New Book – Electronic Health Records and Medical Big Data: Law and Policy

Guest Post by author Sharona Hoffman

hoffman-cover-1-002I am pleased to post that my new book, “Electronic Health Records and Medical Big Data: Law and Policy” was recently published by Cambridge University Press.  The book enables readers gain an in-depth understanding of electronic health record (EHR) systems, medical big data, and the regulations that govern them.  It is useful both as a primer for students and as a resource for knowledgeable professionals.

The transition from paper medical records to electronic health record (EHR) systems has had a dramatic impact on clinical care.  In addition, EHR systems enable the creation of “medical big data,” that is, very large electronic data resources that can be put to secondary, non-clinical uses, such as medical research, public health initiatives, quality improvement efforts, and other health-related endeavors.  This book provides thorough, interdisciplinary analysis of EHR systems and medical big data, offering a multitude of technical and legal insights.

The book analyzes the shortcomings and benefits of EHR systems, explores the law’s response to the technology’s adoption, highlights gaps in the current legal framework, and develops detailed recommendations for regulatory, policy, and technological improvements. Electronic Health Records and Medical Big Data addresses not only privacy and security concerns, but also other important challenges, such as those related to data quality and data analysis.  The book’s many recommendations aim to improve the technology’s safety, security, and efficacy for both clinical and secondary (such as research) uses of medical data.  The book’s premise is that the law is a vital tool for safeguarding and enhancing the quality and security of EHR systems and the medical big data resources that are drawn from them.

Electronic Health Records and Medical Big Data proceeds in two primary parts.  The first focuses on EHR systems as they are used in clinical settings to treat patients.  The second part is devoted to medical big data that is derived from EHRs and used for research and other non-clinical, secondary purposes.  A more detailed description of the chapters follows.

Part I

Chapter 1 – EHRs:  Attributes, Benefits, and Shortcomings

Electronic health record (EHR) systems are now a fixture in medical examination rooms and hospital corridors.  The digitization of medical practices has raised many questions for patients, providers, and industry analysts.  What do these computer systems do?  Why have they generated both significant enthusiasm and considerable anxiety?  Is the medical community wise to adopt them or have clinicians become tied to deeply flawed technology?  As a foundation for analyzing the legal and ethical implications of EHR system use, this chapter explains what the technology is, what it does, and what it does not do.  The chapter describes the many features of EHR systems.  It also details their benefits and explores their pitfalls and shortcomings.

Chapter 2 – EHR System Regulation:  Meaningful Use and Certification Standard

This chapter focuses on the steps the federal government has taken to establish quality control for EHR systems and evaluates whether it has found the right balance.  In 2009, Congress enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act.  This law established an incentive program by which qualified providers could receive incentive payments if they became meaningful users of certified EHR systems.  In order to implement the HITECH Act, the Centers for Medicare and Medicaid Services (CMS) issued a series of regulations that establish the standards for meaningful use and EHR system certification.  The chapter describes these regulations and critiques them.  It argues that while they constitute a good first step towards regulating the quality of EHR systems, they do not adequately address concerns about the technology’s safety and usability.

Chapter 3 – EHR Data Security

Once health data is computerized, it becomes more vulnerable to data breaches.  Computer systems can be hacked; computer equipment containing thousands of records can be stolen or misplaced; e-mail can be sent to the wrong recipient; employees can view charts that they should not be accessing with little chance of being detected; and many other electronic mishaps can occur.  This chapter is dedicated to analysis of EHR data security threats and the regulations that the federal government has implemented to address them.

Chapter 4 – EHR Systems and Liability

While advocates fervently hope that EHR system adoption will significantly reduce medical errors and related medical malpractice lawsuits, it is not at all clear that this hope has been fulfilled thus far.  The many EHR shortcomings discussed in chapter 1 might make clinicians just as vulnerable to malpractice suits as they were in the paper era if not more so.  In addition, working with complex EHRs rather than traditional paper files might make the litigation process more cumbersome and difficult.  How this new technology might alter medical malpractice litigation is a question that is of great interest to health care providers and health law attorneys alike.

Part II

Chapter 5 – Medical Big Data and Its Benefits

The transition from paper medical files to EHR systems has facilitated the creation of large health information databases.  Computer processing of digitized records permits fast and relatively inexpensive data analysis and synthesis. These databases, therefore, can serve as invaluable resources for researchers and other analysts.

Many large EHR databases already exist and are used for non-treatment purposes.  This chapter describes a sample of data-collection initiatives.  It also discusses how EHR data may be used in the realms of biomedical research, quality assessment, public health, and litigation.

Chapter 6 – Medical Big Data Research:  Privacy and Autonomy Concerns

EHR-based research holds great promise.  However, it also raises new questions and concerns relating to patient privacy and autonomy.  Collection of patient information into large databases poses new risks of privacy breaches that did not exist when paper files were simply locked away in file cabinets.  In order to protect patient privacy, database operators generally de-identify information, that is, they strip away identifying data elements.  Yet, some experts argue that the risk of re-identification can never be fully removed.  Because research poses risks for human subjects, a paramount principle of biomedical research ethics is the right to make autonomous decisions regarding participation through the informed consent process.  However, research involving de-identified information is exempted from consent requirements.  But should it be?

This chapter focuses on privacy and autonomy concerns in the context of EHR database research.  The chapter explores how the research community can reap the potential benefits of EHR database analysis while effectively protecting the privacy and autonomy interests of data subjects.

Chapter 7 – Medical Big Data Quality and Analysis Concerns

The security of EHR databases and potential privacy breaches are not the only concerns raised by the medical big data trend.  Anyone considering the outcomes of record-based studies must recognize the shortcomings of contemporary EHR data and the challenges of inferring causal effects correctly.  This chapter focuses on what can go wrong in the process of EHR data analysis and what precautions should be taken to avoid critical mistakes.

Chapter 8 – The Special Case of Open Data

This chapter focuses on the phenomenon of “open data.”  Patient-related medical data can now easily be found on the Internet.  With its help, ordinary citizens interested in scientific research are taking matters into their own hands.  This is the era of “Citizen Science” and “Do-It-Yourself Biology.”  Citizen Science is “the practice of public participation and collaboration in scientific research” through data collection, monitoring, and analysis for purposes of scientific discovery, usually without compensation.

Increasingly, data collections are being furnished to the public by government and private sector sources, and this supply stream will expand considerably in the future.  This chapter describes open data sources, analyzes their benefits and risks, and formulates recommendations for responsible handling of open data.

EHR systems became widely adopted only in recent years, largely thanks to the Obama administration’s incentive program for the implementation of health information technology, which took effect in 2011.  Consequently, very few books are devoted to a legal and policy analysis of EHR systems and the big data they generate.  It is my hope that this book will serve as an important resource for medical, legal, information technology and policy academics, professionals and students.


Sharona Hoffman is the Edgar A. Hahn Professor of Law, Professor of Bioethics, and Co-Director of the Case Western Reserve University (CWRU) School of Law’s Law-Medicine Center. Professor Hoffman has a B.A. from Wellesley College, a J.D. from Harvard Law School, an LL.M. in health law from the University of Houston, and an S.J.D. from CWRU (as of January 2017).

The Petrie-Flom Center Staff

The Petrie-Flom Center staff often posts updates, announcements, and guests posts on behalf of others.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.