Enterprise Risk Management (ERM) Legal & Regulatory

EHRs and e-Discovery Evolving Expectations

As electronic health records (EHRs) become the universal form of documenting patient care, also comes the pressures and requirements to maintain the records in their original form and to be able to duplicate them upon request. The vital question is – what has to be maintained and what may become the subject of discovery should litigation ensue?

A Blessing and a Curse

For the patient-care providers who use these systems day in and day out, they are both a blessing and a curse. EHRs have become a ubiquitous feature of medical practice and, as a result, ripe for analysis and criticism by plaintiffs’ attorneys.

Metadata and Audit Trails = Sleepless Nights

If the terms metadata or audit trails leave you in a cold sweat, you are not alone. These are terms attorneys and, in turn, judges have been grappling with as EHR becomes more common and, more generally, as electronically stored information (ESI) has become the subject of increased discovery requests and legal motions.

In 2006, the Federal Rules of Civil Procedure were amended to include preservation, production and discovery of “electronically stored information.” This led to the development of a body of case law addressing the discovery of ESI. However, most malpractice litigation is gutted out in state courts. States have been much slower to address this issue and remain in the early stages of establishing expectations for legal parties and medical professionals involved in disputes over ESI.

The Evolution of Record Production

Often the first and most standard demand in a medical negligence case involves a request for the patient chart. Currently, that most often involves producing a pdf or paper copy of an electronic chart. Until very recently, that is where the medical record request would end. This means of production is evolving. Plaintiff’s attorneys are now realizing the vast wealth of information maintained within an EHR system that can be used to question the credibility of a provider, the quality of the care provided or the care with which a provider took to document medical assistance or treatment provided.

As medical professionals and the legal teams who defend their care, we need to stay ahead of these ESI requests, know what is there and be ready to address them. Surprise parties are great, but surprises in litigation are the things of nightmares.

How to Get Ahead and Stay Ahead

In my home state of New York, “material and necessary” is the legal standard that counsel must meet to establish a right to discovery of a piece of information. In the broadest of terms, that is disclosure of all matters material and necessary to the prosecution of an action.

In short, if there is a connection between the data and the case, it is fair game. So, when the writing is on the wall that a potential claim may be underfoot, there should be an affirmative effort to secure not only the medical records, but any and all emails, digital voicemails, computer calendaring programs and wireless text messages related to the patient, as well as all audit trails and metadata.

Beware, this may be onerous. Depending on the size of your organization and in anticipation of these types of requests, you may consider hiring a director of information services or training an existing staff member in the planning, organizing and execution of the information technology and information services functions of your organization. This person should be capable of retrieving each and every part of the data and metadata for a given patient’s file for the relevant dates plus securing and preserving it, so as to avoid spoliation issues in the future.


What is “spoliation”? In the federal court system and in most states, the parties to litigation and their attorneys who are in or anticipate litigation must do everything in their power to preserve electronic data. That means the parties must cease routine data destruction and immediately institute data preservation practices.

If ESI is destroyed at a time when litigation is ongoing or anticipated, it can result in extreme legal consequences including contempt charges, spoliation sanctions or worse. If your director of information services has secured and preserved all available material at the outset, then this issue becomes moot.

Not all Systems and Vendors are Created Equal

Another important prevention strategy is to know your EHR system and your EHR vendor. Your vendor can be your biggest ally or worst enemy when trying to address a litigation hold or intricate discovery demand. Maintain a good working relationship with vendors.

With regard to the ESI system itself, requests for all types of documents should be anticipated, including service contracts, training manuals, product information sheets, confirmation of staff training and documentation surrounding the purchase and roll out of the system.

Policies and procedures may also be requested regarding documentation standards, login and password use, and correction standards for purposes of determining whether the medical professionals were in compliance with established policies and procedures.

Preparation is the Key to Success

Preparation is valuable and you hold the key. If healthcare providers and staff are properly trained in the use of electronic medical records technology, there can and will be fewer instances of human error in record keeping.

Further, when circumstances arise that lead you to believe that litigation is likely, it is critical to have a protocol in place that is followed in order to secure necessary documents and information.

Additionally, once EHR information is secure, any witness who may be called to provide deposition or trial testimony should be familiar with not only the medicine, but the documentation as well. The witness should be aware of any issues identified in the EHR and its metadata, the limitations and use of the EHR system at the time of the care at issue, and the policies from the time at issue concerning data administration.

It’s Just the Beginning, Folks!

Legal issues involving the discovery of EHR are only beginning to emerge and the legal expectations are undefined. As a result, your current best defense starts with a proactive plan involving a review of your systems, evaluation of your staff and implementation of policies, procedures and protocol plus training and execution of your entire plan related to ESI and EHR.

Mackenzie C. Monaco is a litigation attorney representing healthcare professionals, organizations and facilities in claims related to medical malpractice and professional liability. She is a director and shareholder at Carter Conboy in Albany, New York.

Sign Up for ASHRM Forum Updates

Provide your information below to subscribe to ASHRM email communications