01EHRs and AI — How Far Can the "Burden of Writing" Be Delegated?
Electronic health records are now used in most medical institutions in Japan. Unlike paper charts, they can be searched, shared, and aggregated — the advantages are large. Yet for the physician on the ground, the EHR is also a "burden of input." The complaint that a non-trivial share of consultation time is spent typing rather than talking has been heard for years.
This is where AI has room to enter. The uses fall broadly into three kinds: voice input (turning spoken words directly into text), automated summarization (condensing a long exchange or test results into something short), and documentation support (suggesting the standard phrases or candidates to write next). Each aims to reduce the effort of "writing from scratch" and give the physician back time to face the patient.
But an EHR is not a mere memo. It is the basis of care, a legal record, and a shared document another clinician will read later. So when delegating to AI, the question to ask is not "will it be faster" but "even if it is faster, is the record's trustworthiness preserved?" This installment tests that single point from three angles — accuracy of summaries, the audit trail, and protection of patient information.
02Accuracy of Automated Summaries — What Gets Lost When You "Shorten"
Automated summarization looks like AI's strong suit. Condensing a long conversation or test data into a few key lines — as a draft, it is genuinely usable. But medical summaries carry a danger absent from ordinary text summarization. To "shorten" is to "discard," and misjudging what to discard can change the clinical meaning.
Loss of Negation
"No history of allergy," "No chest pain observed" — in medicine, the record of what is not present is decisively important. If a summary drops the negation, present and absent can be reversed.
Rounding of Numbers
Blood pressure, dosage, test values — when AI rephrases them as "on the high side" or "slightly elevated," the specifics needed for judgment are lost. Medical numbers become something else the moment they are rounded.
Fabrication Creeping In
AI can supply a plausible-sounding sentence that was never uttered (= hallucination, AI fabrication). Symptoms or findings that were never part of the conversation risk slipping into the summary.
What the three share is that a summary optimizes for "readability" at the cost of "accuracy." That is why, in medicine, an automated summary should be treated not as a finished product but as a draft. AI summarizes, the physician checks it against the original and finalizes it — remove this step of "a human approves at the end" and the facts thin out with every shortening. The convenience of summarization holds only paired with the step of verification.
03Audit Trails — Keeping "Who, When, What"
The EHR has a strength the paper chart lacks: the audit trail (= audit trail, the history that lets you trace afterward who changed which record, how, and when). Who entered, who amended, who viewed — every footprint remains. This is the foundation that supports a record's trustworthiness, and Japan's Ministry of Health, Labour and Welfare "Guidelines for the Safe Management of Medical Information Systems" also requires this history be secured.
When AI takes part in the record, a new question arises for that audit trail: "who wrote that sentence — a human, or AI?" A voice-entered sentence, a sentence AI summarized, a sentence AI proposed and the physician adopted — if these blend indistinguishably with human entries, "whose judgment was it" can no longer be traced afterward.
What matters is the principle that introducing AI must not weaken the audit trail. If anything, the reverse: by including AI's involvement itself in the record, the trail becomes thicker. As long as who took responsibility for approving remains recorded, AI stays a "tool that assists the work" rather than a "tool that blurs responsibility."
04Protecting PHI (Patient Information) — Designing So It Does Not Leak
What the EHR handles is information that must be guarded most carefully. PHI (= Protected Health Information; medical information to be protected — name, diagnosis, test values, and other health information tied to an individual) falls, under Japan's Act on the Protection of Personal Information, into special care-required personal information (= information that may not be acquired without the person's consent and requires especially careful handling; it includes medical history). When AI is built into the EHR, how to maintain this protection becomes the central issue.
