Abstract: In the foreseeable future, it is likely that the familiar, paper-based patient medical files will become a thing of the past. On April 26, 2004, President George W. Bush announced a plan to ensure that all Americans’ health records are computerized within ten years and to establish a National Health Information Network. Many advocates are enthusiastically promoting the adoption of health information technology and electronic health record systems as a means to improve U.S. health care.
EHR systems often not only serve as record-keeping systems, but also have multiple capabilities, including drug ordering, decision support, alerts concerning patient allergies and potential drug interactions, reminders concerning routine tests, and various treatment management and data analysis tools. Because these capabilities require sophisticated software, significant risks of software failure exist, which can lead to life-threatening medical errors. Thus far, scholars have not provided a comprehensive assessment of the benefits and risks of this complex technology and evaluated the need for careful regulatory oversight akin to that required, in principle, by the FDA for life-critical medical devices. This paper begins to fill that gap. It analyzes EHR systems from both legal and technical perspectives and focuses on how the law can be used as a tool to promote HIT. It is the first law journal article to provide an extensive proposal for regulations to maximize the technology’s benefits and reliability.
We argue that the advantages of EHR systems will outweigh their risks only if these systems are developed and maintained with rigorous adherence to best software engineering and medical informatics practices. To ensure that these goals are achieved, regulatory intervention is needed. The paper carefully delineates recommendations that address the questions of who should regulate EHR systems and how they should be regulated, including their approval and continual monitoring. It also proposes requirements for several significant features, including decision support mechanisms, audit trails, and interoperability. Because EHR systems are safety-critical, the public’s health and welfare will depend upon their effective oversight.