Home » Interviews » Currently Reading:

An HIT Moment with … Sharona Hoffman

June 28, 2010 Interviews 20 Comments

An HIT Moment with ... is a quick interview with someone we find interesting. Sharona Hoffman is professor of law and bioethics and co-director of the Law-Medicine Center at Case Western Reserve University School of Law in Cleveland, OH. She recently published an article, E-Health Hazards: Provider Liability and Electronic Health Record Systems in Berkeley Technology Law Journal with co-author Andy Podgurski, a CWRU professor of computer science who also contributed to the information below.


The article suggests that a hospital may expose itself to liability for physician acts, from which it is currently protected, by forcing doctors to follow its EHR-enforced practice guidelines. Should this be a significant concern?

This is a complicated legal question and I don’t think it should be of primary concern for hospitals. Whether a hospital is vicariously liable for the acts of physicians will depend upon the degree of control it has over them. Often, a hospital can prove that the physician is an independent contractor. In some circumstances, however, doctors are found to be employees and not independent contractors. The issuance of an EHR practice guideline alone, however, probably will not undercut the independent contractor defense.

Provider errors due to software usability issues have made headlines recently. The article suggests an option of requiring all EHRs to use a standard user interface. Given the competitive and proprietary nature of the EHR industry, is that likely or even advisable? Is there a precedent in other industries?

Major software platforms like Microsoft Windows and the Mac have user interface standards or guidelines that application vendors follow. An EHR interface standard should define an essential level of consistency between the UIs of different system. It shouldn’t require them to be identical.

How much liability do software vendors and hospitals have for programming errors and setup mistakes, respectively? Do you think those cases are coming up but being settled out of court such that the problem is understated?

Vendors would have primary responsibility in such cases. Vendors both design the software and help hospitals implement the systems and train employees. Hospitals would have liability if they tried to customize the system inappropriately on their own or did not engage experts to provide responsible training. They could also be held liable for mistakes that employees, rather than independent contractors, made with the system that caused patient harm.

The vast majority of cases that are filed in court do not produce a reported decision and many of these are settled, so you are right that it is difficult to know how many EHR cases have arisen.

In fact, regardless of litigation, a major problem is that there is no adverse event reporting requirement. If an EHR system has a problem, the vendor or user doesn’t have to report it to any regulatory agency. Nobody is keeping track of what kinds of problems are arising and how frequently. Therefore, EHR system purchasers can’t obtain information they need to make educated decisions.

The article concludes that the federal government should oversee and monitor EHRs in some way that goes beyond simple certification. Explain why that’s the case and who in the industry should advocate for government involvement.

EHR systems are much more than just record-keeping systems. They manage patient care in a lot of ways, and therefore, they are safety-critical. They provide doctors with prompts and alerts concerning patient allergies, other drugs patients are taking, and the patient’s medical history. They provide a mechanism by which doctors order diagnostic tests, medications, and other treatments. They will create the patient record and could be the way by which a physician communicates with other departments or with the patient herself. 

If anything goes wrong with any of these functions because of software bugs, computer shutdowns, or user errors due to poor system design, this could be catastrophic for medical outcomes.

The FDA regulates drugs and devices. A responsible doctor would never think of implanting a pacemaker that is not FDA-approved, because a flawed device could kill the patient. We believe that EHR systems will be just as critical for patient welfare and therefore, they require an equal degree of government oversight.

Anyone who really cares about patients and medical outcomes should be advocating for government involvement.

As you looked at the EHR industry and EHR adoption by providers, what aspects concern you the most, both as an attorney and a patient? 

EHR systems have the potential to improve patient care significantly. They can increase efficiency, provide doctors with essential information about the patient, and help doctors make optimal medical decisions. Most other industries are computerized, so it is certainly time for the medical profession to catch up. However, in implementing EHR systems, we must proceed cautiously and responsibly.

It is extremely important that the government establish appropriate approval and monitoring processes for EHR systems. These must include an adverse event reporting requirement.

We have heard from a lot of health care providers that the systems they have are difficult to navigate, reduce efficiency because they require too much time and data, and disrupt the relationship with the patient. Some doctors feel that they are overwhelmed by irrelevant or trivial electronic alerts and that they don’t have time to listen to and examine patients because they are too busy attending to the demands of the computer.

Therefore, we need regulatory standards and criteria that ensure that vendors minimize these problems. Once a practice purchases a system for millions of dollars and trains its staff, it will not be able switch to a different system that is better. It is only with appropriate oversight and quality-control that we can maximize the potential of this technology.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "20 comments" on this Article:

  1. A Common User interface is open and free software from Code Plex, the Microsoft open source software site. It has been out there about 2 years now and some smaller developers have worked with it as well as the NHS. To me and for doctors to only have to learn one system to read and input information that is the same or very similar would be wonderful, but nobody does it as competition on who builds the best interface is still alive out there. The rest of the system from the vendor could stay the same as used in other areas so each vendor could maintain their product, but just standard screens for the MDs would be nice.

    One young MD told me he had to learn 5 systems to get through his residency, and hats for that effort by all means. Here’s one of several posts I have done on the topic with pictures and video.


    One more somewhat humorous side note here, at HIMMS 2008 I was attending to help promote Tablet PCs for Tablet Kiosk and loaded up a Windows Foundation Presentation EHR demo that I picked up at a MSDN Tech net meeting to show a medical records system on a tablet pc. It worked well but as I socialized a bit with different EMR vendors where I was basically talking about the tablet and using the demo they were all asking me “who’s system is that”, so it created a stir with the dynamic screens and graphics, but as far as I know today, we don’t have any of those yet.

    It sure got a lot of vendor curiosity with all wanting to know where it came from and what vendor had jumped out this far in the ball game:) The link below shows the demo, and again it was a lot of fun watching the curiosity of the EHR vendors:)


  2. EHR’s cannot replace a providers judgement. That is why they spend 12 years getting trained. EHR’s are designed to collect clinical encounter information, form the platform for care provider collaboration and support clinical decision making. They are not designed or intended to abdicate the care provider from the responsiblity of patient care.

    It takes a lawyer to suggest this. If we want to fix health care we should start with tort reform.

  3. Mr. HIStalk, by publishing this interview, has advanced the possibility, albeit still remote, that the gifted seasoned clinicians of America will embrace these technological devices. Because they are impediments to efficient care in their current iterations, clinicians’ acceptance will not happen, except by force, threat, and financial coercion, as long as the safety and efficacy of these devices has not been methodologically studied in the hospital ward, and then evaluated by the FDA, and the instrinsic impediments to safety cleansed.

    The interviewee is articulate, thoughtful, and measured. AMEN and thank you Mr. H

  4. I wrote at least ten years ago that non-clinical IT personnel seem unable to be team players, i.e., conscientious members of the medical care team, due to reluctance to take on responsibility and accountability for outcomes that involve their devices.

    Thank you, Gartland, for comment #2 demonstrating what I was referring to.

  5. What about the med mal and discovery implications of CDSS in litigation. What if a physician chooses to ignore or override information and or if the information given by the CDSS is incorrect? What is the hospital’s liability? What is the physician’s liability? Is the CDSS a guideline only or standard of care? Is the override information in metadata discoverable? Lots of questions.

  6. Once it becomes widely known how poorly designed and tested EMRs are there is no way they’ll escape direct FDA regulation. EMR vendors have known for years that they have had massive problems with errors and mistakes due to use of their software. They also sell these overly complex systems to customer who they flat out know are unable to safely and properly provide the necessary system administration.

  7. Having read the article and cosidered it , i do not see a synthesis of good legal ideas, heathcare and computer science. I would expect a merge toward best practices, some notion of solution sets, an evolutionary perspective and a sensitivity toward value , safety and quality. The deliverable may be appropriate for a junior college curriculum where most people are hungry but confused including the teaching staff. The article is lip service or lipstick on a pathetic current state of affairs.

  8. Sir Cyril Chantler noted, “medicine used to be simple, ineffective and relatively safe; now it is complex, effective and potentially dangerous.” His quote was from a Lancet article in 1999 – much before EMRs were being used regularly. I wonder what he would say now!

    The analogy to medical device regulation is an important one – especially since we use EMRs on many more people than those getting implantable devices! I certainly am not for over-regulation of EMRs, but it is reasonable to consider having some sort of basic expectation about vendor responsibility for errors and incorrect programming.

    I accumulated a bunch of similar stories in this blog post back in April (http://drlyle.blogspot.com/2010/04/dark-side-of-ehrs.html) as the FDA was making noise about actually regulating EMRs (that has since seemed to die down). But at the very least, you can search the FDA’s database for HIT problems, or submit one of your own at MAUDE (Manufacturer and User Facility Device Experience): http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/search.cfm

  9. BB2X says:

    Having read the article and cosidered it , i do not see a synthesis of good legal ideas, heathcare and computer science.

    It is not the job of lawyers to correct the deficiencies and cavalier attitudes of an industry, but to protect its victims — as well as take the money of the perpetrators and contributors to that injury.

    While CEO’s such as those of big, deep pocket HIT companies proffer statements that usability will become part of certification “over my dead body”, the med mal lawyers are sharpening their knives.

    I am convinced at this point that further health IT improvement will not come from healthcare science, informatics science or computer science, but from activity in the courtroom. Sad that it’s come to this, but this is where we are. It’s not as if people in my field haven’t been sounding the alarm for, in my case, a decade now.

  10. The inquisitive should ask, why are these devices being sold without FDA approval, without assessment for usability, without assessment for safety, without assessment for efficacy, without regard for the individual patient who suffers harm from inadequate interfaces, transformation of orders, lost lab data, misidentification, and more? Does the influence of the wealthy industry and its lobbying interests have something to do with calling off Congress, Sebelius, and the White House, giving these devices an exemption?

    These systems were promoted to Congress on the basis that they are “better” than what they are replacing. However, there is not any scientific proof to support that.

  11. Standardization kills innovation. Innovation and market demand for it is what will exponentially improve software offerings, as it does in other industries. Government regulation erects barriers to entry against those innovative start ups and offers safe harbor to the incumbent. Further, the incumbent has significant influence over those regulations as they hold a prominent place at that table.

    I firmly believe in competition and transparency in the market place to allow clients to understand and compare offerings. Let those who best meet those needs around usability, patient safety & outcomes, low cost of ownership and interoperability rise to the top. And when needs change – based on users, not on government mandates – let those who can best adapt survive. That is what makes for superior, affordable products.

    Further, I am offended at the implication that software vendors do not respect and strive for patient safety and superior user experience at all turns. It is not an easy endeavor.

  12. That the care of the patient is sacrosanct is the most important precept inculcated to the doctor in training. When I read the following, described by S. Hoffman: “Some doctors feel that they are overwhelmed by irrelevant or trivial electronic alerts and that they don’t have time to listen to and examine patients because they are too busy attending to the demands of the computer…”; I believe that the basic tenants of the practice of medicine are being subverted by the planners of these systems. Eureka! the patient has now become the user unfriendly computer as it rigidly obstructs the care of the real patient. Sad and pathetic that doctors have become servants of the coders.

  13. INRE: interview with Ms. Hoffman & comments posted.

    It took me a while to process my thoughts on Ms Hoffman’s comments and finally after reading comments from BB2X and DrLyle, I was able to realize what botehered me and what excited me about the interview. Both BB2X & DrLyle madse points that I both agreed with and disagreed with, they could be a distraction.

    What bothered me about Ms Hoffman’s content was the push for furhter Federal involvement, when I suggest that the FDA as well as any other bruacracy just doesn’t know when to stop – such a move will quickly stiffle innovation, raise costs and delay improvement while hastening consolidation. Just plainly the wrong perscription.

    What excited me was an articulate attorney of stature who was interested in the implications and ramifications of today’s environment. I would ask Ms Hoffman and others legal minds who have the interest – to instead turn to vendor-provider contracts and lets get some standard T&Cs and place liability where it belongs. Another item for such legal activity would be in the contracts between health systems and attending, referring and treating physicians.

    Lastly, I would suggest Ms Hoffman needs to spend additional time looking at the issues hshe raised from the private practice viewpoint.

  14. RE: “Some doctors feel that they are overwhelmed by irrelevant or trivial electronic alerts and that they don’t have time to listen to and examine patients because they are too busy attending to the demands of the computer”

    Most of those alerts didn’t come out of the box. They were setup by his organization based on local and organizational policy. Apart from weight based dosing, duplicate order checks and contraindications most of these alerts do not come from the vendors.

    But I agree with the basic concept. It sounds like his organization used a powerful tool and destroyed it, by annoying Physicians with unnecessary alerts/warnings. Then when an important warning is issued they may blow past it.

    Many of these alerts will fire, if documentation is missing, even when the Physician is about to complete that task. This is obviously counter productive. Alerts must be as close to 100% clinically relevant as possible and must assume the user is going to do the right thing before alerting them that they haven’t.

  15. Joe a says:

    such a move (federal regulation) will quickly stiffle innovation

    What innovation are you talking about? What innovation has taken place, say, in the past ten years that would have been “stifled” by regulation?

    Blah says:

    Most of those alerts didn’t come out of the box. They were setup by his organization based on local and organizational policy.

    it isn’t just alerts. That’s just one issue. The overarching problem is the mission hostile user experience presented by many if not most commercial EMR’s and other HIT.

    In my month’s de facto locum tenens serving as bodyguard for my mother (against further EMR-mediated or non-EMR mediated harm), I observed big-vendor EMR use carefully in the ED, on the floors and in the ICU (my mother was in 9 different hospital rooms during her stay).

