Physician Liability and EHR Security

Physician on Computer Since many physicians have just finished transitioning successfully from old-fashioned paper to electronic healthcare records in their offices, a lot of them now think that their concerns over patient privacy and security have been addressed and that their physician liability has been reduced. They are wrong. EHR security and physician liability due to security breaches should be ongoing concerns for all physicians. A recent post detailing HIPAA, privacy laws and medical data security explains how keeping data safe is ongoing work.

The article suggests several things that physicians can do to reduce their physician liability. First, it recommends having a web-based EHR. That way, if a computer or laptop is lost or stolen, patient data won’t be lost or stolen along with it and physician liability is greatly reduced. Second, it suggests having a dedicated person in the practice who is the “security officer” and conducts audits of the system. Next, it suggests identifying any areas where protected health information is additionally located –even if you have a web-based system, often there are still downloaded documents and reports on computers, etc. Fourth, regularly review the EHR Access Logs to identify any suspicious activity –don’t assume that no news is good news. Fifth, educate all staff members about HIPAA privacy and the importance of data security and reducing liability. Finally, get data breach insurance if your physician liability policy doesn’t cover such an event. Many physicians don’t know if their physician liability insurance policy would cover a medical data breach. We highly recommend calling your agent and finding out before you find yourself in such a situation. offers data breach insurance. If you’d like more information about this kind of insurance and how it can reduce your physician liability (and the peace of mind that it can bring) contact us today.

This entry was posted in Risk Management on by .