Image 01 Image 02 Image 03 Image 04 Image 05 Image 06 Image 07 Image 08 Image 09 Image 10 Image 03 Image 11 Image 12

Patient Safety
and Risk Resources


Electronic Health Record Malpractice Risks

The Doctors Company supports the integration of the electronic health record (EHR) into medical practices and believes it has great potential to advance both the practice of good medicine and patient safety. However, there are always unanticipated consequences when new technologies are adopted—and the EHR is no exception. There are real and potential liability risks, and it is important for physicians to become familiar with them.

  1. Doctors are responsible for medical information they can access—and there is increased access to e-health data from outside the practice that can be accessed from the practice EHR or website or through Health Information Exchanges, e.g., hospital charts, consultants’ reports, lab results and radiology reports, and community medication histories. EHR metadata documents what was accessed and reviewed. If patient injury results from a failure to make use of available patient information, the physician may be held liable.

  2. E-prescribing has been widely adopted and is currently used by more than 80 percent of office practices. Potential capabilities and benefits include:
    • Electronic prescriptions are transmitted via a network, such as Surescripts (which has data on more than 70 percent of patients), to all chain pharmacies and most independent and insurance formularies.
    • EHRs have an e-prescribing module, which provides electronic routing to pharmacies, quick access to drug formulary and eligibility information, and the patient’s prescription history.
    • Most e-prescribing programs check for drug interactions, dosage errors, medication allergies, and patient-specific medication factors.
    • Office prescription renewal requests can be synchronized with most e-prescribing systems. Costs are lowered by flagging generic and “on-formulary” drugs.
    • While e-prescribing encourages patients to fill prescriptions, 28 percent of EHR prescriptions are not filled and 10–15 percent contain errors (one-third of which are potentially harmful).

    However, practices are exposed to community medication histories through e-prescribing. For example, Dr. A renews a medication, and his e-prescribing program sends an alert advising him that the medication could interact with another drug the patient is taking. He has not prescribed that drug, so his office staff will have to contact the patient to identify who has prescribed it, and then Dr. A will have to contact Dr. X to “negotiate” which drug will be discontinued or changed. If failure to take action results in patient injury from a drug interaction, Dr. A may be liable.

  3. Drug-drug interaction lists generate frequent, annoying, and disruptive alerts, and doctors often develop “alert fatigue.” It is estimated that two-thirds of alerts are overridden or disabled. If it can be shown that following a disabled alert would have prevented an adverse patient event (this will be documented in the metadata), the physician may be found liable for failing to follow it.
  4. Doctors often copy information from a prior note or from the history and physical (H&P) and paste it into a new note or H&P, hopefully making changes where appropriate. This may work for the past medical history but is risky for progress notes and the physical examination, both of which may change. This also results in irrelevant over-documentation, and important new clinical information may be obscured. Copying and pasting may also perpetuate incorrect or outdated information that may compromise patient care. By substituting a word processor for the physician’s thoughtful review and analysis, the narrative documentation of daily events and the patient’s progress may be lost, thereby compromising the record of the patient’s course. The quality of notes and documentation may be further compromised by the use of templates.
  5. The computer may become a barrier between the doctor and the patient. When the doctor fills in a computer template, it may divert attention from the patient, limit interactive conversation, and restrict creative thinking. This may depersonalize and weaken the doctor-patient relationship. The computer’s location in the office is an important ergonomic consideration; i.e., the location of electrical outlets shouldn’t force you to sit with your back to the patient.
  6. Many EHRs autopopulate fields in the H&P (from data derived from data fields in a prior H&P) and in procedure notes (from personalized or packaged templates). While over-documentation may facilitate billing, it may also generate an inappropriate number of billing codes, and entering erroneous or outdated clinical information may increase liability. For example, an internist was deposed and his EHR was the medical record. Some of the autopopulated fields contained obviously wrong information. At deposition, the plaintiff’s attorney asked these questions:
  7. a. “So is the information in this record accurate or not?”
    b. “Do you bother looking at your records?”
    c. “If these ‘autopopulated’ fields are incorrect, can we trust anything in this record?”
    d. “Do you deliver the same level of care as you do in record keeping?”

  8. EHRs are certified for compliance with Meaningful Use requirements, e.g., computerized provider order entry (CPOE), e-prescribing, Clinical Decision Support (CDS), and patient connectivity through Patient Portals. Physicians are encouraged to provide patients with clinically relevant, disease-specific educational and drug safety materials through these portals. However, providers are responsible for their content, which creates risk. Some EHRs have patient questionnaires that use an algorithm to interview the patient through these portals. The questionnaires may address—and memorialize in the record—issues that physicians are not prepared to pursue (depression, substance abuse, sexually transmitted disease, etc.). Lack of or incomplete follow-up can create potential liability—and provide a clear record for the plaintiff’s attorney to follow.
  9. Most vendor contracts attempt to shift liability resulting from faulty software design or CDS data onto the physician. Some malpractice policies may exclude coverage for product liability and indemnification of third parties. Read all contracts carefully.
  10. Electronic discovery: Plaintiff attorneys generally request printed copies of the EHR as well as copies in native format, which shows how the data was used (were CDS prompts and drug alerts followed or overridden?). They will also request the metadata, which includes logon and logoff times, what was reviewed and for how long, what changes or additions were made, and when the changes were made. Smartphone and e-mail records are also discoverable. It is important to remember that all physician interactions with the EHR are time-tracked and discoverable.
  11. Templates with drop-down menus facilitate data entry. However, drop-down menus are usually integrated with other automated features. An entry error (accidentally selecting the medication above or below the one desired on the menu) may be perpetuated elsewhere in the EHR—and it may be overlooked, resulting in a new potential for error. Erroneous information, once entered into the EHR, is easily perpetuated and disseminated.
  12. EHRs provide e-prescribing drug information and CDS databases. Clinicians should know the source of the medication and CDS information in their EHRs, because it may be in conflict with the clinical standards of care or practice guidelines for their specialty and with the information in U.S. Food and Drug Administration (FDA)–approved drug labels or drug alerts.
  13. Computer-assisted documentation uses point-and-click lists, drop-down menus, autofill, templates, and canned text to bypass natural language and produce structured progress notes. These contain redundant, formulaic information, making it easy to overlook significant clinical information that is lost in a sea of normal or irrelevant findings. Communication with on-call and consulting physicians may be compromised, and abnormal lab and imaging test results may be missed.

  14. CDS provides alerts, warnings, and reminders for medication and chronic disease management and preventive care, but physicians may have to justify departures from these guidelines (documented in the EHR’s native format) if an adverse event occurs. Always document why a prompt was overridden.



By David B. Troxel, MD, Medical Director, Board of Governors.




The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J10730 9/16


CME Opportunities

We are proud to offer convenient options for earning CME credits.

See all CME programs

Patient Safety
and Risk Resources


Show all


Show all


Show all

Care Delivery Models

Show all


Follow The Doctors Company on Twitter

Watch The Doctors Company on YouTube

The Doctors Company on LinkedIn

Like The Doctors Company on Facebook

Follow The Doctors Company on Google+