Paper v. Paperless
By: Ashlyn Hilburn
The development of the internet has affected nearly every aspect of life. In the medical field, evolving technology not only led to an explosion of revolutionary treatments, but it also resulted in a change to how all medical records are kept. Electronic health records have received pushback from not only practitioners, but legal scholars as well. Electronic health records include a patient’s medical history, notes, and other information about the patient’s health including their symptoms, diagnoses, medications, lab results, reports from any diagnostic tests, and much more.[1] The push for electronic health records began in the 1960s.[2] However, the electronic medical record programs and electronic health records were so expensive that they were only used by the government in partnership with health organizations.[3]
In the 1990s, technology had graced most medical offices, and computers were used for very limited record-keeping purposes.[4] Thus, up until the early 2000s, most health record information was written on paper and stored in a filing cabinet.[5] However, in 2004, President George W. Bush created the Office of the National Coordinator for Health Information Technology, which detailed a plan to ensure that most Americans would have electronic health records within the next ten years.[6] Currently, electronic medical record software and electronic health record systems provide a paperless approach to recording health care data.[7] However, the switch from paper to paperless is not complete, as some private practices continue to use a combination of paper-based and computerized records.[8]
Electronic health records were designed to streamline the process of health records review and transform the way health care providers access and evaluate patient information.[9] Electronic health records offer a digital platform that simplifies the delivery of medical review solutions, which allows health care providers to easily navigate through a patient’s entire medical history at their fingertips.[10] This accessibility is important, because it promotes efficient decision-making and enhances patient care, since health care providers are able to easily identify trends in a patient’s medical history.[11]
One of the most debatable benefits of electronic health records is their security. The United States government implemented the Health Insurance Portability and Accountability Act (HIPPA) Security Rule, which established national security standards to protect patients’ electronic personal health information.[12] This can be achieved through access control tools, such as passwords or PIN numbers, which limit access to electronic health records to authorized personnel.[13] Security of electronic health records can also be attained through encryption of the stored information, as well as an audit trail, which details who accessed the health records and any changes that were made and when.[14] The security aspect is the most debatable benefit, because it hinges entirely on technology, and the digital nature of electronic health records makes them vulnerable to data breaches and cyber-attacks.[15] Additionally, non-compliance with these security regulations can result in legal consequences for health care providers.[16]
In order to ensure electronic health records are secure, healthcare entities must invest in robust cybersecurity measures, conduct regular vulnerability assessments, and implement incident response protocols to minimize the risk of data breaches.[17] While this might seem like a small price to pay to ensure the security of a patient’s medical records, data breaches are inevitable and can happen at any level, regardless of the cyber security measures put in place. Further, there are more costs associated with electronic health records than just the security aspect.
The implementation and continuation of electronic health records is very costly and requires deep pockets.[18] For example, the computers within the practice must be able to support electronic medical record programs, which can be affected by the computer’s age and the location of the health care practice.[19] Thus, making the implementation of electronic medical record programs not only more difficult, but also more costly for rural or smaller practices.[20]
Even with the security and cost challenges associated with electronic health records, as of 2021 ninety-six percent of all non-federal acute care hospitals and nearly four in five office-based physicians have implemented a certified electronic health record system.[21] Electronic health records are beneficial because they streamline a patient’s care, allowing health care providers to easily access and record a patient’s medical history.[22] However, the security of these sensitive documents is imperative to not only the patient’s privacy, but HIPAA compliance for medical providers.[23] The legal consequences of failing to secure a patient’s electronic health records can include class-action lawsuits, regulatory penalties, and damage patient-provider relationships.[24] The move from paper to paperless in health care settings can improve the efficiency of retrieval and documentation of a patient’s medical records and care. However, security concerns and cost appear to be a barrier some health care providers cannot overcome.
Image Source: https://www.mosmedicalrecordreview.com/wp-content/uploads/2023/08/legal-issues-that-electronic-medical-records-can-create.webp
[1] Privacy, Security, and Electronic Health Records, U.S. Dep’t of Health & Hum. Servs.: Off. for C.R., https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/consumers/privacy-security-electronic-records.pdf (last accessed Apr. 3, 2024).
[2] Electronic Health Records: A Comprehensive History of EHR Systems, Net Health (Sept. 16, 2021), https://www.nethealth.com/blog/the-history-of-electronic-health-records-ehrs/.
[3] Id.
[4] Id.
[5] See id.
[6] Electronic Health Records: A Comprehensive History of EHR Systems, supra note 2.
[7] Id.
[8] Id.
[9] Rajeev Rajagopal, Legal Issues That Electronic Medical Records (EMR) Can Create, MOS Med. Rec. Revs. (Aug. 9, 2023), https://www.mosmedicalrecordreview.com/blog/legal-issues-that-emrs-can-create/#:~:text=Unauthorized%20access%20to%20patient%20records,and%20damaged%20patient%2Dprovider%20relationships.
[10] Id.
[11] Id.
[12] The Security Rule, U.S. Dep’t of Health & Hum. Servs., https://www.hhs.gov/hipaa/for-professionals/security/index.html#:~:text=The%20HIPAA%20Security%20Rule%20establishes,maintained%20by%20a%20covered%20entity. (last updated Oct. 20, 2022).
[13] Privacy, Security, and Electronic Health Records, supra note 1.
[14] Id.
[15] Rajagopal, supra note 9.
[16] See Privacy, Security, and Electronic Health Records, supra note 1.
[17] Rajagopal, supra note 9.
[18] See 6 Common Challenges in HER Implementation, Office Practicum, https://www.officepracticum.com/blog/6-common-challenges-in-ehr-implementation (last accessed Apr. 4, 2024).
[19] Id.
[20] See id.
[21] Id.
[22] See Rajagopal, supra note 9.
[23] Id.
[24] Id.