For Lack of a Proper "Print" Function - The Difficulties in Responding to Subpoenas to Produce the EHR
Prepared by Krystyna H. Nowik, Esq.
As the use of electronic health records (EHRs) and participation in health information exchanges (HIEs) expands, so does their appearance in court. EHRs are more and more frequently relied upon to produce all or part of a patient’s medical record in response to a discovery request. Not only do EHRs include files, tests results and clinical notes, but they can also include images such as X-rays, charts, consent forms and other documentation, and handwritten notes. One might be tempted to think that producing an EHR in response to a subpoena would be a fairly easy feat – the records are all available electronically so simply search the EHR for those particular records and print or save them. But as those well versed with EHR technology are quite aware, responding to discovery requests where an EHR is involved can be a Herculean task for hospitals with anything but the newest EHR technology.
When paper was the norm, hospital administrators could sort through and pull out only the requested (and relevant) information from the patient’s paper medical record. With the adoption of EHR technology, however, this became more problematic because not only was there significantly more data available to sort through in a given EHR, but older EHR technology commonly lacked the capacity to efficiently track, filter and selectively “print” or save the required data. In addition, many hospitals may still retain legacy systems in addition to their current EHR system and as such, data must be pulled from multiple sources to create a complete record. The result? Extremely time and resource-consuming efforts to produce information in addition to a multitude of discovery problems and reliability concerns.
For hospitals with EHR systems incapable of filtering or selectively printing data, each screen may have to be printed individually using the "print screen" function. Once printed, there is also no guarantee that the record will look like it would when viewed live in the EHR. For example, printing may have to be by all treatment notes, then all progress notes, then medications, then audit trails (which may not even be printable at all). This can result in boxes and boxes of disorganized information being produced, much of which may make virtually no sense at all. And to top it off, all of the information may not have even been available to the physician at the point of care. Because of these problems "printing" out EHRs, all too often are plaintiffs requesting access to the live EHR itself, and courts may also order hospitals to figure out how to produce the data in a computer read-only format. This could potentially require painstaking collaboration with the vendor itself and IT professionals.
And then come the problems with interpreting the record in court. When looking at the traditional paper medical chart versus an EHR, it is clear that the EHR is far more complex and generally tells a different and more clinical story than the one needed for litigation. For example, it may be commonplace for a physician to turn “off” a flag, promoting the need for an explanation as to why the “flag” was turned off or overridden under the circumstances. Additionally, certain definitions may mean one thing for purposes of one hospital's EHR but something else for another EHR. For example, an order "accepted" into the EHR system could mean either it was pending or that it was officially entered and signed off on by the physician. This discrepancy would have to be explained in court by a knowledgeable member of the hospital's HIM or IT department. Another problem is that come a plaintiff's day in court, the EHR technology, functions and capabilities may look nothing like when the physician actually had access to the information, making it impossible to reproduce exactly what the physician saw that day(s). One can only imagine the number of people who would be required to testify as to the system’s capabilities, lags in time between when procedures were actually performed and when they were actually entered into the EHR, current and prior functionalities, and how audit trails did and currently function.
In addition, hospitals and providers may also have trouble when patients request copies of their medical record in electronic format, as HITECH expanded patient access rights to include such copies where the information is maintained in an EHR. HITECH requires copies to be produced in an electronic form and format if the individual so chooses. Even if not readily producible, a hospital would still be required to produce the record in a readable electronic form agreed to by the individual and the hospital. And if all these concerns aren’t enough to make one’s head spin, when HIEs are thrown into the blender, things get even more complicated. Putting aside the issues surrounding whether and when an HIE may be properly served with a subpoena for medical records, where an HIE functions with a “centralized” or even a hybrid architecture (meaning it has some key components centralized and others federated), it could also be pulled into litigation along with the individual provider(s) to produce EHRs or related records that it may maintain and control. With a centralized architecture, the HIE itself stores and controls the data or maintains registries as opposed to the individual providers storing the data and merely pushing or pulling it into and through the HIE. Even where an HIE functions primarily with a federated architecture (de-centralized), it will have audit trails and other records which could be required during the course of litigation or even for investigation by the Office of Civil Rights (OCR).
Even though EHR records in general are as accurate as the paper medical record would be, separating that information from its source and producing it in a readable and comprehensive format creates more challenges than many hospital and providers are capable of dealing with currently. Although certainly EHR technology and HIE capabilities have evolved and continue to evolve rapidly (Meaningful Use, anyone?) to respond to many of these challenges, hospitals and health care providers who have not yet updated their systems, or have only updated parts of their systems, still must deal with these concerns, particularly when involved in litigation. Developing policies and procedures to deal with discovery requests concerning EHRs is an absolute necessity as well as ensuring key management personnel, such as privacy, health information management (HIM) and information technology (IT) officers, understand exactly how the EHR functions (from audit trails to authentication of users) and what it is capable of producing for litigation and other non-clinical purposes.