by Justin A. Pope, JD

Mr. Pope is a Senior Risk Manager at Professional Risk Management Services (PRMS).

FUNDING: No funding was provided for the preparation of this article.

DISCLOSURES: The author is an employee of PRMS. PRMS manages a professional liability insurance program for psychiatrists.

Innov Clin Neurosci. 2024;21(4–6):31–33.


This ongoing column is dedicated to providing information to our readers on managing legal risks associated with medical practice. We invite questions from our readers. The answers are provided by PRMS (, a manager of medical professional liability insurance programs with services that include risk management consultation and other resources offered to health care providers to help improve patient outcomes and reduce professional liability risk. The answers published in this column represent those of only one risk management consulting company. Other risk management consulting companies or insurance carriers might provide different advice, and readers should take this into consideration. The information in this column does not constitute legal advice. For legal advice, contact your personal attorney. Note: The information and recommendations in this article are applicable to physicians and other health care professionals so “clinician” is used to indicate all treatment team members.


I am satisfied with my new electronic health record (EHR) so far, but I continue to see worrying headlines about EHRs in the news, most recently, stories about EHR companies closing out of the blue. Which EHR issues should I be concerned about?


At their best, EHRs allow clinicians to create clear, intelligible documentation of care, which can be shared with other treatment team providers and patients at a moment’s notice. However, clinicians should also be mindful of lesser-known risks that have emerged related to EHR use.

Some EHR companies have shut down suddenly and unexpectedly. In recent years, we have seen EHR companies close unexpectedly, leaving clinicians very little time to decide what they will do with their practice data. EHR vendors often delete all data belonging to their clients upon closure, so it is important to act fast. Planning for this situation ahead of time will enable you to quickly secure your patient data in the event your EHR company goes out of business. In this scenario, EHR companies usually present their clients with a couple of options:

The EHR vendor may offer to transfer your data to a new EHR company with whom they have forged a relationship. Using a third-party vendor may mitigate liability risk from allegations that practice data was not properly saved. If you choose this option, be sure to clarify what data will be transferred and the date of data migration. Do not assume the new company will offer the same terms of service as your previous vendor. Carefully review the new agreement for issues such as:

  • Data ownership: Who owns the data?
  • Fees: How will fees be assessed? Will late or non-payments result in denial of access?
  • Training: Do they offer training, and will it also be available to new employees?
  • Tech support: Will tech support be available 24/7? Is there an extra cost?
  • Confidentiality, privacy, and security: Will they offer a Business Associate Agreement (BAA)?
  • Disaster recovery: How often is data backed up? What assistance will be provided?
  • Termination: If the agreement is terminated, will your data be returned in a usable format? Is there an extra cost? Will they delete your data?

The EHR vendor may offer to export your data in an electronic format. This option allows you to retain copies of your electronic records while searching for an alternative EHR platform. However, before agreeing, clinicians should confirm that records will be exported in an electronic format compatible with other EHR platforms.

Once your account has been closed, the EHR company will likely delete your data in accordance with their BAA. If you choose to export your data, you will need to:

  • Make sure all data has been exported and backed up;
  • Securely store exported data on an encrypted device;
  • Be prepared to retain all exported data consistent with your record retention policy;
  • Transfer data to new electronic formats/devices as old formats/devices become obsolete (e.g., floppy disks are no longer in use);
  • Be able to retrieve exported data to fulfill requests for record copies; and
  • Retain documentation of your vendor’s closure in case questions arise in the future about why practice data was moved.

EHRs do not always provide the clearest picture of your treatment. Depending on the size of the record, the number of clinicians involved in treatment, and the technical limitations of the EHR platform, EHRs might be challenging for patients and third parties to interpret. Unfortunately, many EHRs include duplicative, conflicting, or outdated clinical information. Poorly designed EHRs can even create documentation inaccuracies when EHR infrastructure is modified or changed. For this reason, it is prudent for clinicians to review their documentation to ensure it accurately reflects their treatment role and the clinical care they have provided.

Since electronic records may also look very different on paper, consider periodically printing out a copy of your record to look for:

  • Documentation errors
  • Technical glitches that create inaccuracies
  • The ability to pass a billing audit
  • The ability of a subsequent treater (or an expert witness) to understand what you did and why

If corrections need to be made to your records, consider contacting your malpractice carrier or personal attorney for assistance.

Patients are increasingly requesting deletion of their EHRs. If you have an EHR, there is a good chance one of your patients will request deletion of their electronic record after treatment has ended. In some cases, it appears EHR vendors are informing patients that they have the right to submit a request for deletion. Typically, the vendor passes along these requests to the clinician, which might lead to awkward conversations with patients. 

Clinicians should think twice before agreeing to delete clinical records. Whether electronic or paper, it is always important to retain treatment records from an ethical, legal, and malpractice standpoint. Not only is your record necessary for continuity of care, it is key to establishing a defense in the event of a claim or lawsuit, and many states require clinicians to retain records for a minimum number of years after the conclusion of treatment.

It is best to deal with these requests by managing patient expectations early on. You should:

  • Know what your EHR vendor is telling your patients.
  • Discuss the need to retain treatment records with your patients at the start of treatment. Health Insurance Portability and Accountability Act (HIPAA)-covered entities may consider addressing record retention in their Notice of Privacy Practices.
  • Make sure patients understand that you are not permitted to delete or destroy records simply because treatment has ended.

Your state licensing board may have concerns related to EHRs—and expectations. Clinicians should be aware of the expectations of their licensing board(s). You may want to check your board’s website to see if there is information on your use of EHRs. If there is no information, you may want to review one (or all) of these policies:

North Carolina Medical Board’s Position Statement on Documentation, EHRs, Access, and Retention.1 This statement provides guidelines on the following to assist licensees in meeting their ethical and clinical obligations:

  • EHR deficiencies
  • Responsibility of licensees
  • Use of templates and copy-and-paste
  • Availability of, or access to, EHR
  • Breakdown of patient-licensee communication
  • Employed licensees and independent contractors

Texas Medical Board’s Position Statement on Electronic Medical Records.2 The Texas Medical Board published this position statement, citing concerns regarding widespread EHR implementation and “a much larger mass of often-repetitive data.” The Board reminds licensees of their obligation to verify that EHR information is accurate and relevant to patient care.  

Washington Medical Commission’s Guideline on Use of the Electronic Medical Record.3 This guideline addresses special considerations when using an EHR, provides examples of EHR complaints it has received, and discusses the following challenges:

  • Increased workload
  • Copy-and-paste
  • “Note-bloat”
  • “Boilerplate”
  • Differences between the electronic version and paper copy of the EHR
  • “Pseudo-history” and “pseudo-examination”
  • Errors in the EHR, which can be perpetuated and difficult to correct
  • Interface with provider-patient relationship
  • Overemphasis on documentation to meet billing specifications

To mitigate risk related to EHR use, clinicians should plan accordingly for these emerging issues and stay up-to-date on relevant licensing board requirements.


  1. North Carolina Medical Board. 3.2.1: MEDICAL RECORDS – documentation, electronic health records, access, and retention. Jul 2018. Amended Mar 2021. Accessed 21 May 2024.
  2. Texas Medical Board. Position statement by the Texas Medical Board on electronic medical records. Accessed 21 May 2024.
  3. Washington Medical Commission. Medical records: documentation, access, retention, storage, disposal, and closing a practice. 17 Jan 2020. Accessed 21 May 2024.