Law, Regulation, and Software Licensing for the Electronic Medical Record
Successful health care delivery depends upon the availability of accurate medical records at the point of care. Increasingly, patient records are computerized to create electronic medical records (EMR). This trend raises important issues concerning record security and safety. The session will assess recent regulations that address EMR security, present a proposal for further EMR regulation to enhance their safety, and analyze software licensing practices underlying the market for EMR software.
The three panelists discussing these topics are: Professor Sharona Hoffman, Professor of Law and Bioethics at Case Western Reserve University School of Law; Professor Andy Podgurski, Associate Professor, Electrical Engineering & Computer Science Department, Case Western Reserve University; and Professor Greg Vetter, Assistant Professor of Law, University of Houston Law Center.
In April 2004, President Bush announced a plan to ensure that all Americansâ health records are computerized within ten years and to establish a National Health Information Network. Many advocates are enthusiastically promoting the adoption of electronic medical record (EMR) systems as a means to improve U.S. health care. EMR systems often not only serve as record-keeping systems, but also have multiple capabilities, including drug ordering, decision support, alerts concerning patient allergies and potential drug interactions, reminders concerning routine tests, and various treatment management and data analysis tools. Thus, automating electronic health information can lead to more effective clinical care by providers and to better functioning of the health care system as a whole.
This panel will explore a variety of critical questions that have emerged with increased automation and will analyze them from technical and legal perspectives. Specifically, we will focus on legal requirements for the security of EMR systems, on whether these systems should be further regulated by the federal government to enhance their safety, and on analysis of software licensing practices underlying the market for EMR systems.
Health care providers use EMR software to manage and implement care. Concerns about computer security led to the enactment of the HIPAA Security Rule. This set of federal regulations requires health care providers to implement data security measures. The panel will present an overview and critique of the Security Rule, which aims to improve the regulatory regime.
While data security is a policy concern for EMR software and electronic health information systems, safety is an even greater concern. EMR software brings new capabilities that were not possible with a paper-based medical record. Many of these capabilities require sophisticated software which in turn generates significant risks of software failure and life-threatening medical errors. These risks suggest a basis for greater regulation of EMR software. Regulations should govern the approval and monitoring of EMR systems and should require particular capabilities such as an appropriate foundation for EMR systems interoperability to achieve data sharing among providers and mechanisms to enhance clinical outcome research through EMRs. The panel will explore various proposals for EMR regulation.
Despite cost, administrative burdens, and other barriers to adoption, many providers, particularly institutions, have implemented EMR software. Thus, the EMR software market is growing, but not fast enough to satisfy some policy goals. And the growth may be without sufficient interoperability to obtain the efficiencies inherent in information technology. These influences have led some to call for greater use of free and open source software (FOSS) in the EMR market to help speed adoption and facilitate interoperability. While FOSS platform technologies, such as the GNU/Linux operating system, will undoubtedly spur FOSS in electronic health information, prospects in the EMR market itself look less promising. The panel will discuss reasons why the EMR software market may structurally disfavor FOSS approaches to peer-production of this class of software product and discuss why FOSS layers may, conversely, be the best approach for EMR interoperability.