Legal

These and other legal notes on this website are intended to help with your legal research. None should be taken as formal legal advice. Contact a lawyer specializing in healthcare data for legally valid answers.

Don't Publish the Database schemas of EHR's: My understanding is that database schemas are proprietary, though users of the software have the right to reverse engineer the data schemas. This may depend upon the EHR and the contract, but customers and their business partners have rights to access the data in some cases. (It is my impression that user rights are strongest when the users own or lease the computer hardware on which the EHR runs. An EHR running in the software vendor's cloud may have legal barriers which make the client's data hostage to the EHR vendor, despite claims by sales teams.) Publishing the complete schema, or significant portions of it, apparently is prohibited, however.

Violations of HIPAA May be Serious: The bulk release of patient data could harm the lives of patients and will certainly cause negative publicity. Caution is needed when configuring firewalls and client access. Ideally, firewalls will limit access to your application to clients and developers.

Do Not Interpret Medical Data: Flagging lab values as low or high should be done only after consulting with a medical doctor on your team. On small, informal projects, you might experiment with reports and data views which evaluate a patient's health. In a formal environment, however, you need to be extremely careful. It is criminal for people who are not healthcare providers to interpret medical information, especially for an individual patient.

Understand Reluctance to Add Input: Medical professionals are responsible for carefully documenting their findings and interventions. The resulting records must be organized and accessible. This is a legal obligation. If software developers suggest adding input mechanisms which will result in new patient data being stored outside the EHR, there may be legitimate pushback. Healthcare professionals will want data to be stored in a single location.

Strong Usage Restrictions: This may not matter in an informal work relationship, but often contracts which allow access to copies of business data only allow the data to be used for a single, specific project. If you use a client's data to test the performance of new software without asking the client's permission, you may anger the client and expose your company to breach of contract litigation.