Metadata, Audit Trails and Discovery - Oh My!

In my world of medical malpractice litigation, the resident/patient medical record is Exhibit 1.  The importance the healthcare records play in defending long-term care lawsuits cannot be overstated. From the completeness of the record to each chart entry, the healthcare record is scrutinized by plaintiff and defense attorneys, all experts and provider witnesses. In every case, the integrity of the healthcare record is a central issue and many challenges to face and obstacles to overcome as to the liability of the care provider, causation and damages.

I was honored to be a speaker at the Inaugural Long Term Care Insurance ExecuSummit last month and presented the topic “Audit Trails – The Discovery Rabbit Hole”.  This month’s article summarizes the presentation and highlights the current and emerging risks associated with Electronic Medical Record (EMR) as they relate to litigation.

What is Metadata and Why Should You Care?

One of the best definitions of “metadata” is found in Irwin v. Onondoga County Resource Recovery Agency which involved a Freedom of Information Act request for photographs and “associated metadata” with respect to the photographs.  In Irwin, we learn:

“Nearly “every electronic document contains metadata”. As earlier referenced, we now set forth a detailed definition of the term metadata for those lacking familiarity with the term. Metadata is “secondary information” not apparent on the face of the document “that describes an electronic document's characteristics, origins, and usage”. Some examples of metadata for electronic documents include: a file's name, a file's location (e.g., directory structure or pathname), file format or file type, file size, file dates (e.g., creation date, date of last data modification, date of last data access, and date of last metadata modification), and file permissions (e.g., who can read the data, who can write to it, who can run it). Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Most metadata is generally not visible when a document is printed or when the document is converted to an image file. Metadata can be altered intentionally or inadvertently and can be extracted when native files are converted to image files. Sometimes the metadata can be inaccurate, as when a form document reflects the author as the person who created the template but who did not draft the document. In addition, metadata can come from a variety of sources; it can be created automatically by a computer, supplied by a user, or inferred through a relationship to another document.”

Further definition is presented for the three types of metadata in Irwin.  

Substantive Metadata

Substantive metadata, or application metadata, is information created by the software used to create the document, reflecting editing changes or comments, and instructions concerning fonts and spacing. Substantive metadata is embedded in the document it describes and remains with the document when it is moved or copied. Such information is useful in showing the genesis of a particular document and the history of proposed revisions or changes ...

System Metadata

System metadata reflects automatically generated information about the creation or revision of a document, such as the document's author, or the date and time of its creation or modification .System metadata is not necessarily embedded in the document, but can be obtained from the operating system or information management system on which the document was created ...[S]ystem metadata is most relevant if a document's authenticity is at issue, or there are questions as to who received a document or when it was received.

Embedded Metadata

Embedded metadata is data that is inputted into a file by its creators or users, but that cannot be seen in the document's display. Common types of embedded metadata include the formulas used to create spreadsheets, hidden columns, references, fields, or internally or externally linked files. Embedded metadata is often critical to understanding complex spreadsheets which lack an explanation of the formulas underlying the output in each cell.”

Describing how metadata is produced in litigation, we read in Irwin: “The two most common ways of producing metadata for ESI [electronically stored information] are to produce documents (i) in a TIFF or pdf format with an accompanying ‘load file’ or (ii) in ‘native format”. The production of a hard copy of a document (i.e., one in paper form) or the production of a document electronically but in what is basically a “picture” or “static” form, such as a portable document file (pdf) or tagged image file format (tiff), limits the information provided “to the actual text or superficial content of the document”. Only when an electronic document is produced in its “native” form can metadata be disclosed. “

The reason we care about metadata is because Plaintiff’s attorney are requesting “audit trails” and other metadata related to a resident’s EMR. Oftentimes the Court will compel production of this information and understanding the risks is key to risk mitigation best practices.

What is an Audit Trail and How Do Plaintiff’s Attorneys Request Them?

An audit trail is a type of metadata that provides a register of usage for a database or other software program, revealing how the records in the program have been accessed or changed. Plaintiff’s attorneys request the audit trail of the resident’s EMR to find evidence that the EMR has been altered thus exposing discovery abuse and spoliation, and even proving liability.

