February 10, 2015
7 min read

Medical malpractice risk in the age of EMRs and how to manage it

You've successfully added to your alerts. You will receive an email when new content is published.

Click Here to Manage Email Alerts

We were unable to process your request. Please try again later. If you continue to have this issue please contact customerservice@slackinc.com.

Almost all the stakeholders in modern health care, from physicians, to hospitals, payers and the government itself seem to agree that information technology, such as embodied by electronic medical records, is a desirable change. Not long ago, volumes of medical records would be dragged on cart, along with large radiograph jackets, to the physician’s office or clinic. Lost charts, illegible handwriting and delays in accessing data were common.

By inventorying medical data in a readily accessible and consistent format, electronic medical records (EMRs) have revolutionized the delivery of health care. Other advantages of EMR can include the streamlining of dictations, digital radiographs and access to medical information across platforms, including handheld devices. As with any new technology, EMR offers rewards, while creating new sources of professional risk. This article addresses the potential impact that EMR can have on medical malpractice risk exposure and strategies to manage that risk.

Functionality and risk

Basic EMR systems provide access to patient demographic data and clinical information, such as laboratory and imaging results. More complex EMRs allow entry of physician notes, provider-order entry of medications and system alerts about potential drug interactions, allergies and errors. Many systems have built-in clinical decision algorithms and treatment guidance, with reminders, alerts and advice about drug dosing and related information.

Physicians are usually concerned about medical malpractice risk, and when it comes to EMRs, that concern is probably well placed. How an EMR system was selected, purchased, installed, implemented and used may become relevant factors in a medical malpractice claim, when a plaintiff seeks to find out more about a medical complication or wants to attack the defense of a malpractice claim. Courts have held that physicians can be liable for patient harm that could have been averted with a more careful review of the records, i.e., the judicial view is that physicians have an affirmative responsibility to know the patient’s relevant medical data. With increasing amounts of data being made available for physician review by EMRs, the potential for legal risk logically increases.

Lawrence H. Brenner

Lawrence H. Brenner

Faulty implementation of EMRs is a serious risk that manifests during initial installation and teaching of the electronic system or during subsequent upgrades. Lack of training or unfamiliarity with EMR may lead to medical errors and adverse events arising from mistakes in data entry or interpretation. The EMR may have software deficiencies and design flaws, leading to erroneous data being entered, or incompletely or incorrectly populating other fields in the record. Software upgrades may undermine or subtly alter historical data that has been entered.

If such problems are discovered during a medical malpractice claim, the question arises as to who is ultimately responsible. Here, HIPAA can provide some guidance. HIPAA specifically states that the health care provider is the covered entity responsible for maintaining the integrity of the patient’s medical record, rather than the EMR vendor and related parties. Many vendor contracts will have a clause stating that the vendor does not practice medicine, and that it is up to the doctor to ensure that the EMR is used safely and properly.

Physicians should understand the EMR system they are using, and get proper training and support. Upon finding a limitation or glitch, the doctor should promptly tell the vendor and/or the information technology office, and insist that the problems be fixed. Document every attempt made to get the vendor to fix defective and deficient software, so that there is a record of such. If a flaw or defect in the software was known, and the doctor made no attempt to do anything about it, the plaintiff can argue that the doctor knowingly placed patients at risk.


Use and risk

After initial implementation, the general belief is that EMR systems can improve the quality of care. Indeed, some insurers offer discounts to providers who make the switch from paper records to EMRs. One value of EMRs may be in preventing harmful medical errors and associated malpractice claims by improving communication, ensuring timely access to data, and reducing transcription errors and delays. Another feature of EMRs, namely the cutting and pasting of redundant information that is required by multiple screens, is a time-saving strategy. But, no matter how much time it saves, the cut-and-paste strategy is not without risk. Erroneous or obsolete patient information can be transferred from one screen to another, with the same error appearing in every location. This can compromise the defense of a later malpractice claim.

To date, there is no clear evidence that the incidence of diagnostic errors is less with EMRs. Computerized order entry systems can decrease some kinds of medication ordering errors, but can create other errors. Prescribed medications may be automatically and unexpectedly canceled at a time when they are needed in an individual case. Drug dosing guidelines may fail to account for changes in physiologic status, and dose recalculations may not occur. Reliance on computerized data may lead to complacency, especially with cut-and-paste strategies, such that erroneous and obsolete clinical information is carried forward, with no attempt to gather new information from the patient.

Electronic EMR messaging systems can help reduce errors by allowing patients to vocalize concerns that may not warrant an office visit. But, electronic communications can give rise to new sources of liability. Bienz v. Central Suffolk Hospital held that telephone communications between a physician and patient can establish the physician–patient relationship necessary for malpractice liability. The same is likely to be true of electronic communications, such as email. Once a professional relationship is established, failing to respond to patient emails within a reasonable period of time could constitute a violation of the standard of care. In addition, emails may create a written record of negligent advice, in the absence of direct patient examination and interview. Treatment advice given on the basis of data review, absent further information, may constitute negligence if found to be deficient.

