Regulation of Medicine


Know the Benefits and Risks of Electronic Health Records

Executive Summary 

Electronic Health Records (EHRs) provide benefits to your practice, allowing providers to obtain a more complete record for a patient by simplifying record-sharing. However, to minimize potential liability, it’s also important to be aware of the risks associated with using EHRs.  

Recommended Actions 
  • After implementing a new EHR system, thoroughly review patient records to make sure all records and information they contain have transferred successfully.  
  • Consider your existing cybersecurity system and confirm that the EHR system can be properly integrated without creating vulnerabilities. 
  • Ensure that your use of EHR complies with all regulatory laws -- HIPAA, the HITECH Act and any medical record documentation requirements.  

Electronic Health Records (EHRs) are intended to make the lives of healthcare providers easier while improving the quality of patient care. In addition to automating and streamlining workflow processes, EHRs make it possible to instantly and securely share patient records with other authorized healthcare providers, offering a broader, more inclusive view of a patient’s medical history. And, of course, EHRs help eliminate the potential for medical errors that result from poor penmanship.  

As beneficial as EHRs are, however, they’re not without risks. In fact, evidence suggests that EHRs are an increasing factor in medical malpractice complaints. Here are some tips to help you make the most of your EHR system and avoid potential liability.  

Design Your System to Work the Way You Need It To 

If you use a system that’s non-intuitive, cumbersome or otherwise not quite right for your organization, you may be tempted to develop workarounds that could compromise the accuracy of records and your patients’ safety. Work with your system vendor and your staff to configure a solution that fits your needs. For example: 

  • Include free text space for notes and clarifications 
  • Pair consent forms with procedure templates 
  • Add voice recognition or dictation features 
  • Integrate labs and imaging providers 

A few small changes can make a big difference, helping you increase efficiency while reducing frustration and user error. 

Once you’ve developed your best system, allow ample time to transition to it. You’ll want to confirm that all patient records are transferred over completely and accurately, so your process should include a thorough review and comparison of the original files against the new records. In addition, you’ll need to ensure that all staff members are fully trained and comfortable with the new system. While it may require a bit more effort, implementing an EHR system correctly from the start can help you avoid issues later. 

Take Steps to Prevent User Error 

EHRs are only as good as the people who maintain them. Instill good habits in yourself and your staff and don’t take unnecessary shortcuts. If your system contains drop-down menus, always double-check your selections. Some menus include extensive options, and many are quite similar to each other (for example, the same medication in all its various forms). Taking time to make sure you’ve chosen the right one will help you reduce mistakes. Also, while it may be tempting, avoid copying and pasting or auto-filling patient notes. Every patient and every examination are unique, and it’s important that your notes reflect that. 

Customize Alerts – And Pay Attention to Them 

Alerts are an important part of EHR systems because they make you aware of potential problems. Maybe there’s a dangerous drug interaction you need to know about or the lab tests you ordered for a patient didn’t come back when expected. Or perhaps there’s a more immediate danger, like your patient developing risk for sepsis. EHR system alerts remind you or warn you about issues pertaining to your patient’s health, so it’s important to pay attention to them. 

Of course, when there are too many alerts, it’s easy to become desensitized and ignore them. One possible solution is to configure your EHR system so you receive alerts only for critical elements of patient care. Some organizations have color-coded their alerts by urgency, while others have had success setting up the alerts by job role so each person in the practice sees only those alerts that pertain to them. Talk to your EHR system vendor about what you need and don’t need. It may take some adjusting to find the right solution.  

Enact Appropriate Security Protocols 

Considering the confidential information in EHRs, the system that houses them needs to be secure. Features such as firewalls, encryption and restricted access are essential, as are good cybersecurity habits, including locking computers when not in use and keeping passwords private. Train your staff on appropriate security measures, and conduct regular refresher courses. These sessions also offer an opportunity for your staff to bring up issues with your EHR system that you may need to address. 

While EHR systems can be a source of frustration, they’re part of the reality of healthcare today. Measures like these can help you maximize their potential, resulting in improved workflows, reduced liability exposures and enhanced patient care.  

Lessons Learned 
  • Conduct training for clinicians regarding cybersecurity concerns and how to navigate your EHR’s alert system prior to go-live. 
  • Before making your choice, consult with other physicians (ideally at least two others in different practices) who have implemented the EHR system you’re considering. 
  • Ensure that you’re using a HIPAA-compliant EHR system and make certain that all third-party plug-ins are also HIPAA-compliant.  
Potential Damages 

Since improper use of EHR can end in both medical malpractice suits and regulatory violations, there’s a greater potential for a more severe claim. 


1. Improper medical record documentation is a potential risk associated with using EHRs.
2. I should avoid copying and pasting or auto-filling patient notes when using my EHR system.
3. Regular training sessions are necessary to avoid cybersecurity breaches with my EHR system.


Want to learn more?

Interested in how MagMutual can help?

View our products


The information provided in this resource does not constitute legal, medical or any other professional advice, nor does it establish a standard of care. This resource has been created as an aid to you in your practice. The ultimate decision on how to use the information provided rests solely with you, the PolicyOwner.