An internet television program that explores the intersection of medicine and the law.

Risk Management advice for Physicians for Maintaining HIPAA Confidentiality within their EMR system

By John Degnan to EMR/EHR


In this episode, Healthcare Matters interviews ALL MD attorney John Degnan on how the move from paper to electronic medical records (EMRs) has affected the best practices for entering data into a patient’s chart, how he would advise EMR companies improve their product as its relates to medical liability defense, how plaintiff’s counsel can exploit an EMR’s audit and access log in a malpractice trial as well as risk management tips for maintaining HIPAA confidentiality in regard to EMRs.

Degnan is a shareholder at BRIGGS & MORGAN. He practices law in Minnesota, representing clients in business disputes, as well as members of the legal and medical communities in professional matters.

Degnan is a charter member of the Association of Liability Lawyers in Medical Defense (ALL MD), a nationwide organization that connects healthcare providers with attorneys who specialize in medical malpractice defense.

Question 4 of 5

Interview was recorded September 4, 2015


Mike Matray: Hi, and welcome to Healthcare Matters where the medical and legal communities come together to discuss healthcare matters. Today’s guest is John Degnan.

Welcome to Healthcare Matters, John.

John Degnan: Thank you. I’m happy to be here.

Mike: HIPAA data breaches are emerging as one of the largest systemic risks for a hospital or a large group in the modern healthcare delivery system. What risk management advice would you give physician clients for maintaining HIPAA confidentiality within their EMR system?

John: I think overall the medical providers do a good job. In many ways it’s probably as secure or more secure than the old paper records. But there are certain steps that can be taken. Particularly though, I think there’s a tension obviously with the provider always trying to protect the confidentiality and yet looking for ways to improve accessibility, particularly later on as we indicated. If you want to show later on exactly what the physician was looking at, at the time it’s important to have a system so that one can look at the computer again and see exactly what the physician saw at the time.

I think there are ways to do it but they have to pay particular attention to it, putting it together upfront when they’re putting the records system in place.