Victim Compensation Without Litigation - the Lexington Experience Victim Co...
Electronic Medical Records and What Constitutes Valid Evidence in Litigation
1. Electronic Medical Records and What
Constitutes Valid Evidence in
Litigation
Metadata in EMRs is discoverable in civil trials, under federal law. Here is a
look at what constitutes valid evidence in litigation.
Medical Record Review
2. www.mosmedicalrecordreview.com 1-800-670-2809
With paper records making way for electronic records, there is a change in medical record
keeping and a corresponding change in what constitutes evidence in litigation and how
information may become evidence in litigation. It is important therefore that attorneys who
may need to review medical records understand HIPAA compliance with regard to EMRs, what
electronically stored information is discoverable and admissible in court, and metadata.
PHI (Protected Health Information) is any individually identifiable health information that is
transmitted by and maintained in electronic media, or transmitted/maintained in any other
form or medium. In other words, electronically stored information (ESI) constitutes PHI. ESI can
be contained in electronic media (television, radio, internet, etc.), as well as electronic storage
devices such as diskettes, flash drives, CD/DVD, and magnetic tape. In medical litigation PHI
maintained in any electronic storage device or transmitted by any electronic media are possible
sources of discoverable information. It is important to be aware of the fact that more than 50%
of physicians use PDAs and smartphones on a regular basis in clinical decision making.
In this scenario, attorneys and lawyers must have a clear idea regarding what is “discoverable.”
Under HIPAA, PHI is protected with both a Privacy Rule and a Security Rule. These rules insist on
certain safeguards and standards that will ensure that covered entities protect both paper and
electronic medical records of a patient from unauthorized access, destruction or tampering.
They should have procedures in place to provide individuals with a clear and accurate account
of any PHI disclosures in case an accounting is necessary. Attorneys who want to obtain PHI
from providers during discovery must do so by using either written authorization or subpoena.
The terms “confidentiality” and “integrity” are of great significance with regard to HIPAA – the
former implies that the data/information is not disclosed to unauthorized persons or processes;
while the latter signifies that the data/information is not altered or destroyed in an
unauthorized manner. Audit controls such as software, hardware and/or procedural
mechanisms that record and examine activity in information systems that contain or use
electronic PHI should be used by covered entities. Regular review of records of information
system activity such as security tracking reports, access reports and audit logs is indispensable.
Audit control systems generate metadata that comprises information about who accessed
patient data, how it was used, and also regarding the operation of the electronic device storing
or transmitting the medical records. This metadata is not part of the formal medical chart but is
a rich storehouse of information that is not otherwise available in discovery. Audit trails give
information regarding who accessed healthcare data, when, where, why and how it was
accessed. This is very important from the point of view of testimony provided in the court and
will help address any inconsistencies.
3. www.mosmedicalrecordreview.com 1-800-670-2809
Electronic medical records ensure increased availability of data and documentation for
malpractice, personal injury and other cases. Digital data is more detailed, organized and clear.
Metadata in electronic medical records is discoverable in civil trials, under federal law. The
extent to which it is discoverable may however, vary from one state to another. Legal
professionals involved in medical litigation need to be aware of the various rules and
regulations pertaining to electronic data – the HITECH Act, HIPAA changes, DHHS Privacy Rule
and Security Rule and the efficiencies of computer forensics that pertains to legal evidence
found in computers and other digital storage media.