Legal Challenges in Using and Integrating Laboratory Data in EHRs

By Rick Chung, JD and Matthew Palatnik

Editor’s note: This post is the first in a two-part article installment. The conclusion of the article will be posted Monday, June 3.


In January 2009 President Barack Obama spoke on the need for action on the American Recovery and Reinvestment Plan. “To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that, within five years, all of America’s medical records are computerized. This will cut waste, eliminate red tape, and reduce the need to repeat expensive medical tests. But it just won’t save billions of dollars and thousands of jobs, it will save lives by reducing the deadly but preventable medical errors that pervade our health care system,” he said.1

Physicians have started to transition away from the manual “paper and pen” process of managing records towards integrating technology solutions into their practices. Indeed, health information technology (health IT) tools provide an efficient means of communicating and storing health records. The integration and use of laboratory data in electronic health record (EHR) systems clearly advances the overall goals of providing a comprehensive, effective, and efficient management of patient care.

Such integration and use, however, raises several legal concerns which should be addressed. This article provides a general overview of EHRs, describes the goals of EHRs and how integrating and using laboratory data addresses such goals, and discusses the unique legal challenges that arise when integrating and using laboratory data in EHRs.


The Emergence of EHRs

The Healthcare Information and Management Systems Society (HIMSS), a non-profit organization focused on the advancement of health information technologies, defines an EHR as “a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. . . . EHR automates and streamlines the clinician’s workflow [and] has the ability to generate a complete record of a clinical patient encounter – as well as supporting other care-related activities directly or indirectly via interface – including evidence-based decision support, quality management, and outcomes reporting.”2

Simply put, EHRs are platforms that electronically store a patient’s medical history and reproduce that information in a report for immediate access by a physician.


Progress In Recognizing EHRs

In 2009, as part of the American Recovery and Reinvestment Act (ARRA), President Obama signed into law the Health Information Technology and Clinical Health (HITECH) Act. The HITECH Act amended the Public Health Service Act (PHSA) and created “Title XXX – Health Information Technology and Quality” (Title XXX). Title XXX was created “to improve health care quality, safety, and efficiency through the promotion of health information technology (HIT) and electronic health information exchange.”3 HITECH’s goal is to spur technologies capable of providing immediate access to computer-based clinical data and, in turn, help increase physician effectiveness.4

Electronic health IT maintains data confidentiality, integrates with other systems to share patient information, and performs routine functions safely and efficiently.5 In order for data to be safely stored and shared within an integrated delivery system, the HIT Standards Committee recommended “standards, implementation specifications, and certification criteria” to be adopted by the Secretary of the US Department of Health and Human Services (HHS) that adheres to the Federal Health IT Strategic Plan.6


EHR Laboratory Data Integration and Legal Challenges

In May 2003, the Institution of Medicine of the National Academies (IOM) created the letter report, entitled “Key Capabilities of an Electronic Health Record System,” which identified eight core EHR functional goals. Integrating and using laboratory data in EHRs fulfills each of these functional goals, and advances the overall goals of patient safety, improved healthcare delivery, coordinated care management, and enhanced collaboration.

Although integration and use of laboratory data in EHRs clearly has benefits, it also poses unique legal challenges. Providers and users of EHRs need to address these challenges to ensure the safe and proper use of EHRs in the management of patient care.


Health Information and Data

At their core, EHRs allow healthcare professionals the ability to quickly organize and share health information to facilitate sound medical decisions. Laboratory data is integral to providing proper patient diagnosis and treatment since laboratory test results influence 60-70 percent of patient care decisions.7 Moreover, “the capability to display previous laboratory test results can significantly reduce the number of redundant tests ordered, not only saving money, but also preventing the patient from undergoing unnecessary tests.”8

Nevertheless, this abundance of information may cause confusion and biases. EHRs can adversely affect clinical care by providing users with too much information, thereby diffusing the importance of essential information and over-emphasizing pieces of less important information.9 Thus, laboratory data may be over- or under-emphasized in importance relative to other pieces of data (i.e., prescription data).

