David J. Kearney

February 1, 2014

How to Prepare the Record for an E-Discovery Request

Filed under: e-Discovery,Litigation Support,Management,Project Management,Technology — David J. Kearney @ 9:13 pm

Journal of AHIMA February 14

How to Prepare the Record for an E-Discovery Request
By David Kearney

AT A MINIMUM healthcare organizations should identify the components of their legal health record. The legal health record is a consistent declaration of what patient care information is maintained within an organization and what information would be released during a legal or investigatory event. It is the key to the consistency of patient health information across a healthcare organization. Consistent patient care information is the cornerstone of being able to produce this information completely and accurately upon request during an event without prejudice for business or evidentiary purposes.

Health information management (HIM) professionals are typically the custodians of health records and are responsible for the care, custody, and control of the records. HIM serves as a key component in knowing how health records are created, maintained, and used in the day-to-day care setting. It is vital that HIM professionals have a complete understanding of the official health record and its potential requirements. As more providers use electronic health records and manage health information electronically, HIM professionals must become familiar with e-discovery processes and requirements.

The Role of the HIM Professional
A recent requirement for health records that health information managers need to be well versed on is how these records are compiled and controlled as it relates to the litigation lifecycle or an investigation. HIM professionals need to be able to communicate with in-house attorneys, outside counsel, and even perhaps opposing counsel regarding the legal health record contents and the attestation of patient records for evidentiary purposes during a litigation or investigatory event.

Since most health records are now electronic, it is important that HIM professionals be aware of how electronic records are preserved, collected, processed, and presented during a lawsuit.  Electronic evidence has dictated guidelines that must be followed during the discovery process as prescribed by the Federal Rules of Civil Procedures—procedures that govern civil procedures in the US federal courts—and it is equally important to expect at least the same amount of rigor to be applied to electronic
evidence at the state or jurisdictional level.

The Federal Rules of Civil Procedure, specifically rules 26–37, provide guidelines to the discovery process of evidence, including duties of disclosure, topics of discussion between the parties involved, and how documents are to be produced.

Another great tool, while not mandated by court rules, is the Electronic Discovery Reference Model, also known as the EDRM (available at http://www.edrm.net). The EDRM depicts the flow and series of phases that electronic evidence traverses during the litigation process, including how the information is identified, preserved, collected, processed, reviewed, and produced.

First and foremost, data governance is addressed at the far left side of the EDRM workflow, as information management, which underscores the importance of properly managing data for the litigation/e-discovery process. This is the starting point where healthcare organizations have an opportunity to get it right and to be in an ideal position for any anticipated events.  This is also the initial phase where many issues can arise during discovery proceedings, positioning an organization at a disadvantage from the onset of any data retrieval exercise.

Know the What and Where of Your Data

Healthcare organizations must know what information they have, where data is located, the duration data must be retained, and what information is needed to respond to a legal, investigatory, or other event. Managing organizational information with sound policy and processes reduces costs, mitigates risk, and protects the organization’s personnel, patients, and revenue.

A second component to a litigation or investigatory event, once sound data governance strategies have been implemented, is the ability of health information management professionals to respond to an event or an anticipated event. It is vital that HIM professionals have a well-developed readiness plan to respond to a legal hold or preservation order of relevant information that is specific to a matter.

To avoid a claim of spoliation— the intentional or negligent hiding, changing, or destruction of relevant materials—healthcare organizations should have a strategy that facilitates preservation of potential evidence once relevant data has been identified. Depending on how information is stored and collected within the healthcare setting and how this information is managed and maintained, it will be necessary to plan on this information being used as evidence.

As such, health information managers must not only be intimately familiar with their organization’s electronic health record (EHR) systems, but how these systems can produce the
information in a legally sound manner. Preserving the data as it is maintained in the normal course of business, along with all of the detailed metadata contained within the EHR, is a must to ensure complete and accurate information. Doing this is a much more intricate process than typical metadata one finds in word processing, spreadsheet, and e-mail documents.

EHR systems were not necessarily designed with litigation in mind, so it is critical that HIM professionals become familiar with how data can and cannot be provided during an event and how that data is managed throughout the lifecycle of litigation or an investigation.

One of the other critical components necessary during an event is a data source map, or an information management plan, that for litigation purposes identifies expert users or custodians of the data, who knows what about the data, how it is maintained, and any associated data retention policies.

The process of event preparedness happens long before the triggers that may lead to a litigation or investigatory event. It requires organizations to have an understanding of responsibilities and to define policies for regulation and business needs. Policies and procedures that help actively manage data are not just an IT or HIM “problem” but a collaborative business initiative where organizations must develop a well-defined structure and process to understand, manage, and prepare for litigation.

Legal counsel, HIM professionals, clinicians, information technology professionals, and C-suite professionals should work together to successfully manage information for the ediscovery process, implement a litigation response plan, and develop or update organizational policies.

Technology alone cannot replace the joint effort needed to develop sound processes. The process and technology needs to be defined, adopted, and audited. Collaboration and coordination must exist to tell the story of the data from all stakeholder perspectives to define the policies, procedures, and practices, including regular auditing of such routines. People, processes, and technology are key to information management and event preparedness.

Credit Given for Showing Your Work

The courts are not out to get anyone, but rather look for a reasonable, well documented, thought out, and consistent approach to information governance. It is very similar to math
class in grade school where the teacher always wanted to see one’s work demonstrated, or at least have an idea of the level of logic a student used to answer a question. This can help justify when questioned whether an approach to legal compliance was at least reasonable. Credit may be given even though the resulting answer may have been unsatisfactory, or if a good faith effort was used to manage and produce data.

Conversely, if an organization doesn’t have policies and plans in place it risks exorbitant costs associated with additional technology and personnel needed to store unmanaged data, as well as heightened risks of compliance and regulatory violations and court-imposed sanctions.

Planning and readiness for litigation or investigation is another piece of the information governance puzzle, which is much like any business continuity and disaster recovery plans, with an understanding of data, where it is located, how data is managed, event response, and regular testing of processes and procedures for when an event occurs. Health information managers carry the responsibility to ensure that the data being managed maintains its integrity during a litigation or investigatory event.

David Kearney (DKearney@cohenlaw.com) is director of technology services at Cohen & Grigsby, based in Pittsburgh, PA.

This article was first published in the Journal of AHIMA February 2014 issue and is reprinted here with permission.  For more information about the Journal of AHIMA, visit their website at http://journal.ahima.org/ and the AHIMA website at http://www.ahima.org

Copyright © 2014 American Health Information Management Association



Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: