65 Pages Posted: 21 Apr 2008 Last revised: 2 Jun 2013
Date Written: 2008
In the foreseeable future, it is likely that the familiar, paper-based patient medical files will become a thing of the past. On April 26, 2004, President George W. Bush announced a plan to ensure that all Americans' health records are computerized within ten years and to establish a National Health Information Network. Many advocates are enthusiastically promoting the adoption of health information technology (HIT) and electronic health record (EHR) systems as a means to improve U.S. health care.
EHR systems often not only serve as record-keeping systems, but also have multiple capabilities, including drug ordering, decision support, alerts concerning patient allergies and potential drug interactions, reminders concerning routine tests, and various treatment management and data analysis tools. Because these capabilities require sophisticated software, significant risks of software failure exist, which can lead to life-threatening medical errors. Thus far, scholars have not provided a comprehensive assessment of the benefits and risks of this complex technology and evaluated the need for careful regulatory oversight akin to that required, in principle, by the FDA for life-critical medical devices. This paper begins to fill that gap. It analyzes EHR systems from both legal and technical perspectives and focuses on how the law can be used as a tool to promote HIT. It is the first law journal article to provide an extensive proposal for regulations to maximize the technology's benefits and reliability.
We argue that the advantages of EHR systems will outweigh their risks only if these systems are developed and maintained with rigorous adherence to best software engineering and medical informatics practices. To ensure that these goals are achieved, regulatory intervention is needed. The paper carefully delineates recommendations that address the questions of who should regulate EHR systems and how they should be regulated, including their approval and continual monitoring. It also proposes requirements for several significant features, including decision support mechanisms, audit trails, and interoperability. Because EHR systems are safety-critical, the public's health and welfare will depend upon their effective oversight.
Keywords: Electronic health record, National Health Information Network, medical files, health information technology, computerized physician order entry systems, health care, medical record, patient privacy, HIPAA, evidence-based medicine, medical software, FDA, clinical practice guidelines
JEL Classification: K23, K32
Suggested Citation: Suggested Citation
Hoffman, Sharona and Podgurski, Andy, Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems (2008). Case Legal Studies Research Paper No. 08-13; Harvard Journal of Law and Technology, Vol. 22, No. 1, 2008. Available at SSRN: https://ssrn.com/abstract=1122426