Because of the density of information being displayed on the screens of EHRs, the presentation of data (color combinations, screen positions, text size) becomes incredibly important in preventing clinical biases and clouding of professional judgment.10


Results Management

Integration and use of laboratory data in EHRs can allow its users to quickly and easily link diagnostic information gathered from varied sources and platforms, and provide for quicker recognition of medical problems.11 However, most physicians and healthcare organizations use several laboratories in the treatment of an individual patient (i.e., regional laboratories, national laboratories, specialty laboratories, and hospital laboratories). Some laboratories lack the technical ability or acumen to convert and/or integrate existing laboratory data electronically into an EHR. This poses a legal and operational issue for users of EHRs.

Physicians and healthcare organizations may be forced to maintain two separate compliance frameworks depending on the source of the provided laboratory data—for example, a data set for a patient sourced from one laboratory could be considered “electronic protected health information” (ePHI) subject to the strict security standards for protecting ePHI under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).12 However, another data set for the same patient sourced from a different laboratory using manual laboratory ordering/resulting could be treated and maintained under a lesser security standard. This lack of parity in the treatment of laboratory data can lead to operational confusion and compliance concerns within the physician practice and healthcare organization.


Order Entry/Order Management

Managing laboratory orders and test results in an EHR improves workflow processes by:

  • (i) eliminating lost orders
  • (ii) clarifying ambiguities in handwritten orders
  • (iii) generating regular laboratory orders automatically for conditions requiring regular testing (i.e., Hemoglobin A1c)
  • (iv) monitoring for duplicate orders
  • (v) reducing the time to fill orders13


Administering laboratory orders electronically, however, can lead to increased fraud and improper transfer of clinical judgment. Although issuance of electronic laboratory orders (and requisitions) is convenient, such issuance can be prone to fraud since digital signatures of physicians can easily be forged, and a single laboratory order contained in an electronic file can be printed multiple times in duplicate.

Moreover, although an EHR can automatically administer the issuance of laboratory orders pursuant to a regular schedule, once the schedule is established physicians and healthcare organizations are less likely to change the schedule—even if a change in the environment or setting of a patient (i.e., environmental calamity, psychological trauma) dictates a different testing schedule. Thus, over-reliance on pre-constructed EHR protocols can threaten professional duties of conduct.


  1. President Barack Obama. “President-elect speaks on the need for urgent action on an American Recovery and Reinvestment Plan.” January 8, 2009. (last visited August 6, 2012).
  2. Health Information and Management Systems Society. Topics and Tools: Electronic Health Record. 2012.
  3. 75 Fed. Reg. 36158, 36159 (Jun. 24, 2010).
  4. Institute of Medicine. Key Capabilities of an Electronic Health Record System: Letter Report. Washington, D.C.: The National Academies Press, 2003.
  5. The Office of the National Coordinator for Health Information Technology. Regulations and Guidance: Standards & Certification Criteria Final Rule. March 2011.
  6. 75 Fed. Reg. 36158, 36159 (Jun. 24, 2010).
  7. Centers for Disease Control and Prevention. Division of Laboratory Systems: Best Practices. November 2008.
  8. Institute of Medicine. Key Capabilities of an Electronic Health Record System: Letter Report. Washington D.C.: The National Academies Press, 2003.
  9. Goldstein, M.K. et al. Patient Safety in Guideline-Based Decision Support for Hypertension Management: ATHENA DSS. JAMIA, 2002. 9(Nov-Dec suppl):S11-16.
  10. HIMSS EHR Usability Task Force. Defining and Testing EMR Usability: Principles and Proposed Methods of EMR Usability Evaluation and Rating. June 2009.
  11. 45 CFR §§ 164.300 et seq.
  12. Bates, D. W. and Gawande, A. A.. 2003. Improving Safety With Information Technology. New England Journal of Medicine. 348 (25):2526-34).
  13. Lepage, E. F. et al. Improving Blood Transfusion Practice: Role of a Computerized Hospital Information System. Transfusion (Paris) 32 (3):253-9. 1992. Mekhjian, H. S. et al. Immediate Benefits Realized Following Implementation of Physician Order Entry at an Academic Medical Center. Journal of the American Medical Informatics Association. 9 (5):529-39. 2002. Sittig, D. F., and W. W. Stead. 1994. Computer-Based Physician Order Entry: the State of the Art. Journal of the American Medical Informatics Association. 1 (2):108-23).


Rick Chung, JD ( is general counsel and chief compliance officer, and Matthew Palatnik is associate legal analyst at Medivo.

1 Comment

  1. Can a Lab Tech place orders in the EMR if called to add orders to specimen already obtained?

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This

Share This

Share this post with your friends!