a high standard of care is used across the board when working with electronic health records (Id. at 1562).
The government may also have to implement a public campaign to raise support about the use of electronic health records. As much as 75% of people are skeptical of how safe their information would be if stored in electronic records. Despite the worries that arise from the increased use of electronic health records, the benefits that come from increased quality of care demand that electronic health records be adopted quickly in the health care industry.