The Malpractice Risk of Electronic Health Records
The Malpractice Risk of Electronic Health Records
Marion Munley, The Legal Intelligencer
March 17, 2015
Imagine that your grandmother enters the hospital with stomach pain and has a pre-existing heart condition, arrhythmia. Her medication, propranolol (Inderal), is listed on her chart and she is being treated accordingly. Then, suddenly, her heart races out of control, she has a stroke and dies. A re-examination of her medical chart finds that arrhythmia is no longer listed in her medical history and there is no reference to propranolol. After investigation, it’s discovered that there was a glitch in the hospital’s electronic health record (EHR) system and it deleted this vital medical information. In essence, this fatal error was caused by computer malpractice.
Computer malpractice can happen as a result of technological glitches, human error and system design defects; it can threaten the quality of patient care and safety, as well as the safety of patients’ health data. These types of errors are typically caused by simple human mistakes or computer malfunctions, as opposed to egregious medical negligence. Medical malpractice lawyers need to be aware of the potential for “EHR malpractice” and should familiarize themselves with the potential pitfalls, from software system selection to its implementation and use. Currently, the regulations in place to monitor the accuracy and safety of EHRs, and certifications for system operation and use, are severely lacking.
Hospitals and doctors are adopting EHRs quickly due to pressure from the government. As part of the Affordable Care Act, Medicare and Medicaid incentivize eligible professionals to implement EHRs, and penalize those who do not. For those professionals who do not demonstrate meaningful use of a certified EHR technology, their Medicare reimbursement will be cut 1 percent each year. This kind of pressure has led to hurried adoption of new systems, and a greater possibility for dangerous errors. Patients are at highest risk for this type of malpractice during the installation and implementation of a new system or the upgrading of an existing system, so if you have a client who has been harmed by an EHR error, check to see how long the system had been in place at the time of the error.
If your client’s health care provider has purchased a system with design flaws or has provided inadequate training for its users, it may lead to multiple failures, including deletion of important medical history, corruption and loss of important data, inaccurate reporting of patient information, and improper transmission of data to other providers.
Technical Design Flaws
When evaluating whether an EHR design flaw is the cause of your client’s injury, consider the following potential problems:
• Auto-conversions or auto-fill features. These can create major problems in data entry. For example, numbers might be converted without the user noticing, leading to an incorrect drug dosage being ordered. Outdated information might be automatically filled into the fields of a patient’s form.
• System templates. These can prove to be especially problematic because each patient has unique individual needs and having a one-size-fits-all list of choices may result in inaccurate data for patients.
• Computer crashes. Computer systems can crash temporarily and information can be lost or become temporarily unavailable, putting patients in peril.
• Incompatible systems. Different computer systems do not have the ability to communicate with each other. Software used by one doctor’s office or hospital is frequently incompatible with software used in other pharmacies, offices and hospitals. When this happens, information may be lost or improperly translated.
• Faulty system upgrades. When a system is being upgraded, EHRs may lose some or alter the way the historical data is presented to a viewer of the data, leaving a patient at risk.
• Clinical decision support problems. This element of the system, which generates drug and drug-allergy alerts, can pose a significant risk of malpractice litigation should the system fail to operate with accuracy, or if it is installed improperly, or not at all. If during discovery it’s determined that alerts might have prevented injury to a client, significant liability could result.
User Error
User error is one of the most common causes of mistakes. Think about our own computer use and how often a simple spell-check mechanism can change the intended meaning of a sentence. Incorrectly entered information, typos, sloppy data entry, or even a wrong click can have serious and potentially deadly consequences in EHRs. Frequently, in an effort to enter information as quickly as possible, physicians and nurses who are pressed for time will take shortcuts that lead to mistakes. Some of these errors can include:
• Data entry errors. Much of the data in EHRs comes from an original paper chart. Conversion to an EHR format requires the tedious work of transcribing or scanning information from the old paper charts into an electronic format. EHR entries or other relevant information may be omitted or entered incorrectly, leading to deadly consequences. If possible, paper records should be compared with the information contained in an EHR to determine whether the provider had complete and accurate patient data.
• Copy and paste. Rather than retype long patient histories and pieces of information, health care workers will often use the copy-and-paste feature from one record to another to save time. However, this method can lead to unnoticed errors and multiple mistakes if they are not corrected. Furthermore, copying or cutting and pasting information reflects a lack of attention to detail that can be detrimental to a patient’s care.
• A wrong click. Clicking an incorrect choice is a very easy mistake to make. Many times, the nurse or doctor simply clicks the wrong item in a list and fails to catch the mistake. These types of errors commonly occur with medication and lab orders.
• Failure of a physician to verify or sign notes. EHRs that are unsigned or unverified by a doctor or a provider may leave questions as to whether a particular service or test was administered, or call into question when the record was made.
• Updating EHRs. EHRs need to be constantly updated with the patient’s information across all health systems, but it is unclear who is responsible to do that. Also, many times there are delays in entering patient information that can lead to lapses in memory and incorrect and missing data being entered.
• Intentional destruction of records. Make sure that your client’s doctor or other health care provider did not destroy or delete any records in anticipation of a lawsuit. Hitting the delete button can be tempting to those trying to cover mistakes.
• Clinical decision support problem. Automated features, such as clinical decision support, are intended to catch human errors, but they are only effective when used properly. Because drug and allergy alerts often appear frequently and unnecessarily, users may automatically click through them without paying proper attention. This can have deadly consequences if a user ignores an allergy or safe-dosage warning.
Data Breaches
As we have seen with the recent data breach at Anthem Inc., theft of health data is becoming an all-too-common occurrence, and it is made easier by EHRs. Unfortunately, breaches are also caused by user error, as well as intentional authorized access to private, protected information. Hospitals and health care providers must be proactive in protecting patients’ information by encrypting all EHR information and instituting policies and procedures that will minimize risk. If this happens to your client’s health care provider’s technology system, make sure that Health Insurance Portability and Accountability Act policies and procedures were in place and being enforced.
Log-ins
Doctors and nurses who allow others to use their log-in and password information to update charts and records are placing patients in jeopardy. If other staff members have access to a doctor or nurse’s log-in credentials, it makes it difficult to know who prescribed treatment, medication and tests for a patient, or who is responsible for alterations made to health records. It also calls into question the veracity of the EHR and casts doubt on the accuracy of the patient’s records.
Determining Fault
Determining fault for computer malpractice is complicated. HIPAA provides that the health care provider is responsible for maintaining a patient’s medical records, and so an argument can be made that the burden rests with the provider. However, some contracts between the IT companies and the health care provider will contain provisions that place all responsibility on the provider. It is important that malpractice lawyers look at all documents between the vendor and the provider, including all correspondence complaining that the system had flaws, problems and glitches. Be sure to look at any history of repair or remedies requested or provided. If the vendor has been negligent in supplying a defective device or software, it should not be exempt from liability.
Certification
The current certification process for EHR systems is problematic. The certification program is designed to ensure that EHR systems meet certain standards of performance and functionality, but it does not adequately consider security measures, training and other factors related to patient safety. As EHR technology is adopted more and more widely, stricter rules and safety regulations must be put in place to protect the safety and well-being of patients.
Marion Munley, a partner at Munley Law, has represented individuals and families in complex personal injury litigation in state and federal courts for 29 years. She specializes in cases involving heavy trucking accidents.