Here is an example of a Plaintiff’s request to a nursing home in litigation:

Complete audit trail for the resident’s EMR/EHR with no data, user or date limitations in a searchable, filterable and useable format such as Excel; to include (but not limited to):

i. All accesses including date, time, and author from January 29, 2015 to the present day.
ii. All dictation audit trails.
iii. All types of actions to include amendments, additions, copy, print, sign, create, and delete with the original documentation unobscured to the EMR from January 29, 2015 to the present day.
iv. All specific portions of the chart accessed from January 29, 2015 to the present day.
v. Terminal/device identification and physical location of all accesses from January 29, 2015 to the present day.
vi. Time event stamp AND display time stamp.
vii. Any and all hyperlinked documents (scanned and or pdf) in the medical record.

These requests are in accordance with HIPAA compliance and pursuant to CFR §170.210, CFR § l 70.302, 2 1 C.F.R. Pt. 1 1, 11.l0(e), CFR § 164.524, 45 CFR § 164.316, § 170.210(e)( l )(i), 45 C.F.R. § 164.306, 45 CFR  § 164.312, 45 CFR  §164.308, 45 CFR § 164.304.

Any audit trail containing less than the above requested information will be considered a breach of HIPAA and reportable to the federal government.

While we object on various grounds to the production of certain metadata and audit trails, it is probable that some information will be compelled for production.

What Legislation and Laws Drive EMR and Metadata?

There are numerous legislative and legal sources governing the EMR and technical safeguards as well as discovery of metadata/electronically stored information including:

HIPAA 1996
American Recovery and Reinvestment Act
PPACA (Patient Protection and Affordable Care Act)
PQRI (Physician Quality Reporting Initiative)
Medicare Electronic Health Records Incentive Program
HITECH and MUC (Health Information Technology for Economic and Clinical Health Act and Meaningful Use Criteria)
Federal and State Rules of Civil Procedure
Policies and Procedures

A review of these legislative resources is beyond the scope of this article, however, consider the following Federal legislation and rules:

45 C.F.R. § 164.306(a)(1) commands a covered entity including a skilled nursing facility to [e]nsure the confidentiality, integrity, and availability of all electronic protected health information [that it] creates, receives, maintains, or transmits.

45 C.F.R. § 164.304 provides that “availability” in this context means that data or information is accessible and useable upon demand by an authorized person.

45 C.F.R. § 164.308(a)(7)(ii) provides that a nursing home must [e]stablish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.

45 C.F.R. § 164.312(b) provides that a nursing home must implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

45 C.F.R. § 170.210(b) requires that the date, time, patient identification, user identification ... must be recorded when electronic health information is created, modified, accessed, or deleted; and an indication of which action(s) occurred and by whom must be recorded.

45 C.F.R. § 170.210(b) requires documentation to include an indication of which action(s) occurred and by whom.

Federal Rules of Civil Procedure provide for the production of “designated documents or electronically stored information—including ... data or data compilations—stored in any medium from which information can be obtained either directly or, if necessary, after translation by the [disclosing] party into a reasonably usable form”.

In other words, there are duties imposed on nursing homes by state and federal legislation and rules to implement technical safeguards for electronic information systems including EMR. Plaintiff’s attorneys are aware of these duties and are investigating compliance at all levels through the discovery process.

How Do We Object to the Production of Information?

In response to request for metadata and audit trails in particular, several grounds for objections exist and include that the information is not relevant; the request sis outside the scope of allowable discovery; peer review and quality assurance privileges are applicable; and attorney client  and work product are included in the request.

A more detailed evaluation of these objections will be explored in later articles. The courts appear inclined to allow discovery under the broad rules that apply, however, we continue to advance objections that have been sustained.

What Cases Address Audit Trails and How Have Courts Ruled?

Following are fact patters and recent rulings involving audit trail issues.

In an Illinois medical malpractice case, the Southern District of Illinois considered whether to order Defendants to produce the metadata and the audit trail associated with Plaintiff’s electronic medical file.

The Plaintiff sought the information after receiving two “different” medical charts relating to her care. She alleged that the medical records may have been improperly altered, and that the metadata and audit trail could provide further information, including the date, time, name of person who accessed the record, the user ID, action taken, and items viewed in the record.

The Defendants objected on the grounds of the peer review privilege, which protects some information related to medical professionals’ revisions and comments to medical records. The Defendants asserted that this privilege, as well as the work product doctrine, protected the audit trail as to actions taken by its risk management personnel and representatives in anticipation of litigation.

The Plaintiff responded that the audit trail information would be particularly relevant to her theory that the medical records were edited or altered, and that the peer review privilege does not protect from disclosure the medical record itself, of which the audit trail is a part. The Plaintiff also responded that because the audit trail was not created in anticipation of litigation (because it is automatically generated), work product privilege would not protect it either.

