Physicians should always consider how patients will react to seeing their own medical records. In the following case, sensitive information was prominently displayed in each office visit note in the printed out records. This issue became particularly upsetting to the patient when her records were released to her employer’s workers’ compensation carrier.
Allegation
The template default settings caused false drug addiction information to automatically carry forward to all of the patient’s office visit reports.
Case File
In 2009, an OB/GYN examined an established patient for a urinary tract infection (UTI). His office had recently added new office visit templates to the EHR system. In addition to documentation of the UTI symptoms and treatment plan, in the social history field the FP noted “narcotics addiction.” He recalled that the patient exhibited drug-seeking behavior in the past. He did not discuss the issue with the patient, but believed that the information could be useful if future treatment plans included pain management.
For the next five years, the patient saw the OB/GYN for annual exams and various general health issues. At each visit, the EHR automatically carried forward various aspects of the patient’s record, including the social history entry. In 2014, the patient filed a workers’ compensation claim. Her treatment records from the OB/GYN were released to the workers’ compensation carrier. “Narcotics addiction” appeared on every office visit note. The patient believed her benefits were denied based on the insurer’s assumption that her work-related symptoms were caused by an addiction to narcotics. The patient sued the OB/GYN for defamation.
Discussion
Defense experts believed there was no valid reason for identifying an unsubstantiated past narcotics addiction in the patient’s record for UTI treatment. The patient’s medical record had no other documentation regarding addiction, the patient denied ever having been diagnosed with a drug addiction, and no addiction records from other treating physicians were discovered. The defamation case against the OB/GYN was ultimately settled.
Risk Management Recommendations
More Information About Optimizing Your EHR to Manage Risks
- Optimize Your EHR to Manage Risks: Case Studies and Best Practices
- Issues with Identical and Default Text When Using EHR Efficiency Tools
- Pasted and Template Text In an EHR Leads to Problematic Medical Records
- Uncorrected Default Text in an EHR Leads to Defamation Suit
- EHR Integration Problems Contribute to Delayed Diagnosis of Lung Cancer
- The Problem with EHR Workarounds
- Identify and Remedy EHR Liability Risk Issues: Risk Management Strategies
- EHR Best Practices — Lessons Learned in Litigation
- Parental Access to Adolescent Patient Portals
- Solutions to Reduce EHR Burdens and Decrease Physician Burnout
Consider the following recommendations:
Using Your EHR System: Recommendations for Physicians
- Explore the technical elements of an EHR system to the extent necessary to understand the consequences of data entry and template choices.
- Consider how sensitive information will appear in the patient record.
- Know how to enter patient information that is protected by more restrictive privacy regulations (e.g., mental health, sexually transmitted disease treatment, genetic information, etc.).
- Ensure that sensitive information is entered in a way that it can easily be withheld in the event of a medical record release to a third party.
Managing Your EHR System: Recommendations for Administrators
- Ensure that the EHR system can separate and withhold privileged, protected or irrelevant information when appropriate in response to record release requests.
- Educate EHR users about medical information with heightened privacy protections and where it should be entered into the EHR so it can be appropriately protected.
- Ensure that individuals tasked with releasing patient records have a clear understanding of what should and should not be released in response to a record release request.
- Double check records before they are released and confirm that they do not include privileged or irrelevant information.