The healthcare industry, like other sectors of the economy, is still processing the recent enactment of the "Millennium Digital Commerce Act" known to the public as the electronic signature law. Electronic signature usage promises, as technology evolves, to be a facilitating device for health care companies' business-to-business and business to consumer transactions. However, the extent of the legal comfort zone will, to some extent, await the maturation and dissemination of encryption technology, biometrics and other electronic security technologies.

One application of the Act need not await such maturation — at least from the legal perspective. That application is the law's effect on healthcare record keeping.

State licensing statutes have frequently cast a pall over electronic medical record development. Hospital and other facility licensure statutes and regulations often require the maintenance of "written" records. Other regulations go further to specify that records be maintained in ink or be typewritten. Still others require specific orders to be signed and sometimes that the signature be in ink.

Along comes the electronic signature law and its clears the air. It provides that:

If a statute, regulation or other rule of law requires that a contract or other record relating to a transaction in or affecting interstate or foreign commerce be retained, that requirement is met by retaining an electronic record of the information in the contract or other record ?...

The legislative history of this provision is relatively sparse. For example, the Senate Report refers only to the statute's affirmation of the legal effect of contracts formed by electronic interaction.

Also of interest is the scarcity of a requirement in the statute concerning security and authentication requirements for such records. The statute requires only that the electronic record accurately reflect the information set forth and that it remain "accessible to all persons who are entitled to access by statute, regulation or rule of law?..."

In the health care environment, hospitals and other health care facilities use of electronic records will be additionally guided by Medicare conditions of participation which, while permitting the use of computerized records and authentication, do require the hospital to have a system for record identification and maintenance which ensures their integrity and protects their security. Joint Commission standards require a system of attestation to singular use of the code for the computer key used to authenticate the record. Some states, like California, require facilities and clinics to have a variety of system safeguards including backup storage systems, imaging technology for reproducing signed documents and a mechanism to prevent the destruction of records.

Providers and payors who are neither effected by the Medicare standards for facility participation nor by a state law baseline policy will experience comparable regulation under HIPAA's security standards — at least with respect to those records that contain individually identifiable health information (as a practical matter — most records).

Thus, from a business planning and legal risk management perspective, the electronic signature law will be facilitative in those jurisdictions where traditional licensure statutes have not yet been "scrubbed" for the digital world. Multistate companies will still need to comply with a variety of state statutory requirements as to authentication and record integrity. However, those standards generally require only that the provider develop policies and procedures to address natural exposures and should be regarded as consistent with best practices and sound corporate risk management.

Please contact us if you would like additional information regarding e-Health Law issues.

Washington, D.C.

Mark Lutes
mlutes@ebglaw.com
202/861-0900

Newark

James Flynn
jflynn@ebglaw.com
973/642-1900

Philip Mitchell
pmitchell@ebglaw.com
973/642-1900

This publication is provided by Epstein Becker & Green, P.C. for general information purposes; it is not and should not be used as a substitute for legal advice.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.