The court looked to state law to see if the peer review privilege would shield the audit trail from disclosure. Illinois’ Medical Studies Act provided a list of information and data that is protected by this privilege, but does not expressly protect the information the Plaintiff sought. The court concluded, therefore, that the entire medical record is discoverable, and that the audit trail is a part of that record because neither the peer review privilege nor the work product privilege protected the data. The court ordered the Defendants to produce all portions of the audit trail responsive the Plaintiffs’ discovery requests.

In a New York medical malpractice case, the Plaintiff sued the Defendant hospital on behalf of the Plaintiff’s decedent, who presented at the hospital with nausea, abdominal pain and vomiting and was released several hours later without being seen by a doctor.  The Plaintiff’s decedent collapsed and died the following day.  The Plaintiff’s complaint alleges that the Defendant was negligent in its failure to have procedures in place requiring a patient like the decedent to be seen by a doctor before being discharged.

The Plaintiff sought production of the audit trail for decedent’s medical records to determine whether a doctor reviewed decedent’s records before she was discharged.  The Defendant objected, asserting that audit trails were not relevant, material or necessary and that the request was a “fishing expedition”. The Defendant further argued that the Plaintiff was not entitled to the audit trails because she had not disputed the produced hospital records’ authenticity. The Plaintiff filed a Motion to Compel.

The court found that the audit trails were directly relevant to whether the decedent was seen by a doctor.  The court reasoned that the audit trails were material and necessary because even though they do not describe what a doctor did, they do show if a doctor reviewed the records, which information could be explored further at deposition. Based upon this reasoning, the court disagreed with the defense’s contention that the request was a fishing expedition. The court also determined that New York law did not require that the Plaintiff dispute the authenticity of the hospital records in order to receive production of the audit trails.   It was sufficient that the Plaintiff sought the audit trails to establish a significant premise of the case, as to who viewed the decedent’s hospital records prior to her discharge.  The court granted the Motion.

In a Pennsylvania case, the Plaintiff sued the Defendants for the wrongful death of decedent, an Alzheimer’s patient living in one of the Defendants’ nursing facilities. The facility kept poor, false or incomplete records of the decedent’s condition, and ultimately, he died of sepsis from untreated wounds. After certain counts were dismissed and others sent to arbitration, discovery began as to the wrongful death claim.

With respect to the requests for production, the Plaintiff sought, among other things, a full and complete copy of the audit trail for the decedent’s medical records, including information about when his chart was accessed and by whom. Part of the Plaintiff’s claim rested upon her allegation that his chart was falsely documented, and she asserted that the audit trails were relevant. The Defendants responded that they are not required to maintain an audit trail and that they do not maintain them because their medical records are not “single documents” but “an amalgamation of multiple computer programs and systems provided by different vendors.” The Defendants offered to produce various reports that they asserted would provide the Plaintiff with the same information.

The court determined that although the Plaintiff specifically requested an audit trail, the information the Defendants offered in its stead would provide the Plaintiff with what she sought, and it denied the Motion to Compel the audit trail as moot.

In a New Jersey lawsuit, the Plaintiff, a prisoner in the New Jersey Department of Corrections, alleged brutality by corrections officers. In that case, the Defendant produced PDF versions of Plaintiff’s medical records, and the Plaintiff sought production of the records in native format for the following two reasons: 1) ease of review, and 2) access to the audit trail for information regarding any changes or additions made to the records.

The Defendant objected that producing the documents in the native format would be unduly burdensome, but it did not object to producing the audit trail. The court agreed that producing the documents in native format would cause undue hardship on the Defendant but still required the Defendant to produce the audit trail.

With electronic recordkeeping growing continuously more complex, it is critical that providers understand electronic discovery issues. There is no easy risk mitigation strategy or practice regarding the EMR and safeguarding it. Be aware that every action related to the chart is recorded. I recommend reviewing audit trails with your team and understand how your EMR records and is retrieved. I work with our provider clients to evaluate the EMR and develop best practices for documentation.

The evidence developed related to the audit trail will be central t the development of the lawsuit and themes that will emerge.  Increasing awareness and best practice regarding EMR documentation will enhance the defense of the chart and the lawsuit. Please don’t hesitate to contact me to discuss metadata and audit trails and risk mitigations strategies.

Rebecca Adelman