Risk Management — Electronic Records Best Practices
EHR-related factors contributed to 0.9 percent of all claims closed from January 2007 through June 2014.
The Doctors Company supports the integration of the EHR into medical practices and believes it has great potential to advance both the practice of good medicine and patient safety. However, there are always unanticipated consequences when new technologies are adopted—and the EHR is no exception.
EHR-related factors contributed to 0.9 percent of all claims closed from January 2007 through June 2014. User factors (user errors, incorrect information in the EHR, errors arising when converting from written to electronic records, prepopulating, copy and paste, alert-related issues, etc.) contributed to 64 percent of these claims.
System factors (failure of system design, systems/technology failure, e-data routing, etc.) contributed to 42 percent. Some claims contained both user and system contributing factors. The top allegations in these claims were diagnosis-related (27 percent) and medication-related (19 percent).
Real and potential liability risks are now recognized, and it is important for physicians to become familiar with them.
Doctors are responsible for information to which they have reasonable access—and there is increased access to e-health data from outside the practice that can be accessed from the practice EHR or website or through Health Information Exchanges, e.g., hospital charts, consultants’ reports, lab results and radiology reports, and community medication histories. EHR metadata documents what was reviewed. If patient injury results from a failure to access or make use of available patient information, the physician may be held liable.
E-prescribing, facilitated by the widespread adoption of the EHR, is currently used by more than 80 percent of office practices. Potential capabilities and benefits include the following: image
- Electronic prescriptions are transmitted via a network, such as Surescripts (which has data on more than 70 percent of patients), to all chain pharmacies and most independent pharmacies and insurance formularies.
- EHRs have an e-prescribing module, which provides electronic routing to pharmacies, quick access to drug formulary and eligibility information, and the patient’s prescription history.
- Most e-prescribing programs check for drug interactions, dosage errors, medication allergies, and patient-specific medication factors. Office prescription renewal requests can be synchronized with most e-prescribing systems. Costs are lowered by flagging generic and “on-formulary” drugs.
- While e-prescribing encourages patients to fill prescriptions, 28 percent of EHR prescriptions are not filled.
- User transition to e-prescribing is risky. In one study, initial user error was 26 percent, falling to 10 to 15 percent after one year. (One-third of errors were potentially harmful.)
Drug-drug interaction lists generate frequent, annoying, and disruptive alerts, and doctors may develop “alert fatigue.” It is estimated that two-thirds of alerts are overridden or disabled. If it can be shown that following an alert that was disabled would have prevented an adverse patient event (this will be documented in the metadata), the physician may be found liable for failin to follow it.
Doctors often copy information from a prior note or the history and physical (H&P) and paste it into a new note or H&P, making changes where appropriate, it is hoped. This may work for the past medical history, but it is risky for progress notes and the physical examination, both of which may change. Copying and pasting also contributes to irrelevant over-documentation, and important new clinical information may be obscured. Copying and pasting may also perpetuate incorrect or outdated information that may compromise patient care. By substituting a word processor for the physician’s thoughtful review and analysis, the narrative documentation of daily events and the patient’s progress may be lost, thereby compromising the record of the patient’s course. The quality of notes and documentation may be further compromised by the use of templates.
The computer may become a barrier between the doctor and the patient. When the doctor fills in a computer template, it may divert attention from the patient, limit interactive conversation, and restrict creative thinking. This may depersonalize and weaken the doctor-patient relationship. The computer’s location in the office is an important ergonomic consideration; i.e., the location of electrical outlets shouldn’t force you to sit with your back to the patient.
Many EHRs autopopulate fields in the H&P (from data derived from data fields in a prior H&P) and in procedure notes (from personalized or packaged templates). While over-documentation may facilitate billing, it may also generate an inappropriate number of billing codes, and entering erroneous or outdated clinical information may increase liability. For example, an internist was deposed and his EHR was the medical record. Some of the autopopulated fields contained obviously wrong information. At deposition, the plaintiff’s attorney asked these questions:
- “So is the information in this record accurate or not?” “Do you bother looking at your records?”
- “If these ‘autopopulated’ fields are incorrect, can we trust anything in this record?” “Do you deliver the same level of care as you do in record keeping?”
EHRs are certified for compliance with Meaningful Use requirements, e.g., CPOE, e-prescribing, Clinical Decision Support (CDS), and patient connectivity through Patient Portals. Physicians are encouraged to provide patients with clinically relevant, disease-specific educational and drug safety materials through these portals. However, providers are responsible for their content— which creates risk. Some EHRs have patient questionnaires that use an algorithm to interview the patient through these portals. The questionnaires may address—and memorialize in the record—issues that physicians are not prepared to pursue (depression, substance abuse, sexually transmitted disease, etc.). Lack of or incomplete follow-up can create potential liability—and provide a clear record for the plaintiff’s attorney to follow.
Most vendor contracts attempt to shift liability resulting from faulty software design or CDS data onto the physician. Some malpractice insurance policies may exclude coverage for product liability and indemnification of third parties. Read all contracts carefully.
Electronic discovery: Plaintiffs’ attorneys generally request printed copies of the EHR as well as copies in native format, which shows how the data was used. (Were CDS prompts and drug alerts followed or overridden?) They will also request the metadata, which includes logon and logoff times, what was reviewed and for how long, what changes or additions were made, and when the changes were made. Smartphone and e-mail records are also discoverable. It is important to remember that all physician interactions with the EHR are time-tracked and discoverable.
Templates with drop-down menus facilitate data entry. However, drop-down menus are usually integrated with other automated features. An entry error (accidentally selecting the medication above or below the one desired on the menu) may be perpetuated elsewhere in the EHR—and it may be overlooked, resulting in a new potential for error. Erroneous information, once entered into the EHR, is easily perpetuated and disseminated.
EHRs provide e-prescribing drug information and CDS databases. Clinicians should know the source of the medication and CDS information in their EHRs, because it may be in conflict with the clinical standards of care or practice guidelines for their specialty and with the information in U.S. Food and Drug Administration (FDA)–approved drug labels or drug alerts.
Computer-assisted documentation uses point-and-click lists, drop-down menus, autofill, templates, and canned text to bypass natural language and produce structured progress notes. These contain redundant, formulaic information, making it easy to overlook significant clinical information that is lost in a sea of normal or irrelevant findings. Communication with on-call and consulting physicians may be compromised, and abnormal lab and imaging test results may be missed.
CDS provides alerts, warnings, and reminders for medication and chronic disease management and preventive care, but physicians may have to justify departures from these guidelines (documented in the EHR’s native format) if an adverse event occurs. Always document why a prompt was overridden.
Don’t allow staff to use office computers to visit websites for personal purposes, an activity that creates opportunities for hackers to compromise patient data and violate the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Staff should not be allowed to use the physician’s password to review, update, or sign off on lab and imaging results. Allowing this type of activity could result in a report being filed without the physician seeing it.
EHR notes are dated and time-stamped when they are created—which will not reflect the time the patient was seen if the note is entered later. It is important to document the EHR note with the date and time the patient was actually seen.
The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.