Legal Challenges in Using and Integrating Laboratory Data in EHRs (cont.)

By Rick Chung, JD and Matthew Palatnik

Editor’s note: This post is the second in a two-part article installment. The first installment of the article was posted Saturday, June 1.


Although integration and use of laboratory data in EHRs clearly has benefits, it also poses unique legal challenges. Providers and users of EHRs need to address these challenges to ensure the safe and proper use of EHRs in the management of patient care.


Decision Support

Integrating and using laboratory data in EHRs allows physicians and healthcare organizations to assess the “full picture” of a patient’s condition, and allows decision support tools like treatment cues, contraindication alerts, and testing triggers in EHRs to work optimally.14 However, “decision support systems are in constant need of ‘supervision’ to determine whether their suggestions fit a given case.”15 The decision support tools implemented within EHRs are grounded upon general medical protocols. Some of these protocols are ingrained in the functionality of the EHR without the ability to customize for appropriate specialties or environments. EHR tools may be afforded too much deference in clinical diagnosis and usurp the overall professional duty of care required by a physician or healthcare organization.


Electronic Communication and Connectivity

EHRs allow healthcare professionals to effectively collaborate with each other and their patients (i.e., exchange of laboratory data), leading to significant improvements in patient care and public health surveillance.16 Proper communication of laboratory data to patients, however, requires safe and secure patient tools and active physician involvement. Though most EHRs implement proper security controls for “internal users” within a healthcare organization, EHRs must also implement the same security controls for “external users” such as patients who interact with the EHRs through patient portals.

Strict security standards under HIPAA, including proper authentication, data integrity, and encryption, must be implemented for both patient users as well as workers within healthcare organizations.17 Moreover, providing patients access to laboratory data through EHRs undoubtedly facilitates patient empowerment. However, laboratory test results are difficult to understand; merely presenting laboratory test results to patients in the form of a “CLIA test report” may not be sufficient. Accordingly, physicians and healthcare organizations should use EHRs as a tool to supplement patient communication—not as the sole solution to communicate patient diagnosis.


Patient Support

EHRs provide an opportunity to deliver patient education quickly and securely to broad populations.18 According to an article that appeared in The Journal of Family Practice, “In a 1997 study of 22 clinical trials, interactive educational interventions showed positive results for several major clinical applications, the most frequently targeted of these being diabetes.”19 Healthcare organizations, however, should be mindful of restrictions imposed on the distribution and publication of independently-created patient education materials under US copyright laws.20


Administrative Processes

EHRs with electronic scheduling systems can significantly improve patient convenience and access to laboratory testing by providing patients with greater control over scheduling their own specimen draws. Patient self-appointment scheduling, however, also presents legal challenges. Without proper physician oversight, laboratory technicians and phlebotomists may lack the proper professional experience to guide a patient on proper fasting and water consumption protocols prior to the specimen draw.


Reporting and Population Health Management

Physicians routinely report key quality measures as part of quality initiative programs (i.e., NCQA Recognition Programs, Bridges to Excellence). Collecting such measures without EHRs is a labor-intensive and time-consuming process involving extraction of data from a multitude of paper records.21 Integration and use of laboratory data in EHRs reduces the burden of collecting data at the provider level, as well as the associated costs, and increases the accuracy of the data reported.22 Moreover, integration and use of laboratory data in EHRs allows physicians and healthcare organizations to track patient improvements or regressions in care within patient populations.23

HIPAA places strict restrictions on the use and disclosure of protected health information, so physicians and healthcare organizations should be mindful that their intended use of such data within EHRs does not violate any applicable privacy or security laws.24 Creation of aggregate data reports from EHRs may be permitted under HIPAA without the authorization of a patient if they are used for “population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives[.]”25



Laboratory medicine heavily influences the quality and cost of healthcare. The US performs more than a billion laboratory tests each year.26 Laboratory test results influence 60-70 percent of patient care decisions.27 Accordingly, laboratory testing and the handling of patient information play a critical role in the diagnosis, treatment, and quality of care of patients. The integration of laboratory test data into EHRs advances the important goals of ensuring safe, secure, and efficient patient care for all.

As stated by the CDC, “practices that reduce laboratory-related error rates or optimize use of laboratory testing can have a substantial effect on patient safety, clinical decision making about treatments and interventions, health outcomes, and costs.”28 Despite these laudable goals and benefits, EHR providers and users should ensure that legal issues surrounding the integration and use of laboratory data in EHRs are addressed.

With over 830,000 active physicians practicing in the US as of 2009, technological advancements in health care play a critical role in improving the quality, safety, and efficiency of patient care.29 So long as legal concerns are properly addressed, integrating and using laboratory data in EHRs can play a critical role in ensuring patients are provided comprehensive and accessible health care.

“We need a better way to share information. We need a better system so that physicians have at their fingertips all the information they need to do their job[.] . . . Information, in the hands of the right people, at the right time, drives quality and value. We need to empower patients and healthcare providers to make the right choices. And to do that, healthcare decision-makers—providers, payers, and patients—need to have access to the right information, where and when it is needed, securely and privately.”30

Senator Hillary Rodham Clinton



14.    Hunt, D.L. et al. “Effects of computer-based clinical decision support systems on physician performance and patient outcome: a systematic review.” The Journal of the American Medical Association. 280:1339-1346.1998.

15.    Ash, J.S. et al. “Some Unintended Consequences of Information Technology in Health Care: The Nature of Patient Care Information System-related Errors.” The Journal of the American Medical Informatics Association. 2004;11:104–112 (citing Goldstein, M.K. et al. Patient Safety in Guideline-Based Decision Support for Hypertension Management: ATHENA DSS. JAMIA, 2002. 9(Nov-Dec suppl):S11-16).

16.    Institute of Medicine. Key Capabilities of an Electronic Health Record System: Letter Report. Washington D.C.: The National Academies Press, 2003.

17.    45 CFR §§ 164.301 et seq.

18.    Ibid Institute of Medicine.

19.    Ibid.

20.    17 U.S.C §§ 101 et seq.

21.    Ibid IOM.

22.    Ibid.

23.    Hoey, P. et al. Computerized Provider Order Entry. The Pharmacy Informatics Primer 1, 6 and 10. 2009.

24.    Young, M. Management Issues, in The Pharmacy Informatics Primer 221, 228.2009.

25.    45 CFR § 164.501

26.    Centers for Disease Control and Prevention. Laboratory Quality Assurance and Standardization Programs. April 2012.

27.    Centers for Disease Control and Prevention. Division of Laboratory Systems: Best Practices. November 2008.

28.    Ibid.

29.    US Census Bureau. The 2012 Statistical Abstract: Health Care Resources – Active Physicians and Nurses By State. September 2011.

30.  Commission on Systemic Interoperability. Ending the Document Game: Connecting and Transforming Your Healthcare Through Information Technology. October 25, 2005.


Rick Chung, JD ( is general counsel and chief compliance officer, and Matthew Palatnik is associate legal analyst at Medivo.

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This

Share This

Share this post with your friends!