- The Power of User Virtualization: Meeting Meaningful Use, Optimizing IT and Clinical Productivity
- Case Study: Blood Systems Expands Remote Access Connectivity to Prepare for Disaster
- QualSight LASIK Achieves HIPAA Compliance After Attempted Hack
- Beyond the EHR: Seamlessly Connecting Nurses and Physicians Using an EHR-Extender (EHR-e)
- The Need for Data Loss Prevention Now
New federal healthcare legislation and implementing regulations seek to exert control over aspects of patient care, from outlining the substantive information that healthcare providers should obtain from their patients to specification of treatment algorithms a physician should consider once a diagnosis is made.
Meaningful use standards require healthcare providers to affirmatively act to identify potential future health risks in patients seen for unrelated health conditions. New regulations also require continued patient follow-up after discharge from care to ensure compliance with care directives. The regulations reflect laudable goals but create significant potential risk for malpractice claims for unwary healthcare providers.
Thus far, great concern has been expressed as it relates to physician and institutional liability if information systems are hacked or if cloud-based products are illegally accessed. CHIME noted that there are significant program issues relating to system interfaces so as to allow communication of EHR between physicians and other institutions. Multiple industry associations have suggested that implementation of Stage 3 be delayed by up to two years to allow for evaluation of the impact of Stages 1 and 2 on the healthcare system.
[The ACA at 3: Neither success nor survival a foregone conclusion]
The emphasis that has been placed on the adoption of information technology in the healthcare field in the last several years, meanwhile, generates potential legal and risk management concerns. As the requirements for acceptable EHR systems evolve, so do relevant common law standards of care. The rapidity with which healthcare institutions must develop and implement EHR systems to meet “meaningful use” criteria presents significant risk for malpractice claims.
Initial transition from paper to electronic record systems can create risk of: implementation errors (software issues); inadequate training issues; incorrect or inconsistent use; and individual mistakes in the creation of the electronic record. The use of both paper and electronic records may create documentation gaps leading to misdiagnosis and inappropriate treatment. Procedures must be developed for confronting problems in the implementation of electronic recordkeeping. Consistent standardized use of developing electronic systems is imperative.
Meaningful use requirements relating to the need to document and treat a patient’s future health risks creates a gray area as to what, if any, responsibility institutions and physicians have in evaluating patients for potential health issues unrelated to the reason for hospital admission and/or treatment. Regulatory requirements relating to coordination of post-hospital care creates obligations to provide services in a reasonable manner, including follow-up where provider/patient communication potentially becomes a significant problem.
The use of electronic communication systems to diagnose and treat patients remotely creates a potential malpractice risk. There is a clear risk of misdiagnosis associated with remote treatment. There is also litigation risk in relation to the failure to properly follow-up.
Healthcare providers will need to create and implement guidelines with respect to use of electronic communication systems in treating patients’ health complaints or concerns.
Hospital substantive treatment guidelines, i.e., clinical decision support guidelines, must be carefully drafted as they create the potential for institutional liability and can potentially negate agency defenses presently enjoyed by many healthcare institutions. Additionally, failure to oversee use of clinical guidelines once in place creates potential institutional liability. Moreover, a physician’s override of an alert by implementing a nonconforming treatment plan creates potential liability for both the physician and institution.
Beyond this, the ability to access historic inpatient and outpatient records creates a potential duty to review same regardless of the reason that a physician may be seeing the patient. A failure to adopt an integrated EHR system may, itself, constitute a breach of the standard of care. Evolution of EHR systems creates a continued duty to communicate and train users.
Patient stewardship is a laudable goal but presents significant litigation risk. Lack of definition of which care provider has the duty to comply with given meaningful use criteria further confounds liability issues. Controls must be implemented to manage financial and liability risks associated with common law malpractice actions arising out of HITECH compliance.
ACA at 3 Podcast: Road to reform on short window of implementation
Healthcare Finance News: How providers are using their MU dollars
Healthcare IT News: Docs limit patients access to EMRs