Electronic information is increasingly becoming a crucial aspect of health care in the United
States. Electronic information strategically supports healthcare delivery, diagnosis, maintenance, and health information storage and warehousing.
From a health information perspective, electronic medical records (“EMR”) are no longer the hoped for dream of providers, but is rapidly becoming standard industry practice.
With any quickly changing aspect of the health care industry, legal risks arise. Sometimes the laws are outdated, but still apply and cause complications. Other times the laws are hastily written to try and quickly “solve a problem” or “plug a legal hole,” and the law gets a little ahead of the industry.
Meade & Roach LLP attorneys assist clients with a host of E-Health related issues:
State E-Health Regulations -- States are increasingly injecting themselves into the electronic exchange of health information and transmitting health care information and advice electronically. The states vary in their requirements and legislation.
HIPAA Security -- These new regulations require a host of security measures for all electronic health information. A vast percentage of providers are not ready for the regulations and they are in danger of developing non-compliant EMR systems if they are not cognizant of the HIPAA Security Rule.
HIPAA Privacy -- The HIPAA Privacy Rule controls who can use or disclose health information, including shared record systems. If an EMR system is part of a cooperative venture or shared electronic warehouse, there may be limits on what can or cannot be done with the health information. Before a provider begins participating in an electronic medical records warehouse -- or pays to help set up a shared electronic warehouse, they should understand the legal limits of the use of the shared information.
What Laws Control an EMR? -- If the data of an EMR system is physically housed outside the state the provider practices in, then they may need to look to laws outside their state for regulatory compliance of the EMR. Most states will have jurisdiction over any health information that resides within the state borders -- the physical location of the patient is often not relevant. If a provider is using a vendor to set up an EMR and the vendor houses the data out-of-state, then the provider should know what questions to ask the vendor and what contractual obligations that should be in the service agreement to ensure the provider is not caught in the regulatory traps of other states. If the data is housed in another country, then that other country's laws may limit the use of the data. Providers should understand these risks and limitations when choosing an EMR vendor.
EMR and Risk Management: The Double-edged Sword of Audit Trails -- What kind of audit trails an EMR system has can be both an important tool in regulatory compliance and monitoring quality of patient care, but it is also a malpractice roadmap for plaintiffs lawyers.
