(866) 350-8460 | Contact Us | FAQ

Home HIPPA – Legal Responsibility vs. Ethical Behavior

HIPPA – Legal Responsibility vs. Ethical Behavior

The transition from paper to electronic medical records continue to pose challenges for health service organizations. Electronic Medical Record (EMR) systems were introduced in 1972 and mandated by January 1, 2014 to assist service providers with a seamless transition. However, not all systems are effective or compliant posing legal risks. 

Prior to implementation we must consider that turning paper into electronic records is a manual process which increases the risk of human error, right?  As we know from experience the data that is extracted from a system is only as good as the information going in. So, the potential for inaccurate data input caused by human error is highly probable.   

The following 5 legal and ethical implications identify some of those challenges’ physicians face.

1. Risk for medical malpractice claims.  

According to the “2010 New England Journal of Medicine, 7.4% of physicians had a malpractice claim filed with 1.6% leading to a payout.  

In legal proceedings, EMRs produce detailed patient information, most of which is irrelevant to the trial; bearing no resemblance to what a physician was looking at when the clinical decision was made at the time of treatment. Whereas, traditional paper records produced can benefit the physician by introducing objective data pertaining directly to the case.  

Thus, when medical records are subpoenaed by the courts, the EMRs presented are a complete snapshot of the patient’s entire medical file, including time stamps, and the input of orders, which become discoverable in civil trials.

2. Likelihood of medical errors.

The dependence physicians, clinics, and hospitals have on an EMR system can benefit or sabotage the business.  This is due to many different CPOE (computerized physicians order entry) systems to choose from.  

Some of the bells and whistles EMR systems provide, such as clinical decision support, pop-up alerts, clinical prediction rules, or reminders for follow-up —all of which are intended to improve care delivery may influence a physician’s clinical decision-making.  Relying too heavily on these perks make it possible for a potential lawsuit.  A wrong click of the mouse can inevitably lead to an inaccurate prescription ordered, possibly causing harm to a patient.

3. Vulnerability to fraud claims.

The first work plan naming EMRs as targets for review was introduced by the Office of the Inspector Generalin 2012, which focused on practices and policies implemented to assist with Medicaid and Medicare vulnerabilities.  

Additional laws have been enacted to provide a safe harbor, such as the Stark Law which prohibits monetary or non-monetary exchanges for referrals and the Anti-kickback statute to assist physicians with the adoption Health Information Technology (HIT).

4. Breaches, theft and unauthorized access to protected health information. 

Health data breaches have been on the rise affecting 5.4 million in 2010 compared to approximately 2.4 million patients in 2009.  The Department of Health and Human Safety posts all data breaches affecting 500 or more individuals on a public website.  Theft was the most common cause of breaches affecting 500 or more individuals protected information in 2010, human error, loss of records, and intentional unauthorized access were also general causes of breaches.  

Hospitals need to have policies and procedures in place to minimize the potential of HIPAA violations, including training and investigations when a breach of a patient’s file has been identified.  IT departments are a huge component of regulating safety and security to protect the health organizations from such vulnerabilities.

5. Practical tips for healthcare leaders. 

Hospital leaders need to devote strategy, structure, and execution in EMR training to ensure physicians are well-informed with compliance and legal risks.  

Training one-on-one or in a private environment on clinical software needs to be enforced throughout hospital staff members, including physicians, to maintain an awareness of the legal impact EMR systems can impose.  

Compliance with HIPAA regulations:  Ethics and Excesses 

Physicians should work with risk managers and practice administrators to develop policies that promote good communication in patient care, while taking appropriate steps to protect patient privacy.  By adopting such an approach to HIPAA, physicians can abide by the regulations while maintaining high ethical standards and minimizing the impact of the new requirements on physician-patient relationships. 


HIPPA – Legal Responsibility vs. Ethical Behavior
Denise Calabrese

Denise Calabrese is a Certified Human Resources Specialist attained through Michigan State University. Driven by her passion for customer service and helping others, she currently works as a Human Resources Coordinator specializing in recruitment, employee relations, and case management.