What needs particular care is where the AI processes the data. A design that sends summarization or speech recognition to an external cloud (= computing resources across the internet) means PHI leaves the medical institution. Management of the contractor, encryption of the communication, and confirmation of whether the data "is used for training" — introduce AI while leaving these vague, and in exchange for convenience you create a path for a leak.
| Point at issue | What to ask | The design crux |
|---|---|---|
| Place of processing | Is PHI processed within the facility, or sent outside? | In-house / on-premises processing, or confirmation of the outsourcing contract and safety-management measures |
| Use for training | Is the entered data used to re-train the AI? | Confirm explicitly in contract and specification that it "will not be used for training" |
| Access rights | Who can see that information? | Minimal access according to role; viewing history also kept in the audit trail |
| Anonymization / pseudonymization | Is it used in identifiable form for analysis or validation? | Pseudonymize or anonymize per purpose; for special care-required information, stay within the scope of consent |
The basic rule of protection is not "send it because it's convenient" but "release only the necessary minimum." Once PHI leaks, it cannot be taken back. The speed of AI is attractive, but if you defer the design of protection for the sake of that speed, you expose the patient's most-guarded information to danger.
05Norms for Safe Management — The "Three-Ministry, Two-Guideline" Foundation
For handling medical information electronically, Japan has a clear set of norms to rely on. At the center are the Ministry of Health, Labour and Welfare's "Guidelines for the Safe Management of Medical Information Systems." In addition, for vendors that provide such systems, there are the Ministry of Economy, Trade and Industry and the Ministry of Internal Affairs and Communications' "Guidelines for the Safe Management of Information Systems and Services Handling Medical Information," and together these are called the "three-ministry, two-guideline" set. In other words, both the medical-institution side and the vendor side have a yardstick of safe management to observe.
These guidelines require the properties a record must possess: authenticity (= the record is genuine and has not been improperly altered afterward), legibility (= it can be read out when needed), and preservability (= it is kept, without loss, for the prescribed period). Building in AI does not loosen these three. Even a draft written by AI, once a record is finalized, must satisfy authenticity, legibility, and preservability — this is the foundation.
And as the underlying statute, the Act on the Protection of Personal Information (= the law that sets the proper handling of personal information) supports the whole. Acquiring special care-required personal information requires, as a rule, the person's consent, and there are restrictions on third-party provision as well. AI adoption must be designed inside the frame of this law. Whether you view the norms as a "constraint" or as a "foundation of trust" changes the quality of the adoption.
06Operations — Making It a System That Works on the Ground
Meeting the norms alone does not keep the ground running. To build AI into the EHR as a tool that physicians and nurses actually use every day, operational design is needed. The following four are principles that work in practice.
Treat It as a Draft
An AI summary or entry must always be checked and finalized by a human. Do not turn AI output directly into the finalized record. Fix the extra step of approval as a procedure.
Make Involvement Visible
Make it clear which part AI generated. Distinguish it so it does not blend with human entries, and keep the involvement in the audit trail.
A Path to Correct Errors
When an error in a summary or in speech recognition is noticed, it can be fixed at once, and that correction too remains in the history. Design on the premise of mistakes, so they can be corrected.
Minimal Data
Narrow the information handed to AI to the scope its processing needs. Do not send the entire chart wholesale to the outside. Reduce the amount released, and the amount that can leak drops too.
The idea shared by these four is "do not trust AI completely, but do not shun it either." Delegate entirely and errors slip through; use it not at all and the burden does not fall. On the premise that a human bears final responsibility, simple work to AI and judgment to the human — this division of labor is the core of a system that keeps running on the ground for the long term.
07The Adoption Decision — On What Basis to Decide In or Out
Adopting AI into the EHR is not something to decide because "it seems convenient." You need a yardstick for the decision in advance. If even one of the following questions gets a "no," adoption should be approached with caution.
- Can accuracy be verified? — Can the error rate of summarization or speech recognition be checked against your own institution's data? Can you see the performance under actual conditions of use, rather than the vendor's marketing?
- Is the audit trail preserved? — Including AI's involvement, is "who, when, what" traceable? Are authenticity, legibility, and preservability left intact?
- Is the path of PHI clear? — Where is the data processed, is it kept out of training, and is it protected by contract and safety-management measures? Does it accord with the three-ministry, two-guideline set and the Act on the Protection of Personal Information?
- Can it be stopped? — When a problem occurs, can AI's involvement be detached and operations returned to the conventional way? Is the design free of over-dependence that makes reversal impossible?