B. Sonny Bal

B. Sonny Bal

While most patients like the efficiency of electronic communications with physicians, it is important to clarify and manage patient expectations with this new medium. Boiler-plate responses from the physician and office staff, delayed replies and insufficient answers can trigger patient frustration and dissatisfaction. The American Medical Association ethics policies and guidelines on the subject advise physicians to avoid using electronic media to establish initial physician–patient relationships. Providers should notify patients of their guidelines and policies in regard to email communications, and obtain informed consent for the use of electronic communications.

EMR data and negligence claims

In the event of a malpractice claim, EMRs increase the availability of documentation with which to defend or prove a malpractice claim. Unlike oral communication, emails create a written record, and EMR can create more detailed and extensive notes, with time stamps. EMR constitutes a permanent electronic footprint that tracks physician activity. Under federal law, these so-called metadata are discoverable in civil trials, which means that defendants must surrender them to a plaintiff’s lawyers on request.

Large gaps in documentation during ongoing treatment, such as during surgery or anesthesia, can create uncertainty that favors the plaintiff. On the other hand, metadata can establish the timeline of events and help the defense of a malpractice claim. Conversely, if a record was modified or altered at an inappropriate time, metadata can create the appearance of wrong-doing. Some accepted practices in medicine, such as the delayed dictations of operative and clinic notes, when the doctor has more time, may be risky in the electronic age. The delay in transcription, especially if it favors the plaintiff, will become a contentious issue and may not help the defendant.


Standard of care

The existing model of medical malpractice requires the plaintiff to establish the standard of care, and prove that a violation of the standard led to injury. EMRs may change this model. In the electronic age, clinical practice guidelines, electronic treatment algorithms and best practices may trump the subjective impressions of expert witnesses. Rather than competing experts presenting opinion testimony, future court cases may be faced with clinical-decision support systems driven by electronic engines that precisely define the standard of care. Deviation from the clinical-decision support protocols could then be used as evidence of negligence.

Previously, because of difficulty in accessing prior medical records, courts had generally declined to impose a legal duty upon physicians to obtain and review prior medical records. Now, with easier access to medical data, the liability risk for providers who fail to take advantage of that access may be increased. If the patient mentions, or the physician is aware of a medical history recorded in another EMR, for example, it is probable that courts will view that the doctor has a duty to know what is in the external record.

The sheer volume of patient data may pose unique liability risks. Should the physician spend more time with the patient or devote time instead to digesting the voluminous records in the EMR? From the perspective of the patient, who believes that all the data is before the doctor and readily accessed, the assumption is that the doctor should know everything that is in the electronic record.


EMRs will continue to change the landscape of medical practice, and sometimes in unforeseen ways. Eric Topol, MD, points out in his book, “The Patient Will See You Now: The Future of Medicine is in Your Hands,” that in the new health care environment drive by information technology, power will shift in favor of the consumer. Given lengthy wait times in clinics and the increasing burden of filling forms, many patients will opt to control and manage their own health care remotely, through new tools like smart phones, labs-on-a-chip, complex algorithms that interpret EKGs, lab tests, genetic profiles, portable imaging and related technologies that will probably uncouple health care delivery from the doctor’s office. The way in which patients interact with physicians is likely to change profoundly in the next 5 years, driven by the rapid evolution and increasing complexity and capacity of information technology.

Physicians can expect changing expectations, allegations and medical liability risks and benefits as the electronic world penetrates health care, with increasing patient awareness, knowledge, information and attendant power shifts. These developments are likely to bolster the accuracy of courts in determining liability by increased evidence available to evaluate claims. It is speculative whether courts will adopt new definitions of the legal standard of care, and if so, whether these changes will be socially desirable. It is also unknown how the law will allocate liability fairly among clinicians, EMR developers and provider organizations that select and implement such systems.

Practical recommendations to manage risk include refusing to sign contracts that transfer risk to the provider, from the EMR developer. Organizations should select the best EMR systems that have been tested thoroughly and that minimize the risk of user error. The system should permit customization to the practice patterns of the organization and its clinical staff. Physicians must have time to learn these complex systems, and hospitals will have to invest in training the staff, with documentation of recurrent training, and a protocol for identifying and remedying software glitches and errors.


Topol E. The patient will see you now: The future of medicine is in our hands. Basic Books. 2015.

For more information:

B. Sonny Bal, MD, JD, MBA; and Lawrence H. Brenner, JD, are partners in the law firm of BalBrenner/Orthopedic Law Center and are the exclusive providers of loss prevention, risk management and quality improvement services for the Orthopedic Physician’s Insurance Company. Brenner can be reached at lbrenner@balbrenner.com.
Disclosures: Bal and Brenner have no relevant financial disclosures.