    I found that everything I’d written at this post on the EMR user experience was validated with my own two eyes, even though those actual examples came from others.

    The commercial systems I observed were largely mission hostile, designed as if they were ‘inventory systems for medical data’, in an MIS model. Cognitive support for clinicians was near nil. Further, in an age of advanced computational linguistics capabilities, CPOE offered no such support.

    Is the National Research Council report wrong about this?

    If so, I’d like to hear why. I’d like to see someone tell Octo Barnett and Bill Stead to their face that their report was hogwash.

  16. MIMD sorry you observations in the ICU have nothing to do with the point. What is setup by the vendor and what is setup by the organization. Do you know?

  17. Blah Says:

    MIMD sorry you observations in the ICU have nothing to do with the point.

    I will repeat my point. The overarching problem with HIT is its mission hostile user experience presented by many if not most commercial EMR’s and other HIT.

    Alerts are only one component of a much larger set of problems.

  18. And I still would like an answer to my question:

    What HIT innovations have taken place, say, in the past ten years that would have been “stifled” by regulation?

  19. One issue to consider in calls for FDA oversight of EHR is that software is a technology subject to frequent updates. There have already been cautions appearing that makers of medical products may be reluctant to update the software/firmware of devices subject to FDA approval due to concerns that the changes may trigger another approval process.

    Once an EHR system is “approved”, then are barriers created that curtail further improvements, security patches, etc.?

    I also ask how one would handle business and health care softwares that are adapted to perform EHR-like tasks? Does a hospital physician benchmarking tool that is adapted to perform more EHR-like functions cross a line into FDA approval? Does a hospital’s self-developed EHR IT project now need to go before the FDA before going live?

    What about open-source EHR solutions? There was a great hue-and-cry over the costs created when community-developed software was subject to a rigid CCHIT certification process with significant costs? Who is supposed to pay the costs of an FDA review of an open-source solution? Who does the FDA even contact when you are talking about software developed by a user community (like the reworks of VistA).

    Will i-Phone Apps that perform discrete medical functions need to see the FDA before hitting the App Sote?

    How are modular solutions (like stand-alone e-prescribing) to be handled? Will each discrete module that has a function that is part of a typical EHR “bundle” be subject to approval, or only the bundled “all-in-one” prodects? If so, does this create a disincentive to build all-in-one products?

  20. Very true. Pretty much agree with most of your thoughts.
    I also feel that this EHR jungle without quality products is going to make the life of practices very difficult. Though you provide them with many comparisons grids, in most cases they may end up with an EHR which does not support the needs of its speciality. I believe an speciality based EHR combined with appropriate certifications is the way ahead.

    I think the federal efforts of providing the right incentives to practices who implement certified EHR’s following the appropriate federal guidelines is a great initiative.

    Also the introduction of REC’s through the HITECH act. is a great way to avail of quality EHR solutions at competitive prices. The stiff competition among not only these REC’s but also among EHR vendors ( to become a preferred vendor of a given REC) will result in lot of positives to medical practioners.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Vince Ciotti’s HIS-tory of Healthcare IT

Founding Sponsors


Platinum Sponsors






















































Gold Sponsors
















Reader Comments

  • Bill O'Toole: Confirming first hand that Cape Cod Hospital was MEDITECH's first customer. My father, the Chief of Pathology, saw the i...
  • FormerCIO: Re JAMA article. How will access to my EHR data help me 'shop for high value health care services' and 'avoid the need t...
  • CommentsTwoWeeksLate: I'd be really disappointed if the "de-identified" data set contained full birth dates or zip codes. That doesn't seem t...
  • Code Jockey: Mr. H - this is a response to 'Really' but I'm not sure how to respond to his post. Also, this is a note for both you an...
  • Clarence: From my experience 7 years as an Epic employee and then 4+ years integrating 3rd party clinical content/software into EH...
  • meltoots: I take issue with one thing in this. The ACR AUC system is ridiculous for specialist physicians. I am a board certified ...
  • Really: Come on Code Junkie... Would any software company on the planet let you take their code, do a minor modification and ...
  • Code Jockey: Sigh.... Code Corrections - the origin of this conversation was a statement by someone that Epic clients were creating t...
  • WhatstheretoWonder: Fairly clear that the ambitions were crushed by unchecked capitalism and Republican waffling on doing the necessary chec...
  • Woodstock Generation: Re: Mr. HIStalk's response to Post-Acute Pat - Mr. HIStalk, you couldn't have said it better about today's healthcare i...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links