What is most to be avoided in the adoption decision is being pulled by speed or novelty into breaking the foundation of the record's trustworthiness. Designed correctly, AI does lighten the physician's burden. But that value comes to life only once the three conditions — accuracy, trail, protection — are met. If they cannot be met, choosing not to adopt is a fine decision too.
08Connections to Other Chapters on This Site
This installment gains depth when read alongside the following chapters.
- AI Medical Vol. 5 — Drug Discovery AI — The medical data stored in EHRs also becomes the foundation for drug-discovery AI from exploration through the clinic. Data quality and protection govern the next layer of value.
- AI Marketing Vol. 5 — AI-Generated Content Strategy — The "a human approves at the end" human-in-the-loop idea is a design principle common to both records and content.
- A Good Day, Every Day — A set of essays that portray the acts of keeping and verifying records as the work of people, between people.
When AI enters the EHR, the physician can lift their eyes from the screen and reclaim time to face the patient. Voice input reduces the effort of typing, automated summarization shortens a long record, and documentation support eases the burden of boilerplate — this is real progress. But the EHR is not a mere memo; it is the basis of care and a legal record. So when delegating to AI, the question was not "will it be faster" but "even if it is faster, is the record's trustworthiness preserved?"
The three conditions do not move. The summary must not diverge from the facts — do not drop negations, numbers, or evidence with each shortening. The audit trail must be preserved — including whether it was human or AI, "who, when, what" must remain. And PHI must not leak — release only the necessary minimum, and design inside the frame of the three-ministry, two-guideline set and the Act on the Protection of Personal Information. Do not trust AI completely, but do not shun it either; the human bears final responsibility. Next time, we move on to drug-discovery AI — AI from exploration through the clinic — for which the medical data stored in EHRs becomes one of the foundations.
- Automated summarization is "to shorten = to discard." It carries three risks — loss of negation, rounding of numbers, fabrication creeping in — and AI optimizes for readability over accuracy. So medical summaries should be treated not as a finished product but as a draft, with a human finalizing them against the original.
- The audit trail (who, when, what) is the foundation of an electronic record's trustworthiness. Parts written by AI must keep that involvement itself in the history, preserving authenticity, legibility, and preservability. Introducing AI must not weaken the trail.
- PHI (patient information) is special care-required personal information. Confirm the place of processing, use for training, access rights, and anonymization, and release only the necessary minimum to the outside. Design inside the frame of the three-ministry, two-guideline set and the Act on the Protection of Personal Information, and keep a mechanism that can be stopped.
- Ministry of Health, Labour and Welfare. Guidelines for the Safe Management of Medical Information Systems, Ver. 6.0. Ministry of Health, Labour and Welfare, 2023. (The central document setting out authenticity, legibility, and preservability of EHRs, the audit trail, and safety-management measures.)
- Ministry of Economy, Trade and Industry; Ministry of Internal Affairs and Communications. Guidelines for the Safe Management of Information Systems and Services Handling Medical Information, Ver. 1.1. Ministry of Economy, Trade and Industry; Ministry of Internal Affairs and Communications, 2023. (The vendor-side norm that, together with the MHLW guideline, composes the "three-ministry, two-guideline" set.)
- Personal Information Protection Commission. Act on the Protection of Personal Information. Personal Information Protection Commission, enacted 2003 (successively amended). (The underlying statute defining special care-required personal information, third-party provision, anonymously processed information, and more.)
- Personal Information Protection Commission; Ministry of Health, Labour and Welfare. Guidance for the Proper Handling of Personal Information by Medical and Long-Term Care Providers. Personal Information Protection Commission; Ministry of Health, Labour and Welfare, 2023. (Guidance that concretizes the handling of special care-required personal information in clinical settings.)
- Ministry of Health, Labour and Welfare. Guidelines for the Safe Management of Medical Information Systems, Ver. 6.0 — System Operation Edition. Ministry of Health, Labour and Welfare, 2023. (A volume organizing safety-management measures by role; the practical basis for adoption decisions and operational design.)