Electronic health record-related risk lowered if records safe, accessible

Published on: 

As an increasing number of physicians migrate to electronic health records to replace their paper charts, concerns have been growing about the possibility of information being wiped out or no longer accessible.

Key Points


Although these concerns are valid, the danger of losing records has been with us since humans first started saving them. Records regularly are destroyed by fire, flood, and theft. Other times, records simply are misfiled and then can't be found.

Many argue that a well-protected EHR system with multiple layers of backup, including backup at a second location, provides a greater level of security than stored paper records: if a primary hard drive burns in a fire, or if it simply crashes, then a backup system quickly should be able to restore all of the data, but if a paper record goes up in smoke, there simply is no plan B.


Maintaining the integrity of patient records-and access to the records-clearly is important. Failure to do so may lead to a lawsuit if a record is necessary for diagnostic or clinical purposes, is not available, and then injury ensues. As long as you have taken reasonable steps to ensure that records will be safeguarded and accessible, however, your risk of additional liability is small.

In a malpractice action, for example, the unavailability of a record may make it more difficult to defend a lawsuit; absent intent, however, it is unlikely to lead to a presumption that the record was "unavailable" because it contained incriminating evidence. By contrast, if a plaintiff can show that a record was intentionally destroyed or altered, then a jury may be instructed that it can make an adverse inference against the doctor that the record would not be missing but for the fact that it would support the plaintiff's theory of liability.

The intentional destruction or loss of evidence is called "spoliation of evidence." If a court finds that spoliation of evidence has occurred, then in addition to the jury charge, it may impose other punitive sanctions.

The security of data stored in electronic form will depend on the manner in which the data are maintained. Just as maintaining patient charts in a flood-prone basement increases the risk of loss, choosing an EHR system that does not include multiple levels of backup, including off-site backup, increases risk. Similarly, contract language that makes it clear that you own the patient record, and that the information must be transferred to you or your designee on termination of the contract, regardless of cause, will further ensure access to the records. No physician wants patient records held hostage to a dispute with a vendor, whether over fees, non-performance, or another reason.

The author is a principal in the healthcare law firm of Kern Augustine Conroy & Schoppmann, with offices in New Jersey, New York, and Pennsylvania and affiliates in Florida and Illinois. He also is an editorial consultant to Medical Economics. Malpractice Consult deals with questions about common professional liability issues and cannot offer specific legal advice. If you have a general question or an idea for a topic you would like to see covered here, send it to