Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems

65 Pages Posted: 21 Apr 2008 Last revised: 2 Jun 2013

See all articles by Sharona Hoffman

Sharona Hoffman

Case Western Reserve University School of Law

Andy Podgurski

Case Western Reserve University

Date Written: 2008


In the foreseeable future, it is likely that the familiar, paper-based patient medical files will become a thing of the past. On April 26, 2004, President George W. Bush announced a plan to ensure that all Americans' health records are computerized within ten years and to establish a National Health Information Network. Many advocates are enthusiastically promoting the adoption of health information technology (HIT) and electronic health record (EHR) systems as a means to improve U.S. health care.

EHR systems often not only serve as record-keeping systems, but also have multiple capabilities, including drug ordering, decision support, alerts concerning patient allergies and potential drug interactions, reminders concerning routine tests, and various treatment management and data analysis tools. Because these capabilities require sophisticated software, significant risks of software failure exist, which can lead to life-threatening medical errors. Thus far, scholars have not provided a comprehensive assessment of the benefits and risks of this complex technology and evaluated the need for careful regulatory oversight akin to that required, in principle, by the FDA for life-critical medical devices. This paper begins to fill that gap. It analyzes EHR systems from both legal and technical perspectives and focuses on how the law can be used as a tool to promote HIT. It is the first law journal article to provide an extensive proposal for regulations to maximize the technology's benefits and reliability.

We argue that the advantages of EHR systems will outweigh their risks only if these systems are developed and maintained with rigorous adherence to best software engineering and medical informatics practices. To ensure that these goals are achieved, regulatory intervention is needed. The paper carefully delineates recommendations that address the questions of who should regulate EHR systems and how they should be regulated, including their approval and continual monitoring. It also proposes requirements for several significant features, including decision support mechanisms, audit trails, and interoperability. Because EHR systems are safety-critical, the public's health and welfare will depend upon their effective oversight.

Keywords: Electronic health record, National Health Information Network, medical files, health information technology, computerized physician order entry systems, health care, medical record, patient privacy, HIPAA, evidence-based medicine, medical software, FDA, clinical practice guidelines

JEL Classification: K23, K32

Suggested Citation

Hoffman, Sharona and Podgurski, Andy, Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems (2008). Case Legal Studies Research Paper No. 08-13, Harvard Journal of Law and Technology, Vol. 22, No. 1, 2008, Available at SSRN:

Sharona Hoffman (Contact Author)

Case Western Reserve University School of Law ( email )

11075 East Boulevard
Cleveland, OH 44106-7148
United States
216-368-3860 (Phone)


Andy Podgurski

Case Western Reserve University ( email )

10900 Euclid Ave.
Cleveland, OH 44106
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics