BIPA Webinar Coming Soon

Panelists

The Illinois Biometric Information Privacy Act (BIPA) passed in 2008, has been used to pursue class action lawsuits against companies in and outside Illinois. Leaders that have and are shaping the future of privacy law, both in Illinois and throughout the United States will come together to have a thoughtful discussion and dialogue on the future of privacy law and the role biometrics plays in the past and future. Join us for this upcoming webinar free to registered participants. Sign up on EventBrite.com.

Recent BIPA Settlements in the News:

  • Facebook finalizes $650M BIPA settlement
  • TikTok Reaches $92 Million Settlement in BIPA Lawsuit
  • Six Flags agrees to $36 million settlement over fingerprint scan privacy allegations
  • $25M Settlement in BIPA Class Action against ADP

BIPA Panelists Include:

This image has an empty alt attribute; its file name is IrisMartinez-4.jpg
Iris Martinez
Cook County Clerk of the Court
Original C0-sponsor of the Illinois Biometric Protection Act (BIPA)
Former Illinois State Senator and Assistant Majority Leader
This image has an empty alt attribute; its file name is karen-yarbrough-2.jpg
Karen Yarbrough
Cook County Clerk
Original Co-sponsor of the Illinois Biometric Protection Act (BIPA)
Former Illinois State Representative and Assistant Majority Leader
This image has an empty alt attribute; its file name is DebbieReynolds-1.png
Debbie Reynolds
Data Privacy Consultant
DebbieReynoldsConsulting.com
This image has an empty alt attribute; its file name is Kantrow_Josh-1.jpg
Josh M. Kantrow
Partner
Lewis Brisbois
This image has an empty alt attribute; its file name is LeeNeubeckerOpenCollarHeadShot.jpeg
Lee Neubecker
President, Enigma Forensics, Inc.
Data Forensics Expert
Moderator

Keys to Unlocking the EMR Audit Trails (Electronic Medical Records)

Have you ever requested Electronic Medical Records (EMR’s) and its beyond difficult to read? The printed pages are not searchable, mixed in with junk, lacking versions that you know should be recorded? Check out this video blog with transcripts. Lee Neubecker, CEO and President of Enigma Forensics offers keys to unlocking the mystery of EMR’s.

Click to view Video on Keys to Unlocking the EMR Audit Trails
(Electronic Medical Records) 



Video Transcripts follows:
EMR Audit Trails, as produced by Healthcare Providers during medical malpractice discovery, frequently filter out the important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.

Lee Neubecker: So today, we’re going to be talking about the keys to unlocking Electronic Medical Record Audit Trails. We have a mixture of people on the webinar today. I know some people represent healthcare providers. Other people represent litigants involved with medical malpractice. I’m going to be talking a little bit today about how the process works.


Scenarios where Electronic Medical Records (EMR) are important

  • Eldercare neglect or abuse
  • Failure to provide appropriate & timely care leading to patient injury
  • Failure for staff to provide to correct type of care
  • Credentials of staff that performed procedures
  • Discussions between staff are relevant
  • Establishing the supervising physician neglected appropriate care
  • Allegations involving child welfare accusing parents of harming a child

Lee Neubecker: We’ll begin with discussing some of the scenarios where Electronic Medical Records are relevant and important. If you’re suspecting that the elderly has been abused in a nursing home, that could be important to know. Records of care when medications were provided, whether or not patients were neglected. All of that information can be discerned from reviewing the electronic medical record history. In some cases, there’s allegations about not providing appropriate care over time or the staff providing the wrong type of care. So, many of these cases become litigated in various medical record experts or clinical experts get involved. We’ll be talking about later today about how you really want to start with getting command of the EMR or Electronic Medical Records so that it can be efficiently reviewed not only by you and your team but also by any experts that might be retained to assist with the case. It’s important to understand that there might be discussions between staff, physicians and nurses and whatnot that aren’t in the progress notes or printed medical record. So we’ll be covering that in a little bit. Allegations about harm to children by parents or healthcare providers. That’s also relevant as well. In some cases, we’ve seen situations where the chart reflects a certain color of bruising many days after a child was admitted into a facility for care but the coloration of bruises often can suggest that the bruising happened before entry into a facility. On a case like that, knowing whether or not the child was bathed and whether it was reported early on can help determine was the child injured in the health care provider’s place of care or did it happen prior to admission?

What typically happens when you request the EMR

  1. Printed pages (not searchable)
  2. Mixed in with junk
  3. Sorted most recent to oldest
  4. Lacking version historical revisions
  5. Limited reports that have unnecessary filters
  6. Hold back on communications (Sticky Notes / Routing)
  7. Records entered not contemporaneously to events 

Lee Neubecker: So what typically happens when you ask for the electronic medical record for your patient or your chart, the healthcare providers will often produce it in the most unhelpful way. They might print it if it’s printed or dumped to a PDF that’s flattened, it’s not searchable.

It might be included with lots of redundant information, out of order, sorted not intuitively from oldest to newest, but backwards. Oftentimes, the version revision history of the progress notes are completely missing. So, for instance, if you have an Epic EMR production. With Epic, they have the ability to enable the specific version number so that you can determine the revision history over time and that isn’t always what’s included in the printed report that gets produced.

Some reports will have unnecessary filters. For instance, if only named providers are shown and you don’t see a mixture of healthcare staff providing care to a patient, that might suggest that the report was produced with only the name key healthcare providers included. And so, when you’re requesting electronic medical records, you really want to be very specific to say, use no other filter other than the patient identifier or the patient medical record number, date filters and whatnot, narrowly defining the date and time when the patient was in the hospital or healthcare facility might result in filtering out of important records that show that the chart might’ve been modified or manipulated well after the patient’s departure from the facility and after the patient experienced some type of harm.

Another thing I see, sorry about that. Another thing I see that happens sometimes is in addition to different filters, such as like filtering by date or filtering by healthcare provider or department, sometimes the filters aren’t displayed on the reports and you really want to be able to understand what filters are used. One other filter that might be used without your knowledge is whether or not the record is considered confidential.

Confidential would suppress the record oftentimes from appearing on the printed medical record report. So you want active, inactive, all version history, confidential, you want the entirety.

Another important thing that is relevant in many cases involves the communications between healthcare providers. With Epic, you have the ability and with Cerner, you have the ability for routing of communications, either almost like an email system within the healthcare system or something known as sticky notes, which is basically like an instant messaging platform between healthcare staff about a patient.

And there’s documentation out there where hospitals say that sticky notes are not part of the medical-legal record. Well, HIPAA requires that all that data be retained. So the data is in there, it’s in the backend database or you have to inspect the hospital information system to be able to document it on the photo or on video.

Another thing that we see a lot of our records that are entered in, after the fact, when you enter a record into a hospital information system, you can list the reported date and time of the event but that is oftentimes different than when the record was actually saved and created in the system. So we’ll talk about that more as we go through.

Important Concepts & Terms

  • (EMR) Electronic Medical Records
  • (EHR) Electronic Health Record
  • (HIS) Health Information System
  • (PACS) Picture Archiving and Communication System
  • (ePHI) / (PHI) Electronic Protected Health Information
  • Data Dictionary
  • Delimited Format
  • Native Files
  • Audit Trail
  • Audit Logs
  • Pivot Tables
  • OCR (Optical Character Text Recognition)

Lee Neubecker: First, I’d like to cover some important concepts and terms that are relevant to Electronic Medical Records in medical malpractice litigation.

EMR, Electronic Medical Records is synonymous with EHR, the Electronic Health Record. A hospital Information System is sometimes referred to as HIS and that’s like Cerner or Epic or Meditech or whatever software system is being used to manage the patient care and store their electronic medical record. PACS is specific to video, phototypes involved with the documentation of electronic medical records, as it pertains to things like MRIs, x-rays, videos of surgeries, and so on. And each of these systems often has its own audit logs separate from the HIS system. ePHI is Electronic Protected Health Information. That’s what all the stuff is about.

Data dictionaries are abstract or key to help you to cross-reference the initials of the health care provider or the department or procedures or lab test results to the friendly name. And if you’re working on one of these cases, you want to include in your request for production, a production of the data dictionary, so that you can make sense of the charts and records that are produced to you.

Another thing that I like to ask for when I’m getting electronic medical records is to request that that data be produced in what’s known as a delimited format, which is like a spreadsheet format, sometimes known as comma-delimited. That allows you to manipulate the data much more easily and filter and aggregate and do things that can help you see into what’s happening quickly without having to review oftentimes tens of thousands of pages.

Native files refer to the file as it exists. Like if there’s a transcription that’s saved as a WAV file that has the original doctor’s notes, asking for the native file of the transcriptions would give you the actual file that was recorded, as opposed to some transcription of the file.

Audit trail or audit logs, HIPAA requires that data be stored about the creation, modification and access of electronic health records. And these audit logs will show when things are added, updated, modified. The logs and audit trails that are produced often don’t answer the key question about what changes are happening. And usually, I get involved with helping the parties understand well, what really happened? What was a real revision history? When did it occur? Who did it, from what computer? At what date and time was data deleted? Was it added? And that’s very relevant to many medical malpractice cases. When we’re analyzing data, some of the things we can do, we can take the electronic medical records if they’re produced in a delimited format, we can quickly prepare aggregate summary charts that might show how many minutes did, or how many interactions with the EMR did the supervising physician have? What dates and time where the records looked at? When did modifications occur? If modifications occurred after a patient’s discharge, which I see quite a lot of times, that can be suggestive of efforts to fabricate the medical record history.

When we get the data, in addition to trying to get it into a delimited or a spreadsheet format, we’d like to make sure that the data is OCRed, which is optical character text recognition, that allows for searching and key concepts, names of providers, dates and times and so on. And all of that can be very important as you work a case.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

 

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPPA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/

Cyber-Attacked on Supply Chain Again!

In lieu of the recent ransomware cyber attacks on critical supply chain assets, Enigma Forensics analyzes two recent cyber attacks and what lessons we have learned.

Cyber attacks on our supply chain. Will it stop? Enigma Forensics is a cyber forensic company and our love for data security keeps us focused on the 4W’s and 1H of a Cyber Attack. Here’s the latest of two very important cyber attacks on our crucial supply chain.

Who was involved? What happened? When? Where? How did it happen?

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, experienced a ransomware cyberattack. Colonial Pipeline carries gasoline and jet fuel mainly to the Southeastern United States. The cyber attackers impacted computerized equipment managing the pipeline. They took the company offline and wanted a sizable ransom to reverse the cyber attack.

This pipeline disruption caused an immediate reaction. Americans felt a rise in gasoline prices, people were panic buying and there were crazy long lines at the pump. Some areas reported no gasoline at all. What was the company’s response? Colonial Pipeline’s CEO Joseph Blount reported, they learned the criminal cyber attackers infiltrated Colonial’s computers through a legacy or old virtual private network, commonly known as a V.P.N.

Joseph Blount, CEO of Colonial Pipeline paid approximately $5 million in Bitcoin ransom to the attackers. Blount told the Senate Homeland Security Committee at a hearing, paying the ransomware was the hardest decision of his career. Blount said he knew how critical Colonial’s pipeline is to the country and he put the interests of the country first. When asked about the security on the particular VPN that was hacked, Blount said it was not a two-factor security password that texts to a phone but single factor authentication using only a plain text password. He said it was more complicated than the typical Colonial123 password. Lesson learned?

Following the attack on Colonial Pipeline, another ransomware cyber-attack occurred on our supply chain.

JBS Meat Packing Hack (it rhymes!)

JBS is considered to be one of the largest meatpacking companies in the world. At the end of May, they reported cyber criminals used ransomware to take over the company’s network systems and stopped meat production. JBS revealed they made a payment of $11 million to a Russian-speaking ransomware gang called “REvil” to protect JBS meat plants from any further impact on farmers, grocery stores, and restaurants.

Why are we seeing a surge in targeting a crucial supply chain?

There are many contributing factors in the recent wave of hacking attacks. It’s a fact more folks are working from home and lack the cybersecurity necessary to guard against intrusions. Another large contributing factor is that software used to allow bad actors to break into a network system is more sophisticated and readily available. The largest factor is that the United States companies are more globally connected than ever before therefore increasing their exposure to cybercriminals.

Who’s in Charge?

You might be asking who is in charge. It’s the United States Department of Homeland Security (DHS). Its stated missions involve anti-terrorism, border security, immigration and customs, cybersecurity, and disaster prevention and management.

Cyber Security Prevention

June 10, 2021 – The Department of Homeland Security Cybersecurity and Infrastructure Security Agency unveiled guidance for defending against ransomware attacks targeting operational technology assets and control systems, in light of the rise in critical infrastructure attacks.

The guidance joins a host of federal agency and White House efforts to crack down on ransomware and improve threat sharing between entities, as the frequency and disruption of attacks continue to ripple across the country. Combining knowledge and sharing prevention ideas will be the key to thwarting future attacks.

Fingers Crossed that the guidance works. We have all learned the lesson that it’s vital that we secure our supply chain in the United States and abroad. We don’t want to say what’s next!

Check out this series of our video blogs pertaining to cyber breaches!

The Keys to Unlocking Electronic Medical Records by Lee Neubecker

Join us on Friday, June 25 from noon – 1:00 pm. Please register on Eventbrite at:
https://electronicmedicalrecords.eventbrite.com

Electronic Medical Records Unraveled!

EMR Audit Trails as produced by Healthcare Providers during medical malpractice discovery frequently filter out the important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR revision history and the complete audit trail.

Enigma Forensics, Inc. was founded by Lee Neubecker, CISSP, an established Computer Forensics Expert for over 20 years and the President / CEO of Enigma Forensics. Mr. Neubecker has been ranked as one of the top global experts in cybersecurity and computer forensics by Who’s Who Legal for many years running.

Please join us this week, on Friday, June 25th at Noon to 1 PM CST for a complimentary Zoom webinar learn more about:

  • Neubecker demystifies Electronic Medical Records (EMR) by revealing how EMR can be fabricated, filtered, incomplete or misleading.
  • Neubecker will walk through the typical stages involved with litigating medical malpractice cases as they relate to EMR. 
  • Neubecker will discuss some of the typical problems and concerns with tendered EMR audit trails and patient charts as produced during discovery.
  • You will learn how to request and compel discovery to obtain the complete patient EMR audit trails and EMR revision history.
  • Most of all, you will learn how to detect records that may have been electronically manipulated. 

Watch the presentation now on YouTube:

Beware of Trade Secret Theft

Employers beware of Trade Secret Theft. A Forensic Expert can reveal a pattern that is indicative of a departed employee. Hire an Expert (HAE) to help track stolen or misappropriated data to lessen the financial loss left in the wake by a former employee.

Departing Employees Steal Data

Employers beware of trade secret theft! The pandemic forced many employers to require their employees to work from home without appropriate cybersecurity measures required to secure sensitive data. The increased vulnerability of company trade secrets has made it extremely difficult to navigate through an employee’s departure from an organization. Enigma Forensics has over 20 years of experience helping organizations navigate through the separation of employers, partners, and employees. Even the most technically savvy employers in the technology sector have issues with trade secret theft. Check out this example!

August 2020, Former Google exec Anthony Levandowski sentenced to 18 months for stealing self-driving car trade secrets

The technology giant Google recently sued their departed superstar engineer Anthony Levandowski. Levandowski helped develop the fast-growing world of self-driving cars and was the primary executive who helped Google to grow in the self-driving car industry. For reasons we can only speculate about, he departed Google to start his own self-driving truck company called Otto.

Levandowski sold Otto to Uber in 2016

Lewandowski’s new company, Otto become the first-ever self-driving trucking company. In 2016, he entered a deal with Uber to sell Otto and joined Uber as a high-ranking executive in its self-driving division. Google’s new self-driving unit called Waymo filed a lawsuit against Uber for trade secret theft. Waymo alleged that through Uber’s purchase of Otto they gained access to Google’s sensitive technology that Levandowski allegedly illegally took on his way out Google’s door.

Levandowski settled with Waymo (Google) in a trade secret theft case

During the trial, Levandowski refused to hand over documents and as a result, became in trouble with the US Attorney’s Office. He eventually reached a deal and was ordered to pay $747,000 in restitution to Google and a fine of $97,000. Levandowski had to declare bankruptcy after another separate court ruling that found him guilty of poaching Waymo engineers. Following the aftermath of the trade secret case against Uber and Levandowski, in September 2020, Levandowski filed another lawsuit. He alleged that the Waymo case negatively affected the Otto deal with Uber, and as a result, didn’t receive the financial rewards that were promised to him. Karma always seems to creep into these scenarios.

The Same Story Over and Over Again

All too often we see the same story played out no matter what the industry, company, or corporation. For top earners, there are only a few options for them to make a change. These are two options that we typically see in trade secret cases.

The first option is to out on their own as an entrepreneur or the second option is to go work for the competition. Once a top earner joins the competition, it’s often only a matter of time before they call on trusted former colleagues to join them. The next step in pursuing employees that departed for a competitor is often hiring a computer forensics expert skilled in trade secret misappropriation investigations. An expert is an unbiased third party that will track down the data that was illegally taken, document his/her findings in an affidavit, and assist with fact discovery. Ultimately, confronting the former employee with clear facts that demonstrate the trade secret misappropriation may lead to an agreed settlement. Often times, litigation continues and leads to a trial with the evidence at issue presented in a court of law. Having an experienced expert on your side can make the difference in the overall outcome.

Enigma Forensics has assisted in many trade secret cases. Hire an Expert (HAE) and Win Your Trade Secret Case! Call Enigma Forensics at 312-668-0333 to investigate.

To learn more

How to Unlock Electronic Medical Records

Electronic Medical Records can make or break a case! Do you want to learn how to unlock an Electronic Medical Record Audit Trail? Check out this complimentary MCLE (1 hour) credit seminar via Zoom, as Enigma Forensics CEO, Lee Neubecker offers keys to unlock the mysteries of the EMR audit trail. Read through this blog to register for this complimentary event.

Please join Enigma Forensics as our CEO, Lee Neubecker, as he presents:

“Keys to Unlocking Electronic Medical Records EMR”

Tuesday, May 25,

noon-1:00 p.m. Via Zoom

This complimentary program is offered for 1 hour of MCLE Credit in Illinois.

Register here: https://osadil.eventsair.com/2021-the-keys-to-unlocking-electronic-medical-records/2021-thekeystounlockingelectronicmedrecords/Site/Register

Enigma Forensics is partnering with the following sponsors:
The Family Justice Resource Center

If you are facing a wrongful allegation, The Family Justice Resource Center can help. The process of overcoming a medically-based wrongful allegation is exceedingly difficult. They offer a place to turn for families facing allegations of abuse and neglect. By learning the keys to unlocking the Electronic Medical Records it will become easier to uncover the root cause of every allegation. #https://www.famjustice.org/

Center for Integrity in Forensic Sciences

The Center for Integrity in Forensic Sciences (CIFS) is the first non-profit organization in the United States to bring exclusive focus to improvement of the reliability and safety of criminal prosecutions through strengthening the forensic sciences. Its educational and service goals span legislation, all facets of the judicial system, and experiential education of tomorrow’s lawyers and scientists. Its innovative approach allows law students and both undergraduate and graduate students in the sciences to work collaboratively, expanding the knowledge and competency of students across that broad spectrum. #https://cifsjustice.org/about-cifs/

Illinois Innocence Project

The Illinois Innocence Project (IIP) is dedicated to freeing innocent men and women imprisoned in Illinois for crimes they did not commit. They advocate on behalf of this silenced population by researching and investigating claims of innocence and providing legal representation and other assistance to prove credible claims of actual innocence. #https://www.uis.edu/illinoisinnocenceproject/about/

Illinois Public Defender Association

The Illinois Public Defender Association was incorporated in 1969 as a non-profit 501 [c][6] an educational organization for Public Defenders. The goals of education, interchange of ideas, and camaraderie are reflected by semi-annual seminars serving Public Defenders and court-appointed counsel in all 102 counties. #https://www2.illinois.gov/osad/PublicDefenderInformation/Pages/PDAssociation.aspx

Enigma Forensics

Lee Neubecker is CEO and Founder of Enigma Forensics. We are a computer forensic company that focuses on Electronic Medical Records and Data Recovery. We are pleased to offer this complimentary MCLE credited event.

To learn more about the keys to unlocking Electronic Medical Records EMR

How to Compel Discovery of Electronic Medical Records

EMR Audit Trails as produced by Healthcare Providers during medical malpractice discovery frequently filter out important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.

Are you attempting to compel the production of a patient’s electronic medical chart and the complete electronic medical record audit trail?

Medical malpractice litigation today routinely requires obtaining the complete electronic medical record audit trail. Compelling the entire patient’s EMR Audit Trail Discovery is vital to the case. Hospitals, clinics, dentists, and other health providers are required to document patient interactions in electronic HIPAA compliant Healthcare Information Systems (HIS). Electronic Medical Records (EMR) also referred to as Electronic Health Records (EHR) are used almost interchangeably. Requesting and receiving the complete EMR for a harmed party can be a daunting process, especially when health care providers produce voluminous audit trail reports in paper form that lack any clear documentation of exactly what changes were made to the EMR.

HIPAA compliant HIS software providers are required to log all access, review, editing, and deletion of records. Such logs must include a record of the user making the change, the source computer that made the change, the date and time of the records actual creation (this can be different than the date and time stamp that appears on the printed patient chart or progress notes), and all versions of the chart as it existed at various points in time. While the HIS software providers maintain HIPAA compliance, ensuring that deleted or revised patient records remain in the HIS record, those earlier revision instances or deleted (marked inactive) records are routinely left off the patient’s printed EMR. By design, the EMR audit trail reports lack the specific modifications being made and by whom. It is often necessary to formulate your discovery request in a specific way to ensure that all audit trail logs from all of the various HIS-connected systems are produced in such a way that provides a clear understanding of health care events that took place.

The following graphic depicts the typical process involved with retaining a computer forensics expert skilled in deciphering EMR to assist with compelling discovery of the complete patient electronic medical records, including the revision history.

1. Request Patient’s Complete Electronic Medical Records (EMR)

It is important that your discovery request includes important relevant details and enough specificity to ensure you receive a comprehensive production of available information without having unnecessary filters applied. We have seen routine usage of filters such as named users, narrow start and ending dates, departments and other available filters that result in receiving an incomplete production of the patient’s EMR. If you would like a sample electronic medical record discovery request list of items, please call us and we would be happy to share our sample request with you. Engaging our firm early on in the process can help speed things along.

2. Review Produced EMR Records

Reviewing the timeline of events and the complaint to develop an understanding of the critical moments when decisions were made or not made leading to harm to the patient is usually the starting point for engaging a computer forensics expert to assist you. Following the review of the case documents, converting the EMR produced to a more usable format is important before analysis begins. Ensuring that the EMR has been OCR’s, adding page labels to the document if missing saves time downstream and allows for surgical review of voluminous EMR to isolate records of care by date, time, health care provider name, medication, or other activity. Summarizing data and performing focused reviews around key dates and times can provide important insights.

3. Identify examples of withheld records or apparent manipulation

During the review process, it is helpful to identify examples of abnormalities or notations that indicate other data referenced is not contained in the production of the patient’s EMR. Reviewing the complete EMR records produced, not just the critical dates and times, can often help establish normal patterns of EMR and can be used in contrast to critical dates and times where EMR appears to be missing from the record. Skilled and experienced EMR data forensics experts often find indicators of manipulation that may not be readily apparent to someone who is not an EMR data forensics expert. Plaintiff’s medical malpractice counsel should send a written or emailed request to the health care provider to produce apparently missing records. This documentation of asking for the missing data will be helpful later when a motion to compel is filed with the court. Judges always like it when litigants attempt to work things out first amongst themselves before seeking judicial intervention. It is not uncommon that our firm is retained at this stage when the non-expert has reviewed the EMR produced and suspects something is hinky. Having your EMR data forensic expert assist with drafting the follow-on request for missing EMR can help lay the foundation for a later affidavit in support of a motion to compel.

4. Review Supplemental Production of Records if Received

In many cases, healthcare providers will partially respond to a supplemental request for EMR. The production oftentimes still lacks the clear ability to correlate the revision history of the patient’s chart and medical record. The review of all of the EMR produced to date is important in beginning to build the argument to be included in the future EMR expert witness affidavit in support of an onsite inspection of the HIS to obtain the patient’s complete EMR including the revision history.

5. Affidavit in Support of Motion to Compel Onsite Direct Inspection

The EMR data forensics expert must lay the foundation documenting their credentials, what they reviewed, significant findings, notes of any deficiencies in the production, and establishing that additional information not produced by the health care provider may be available from performing an onsite inspection. Direct engagement with the HIS can often reveal additional details such as the actual time or original entry of a notation as well as the life cycle of modification over time showing which device was used to access or modify the notation, what user accessed/modified the record, and the current status of records entered into the EMR. Inactive or deleted notations may be revealed on some HIS systems by toggling the view settings to show inactive records. The sworn statement by the EMR data forensics expert is an important tool in winning your motion to compel and often is filed with the motion, or submitted shortly after and before the hearing on the motion. In some cases, sharing the EMR data forensics expert’s curriculum vitae with the health care provider and the signed affidavit in support of the motion to compel onsite recorded inspection of the patient’s EMR may result in an agreement to allow inspection without the court’s order or an acceptable settlement offer. It never hurts to try.

6. File Motion to Compel Onsite Direct Inspection of the EMR System

Usually, to obtain direct onsite inspection of the healthcare provider’s HIS is a request likely to encounter objections and resistance. Filing a motion to compel and providing a supporting EMR expert witness affidavit can help overcome objections. A federal U.S. District Court ordered a hospital to provide such direct access to a patient plaintiff in a medical malpractice case. (Borum v. Smith, W.D. Ky. No. 4:17-cv-17, 2017 U.S. Dist. LEXIS 109249 (July 14, 2017)). The court’s decision and arguments can be viewed at this link. Onsite inspections can also be performed using remote control/viewing software such as WebEx, Zoom, TeamViewer, and others if the court allows and so orders. Typically, healthcare provider staff or HIS software consultants with administrative access to the HIS will perform the actions directed by the plaintiff’s EMR consultant and allow for recording screenshots of the patient’s EMR as viewed within the software.

7. Court Testimony in Support of Motion to Compel Onsite Direct Inspection

Having your EMR expert present in the hearing on your motion to compel usually takes place in person or via a remote video conferencing tool such as Zoom. Since the outbreak of Covid-19 began to escalate in 2020, courts have become more comfortable with allowing remote experts to appear via electronic video conferencing, making it easier to retain the most knowledgeable EMR computer forensics expert witness without concerns over the geographic location of your expert witness. Allowing the judge to ask questions of your EMR expert witness directly and assist you with responding to any raised objections has been proven to be highly effective in winning the motion to compel onsite inspection of the plaintiff’s EMR.

8. Onsite Inspection

Once the court has granted the motion to compel an onsite inspection, it is important to ensure that any in-person meeting isn’t a waste of everyone’s time. Problems that can arise include the health care provider producing someone to operate the computer terminal who is not knowledgeable about how to use the HIS or that lacks full administrative access to the complete backend databases containing detailed historical information including revision history of the EMR. In some cases, such as Cerner and Epic, some screens can be viewed in the software that will show progress notes and the revision histories including the user name modifying or entering the record and the times the record was updated by the user. In other systems, it may be necessary to access the back-end database system with administrative credentials to perform Structured Query Language (SQL) queries to identify the relevant record history. Having an EMR expert that has experience writing SQL database queries is important when the HIS doesn’t offer a built-in report or display view that can show the complete historical record of events.

9. Review Records Captured Onsite

Following the onsite inspection, it is often necessary to review in more detail the screenshots and video footage documenting the EMR in the HIS. Reports generated during the onsite may need to be compared against earlier productions of EMR to help document any records that were withheld. Where it is provable that the healthcare provider withheld patient EMR, it may be possible to petition the court to order reimbursement of expert witness fees associated with the consulting engagement.

10. Write Final Report

Many times, a final report is not necessary. Typically, once it is established that records were withheld, or it is believed to be known that this may be the case, it is more often than not that a settlement offer is made to the plaintiff when obfuscation or manipulation of the patient’s EMR took place. If no acceptable settlement is reached, writing a final report in the form of a sworn affidavit to detail the delays and extra costs associated with discovery is important for petitioning the court to award expert fees. Other times, the data obtained from the onsite inspection can be presented without a report or sworn affidavit. Photos and videos can sometimes avoid the need to generate a final report.

11. Expert Witness Deposed

Should an acceptable settlement offer not have been reached, the EMR expert witness will be deposed. This typically is preceded by a request for the disclosed expert witness’s communications with counsel and any work product or notes. Working with an EMR expert witness that has been deposed numerous times and has achieved successful outcomes following the given deposition can make or break your case. If the defense counsel can undermine the credibility of your expert, the admissibility of any of the opinions sworn to by your expert may be excluded. If your EMR expert witness is successful at establishing that records were held back or manipulated and provides a reliable deposition in support of those opinions, your case matter is likely to receive a reasonable settlement offer proportionate to the offenses and harm caused to your client.

12. Trial Testimony

It is rare that you will need your EMR Expert Witness to testify at trial regarding manipulation or withholding of evidence. If the facts exist and have been produced, they often speak for themselves. Many healthcare organizations face frequent malpractice litigation. If it is established in the public record that a healthcare organization permanently deleted a patient’s EMR, that organization could lose Medicare/Medicaid funding for not maintaining HIPAA compliance, a problem that could far exceed paying out a settlement to a single aggrieved party.

13. Case Settles

Medical malpractice cases often settle when it has been established that the records have been altered to distort the true record of patient care. Having news reports published detailing how a healthcare organization manipulated historical patient EMR to mask a mistake resulting in the harm of the patient would only invite more litigation by other harmed patients. In the interest of protecting their organization from further litigation and more intrusive discovery, healthcare organizations need to maintain their profitability and minimize costs paid out for ongoing litigation.

Summary

When you are getting stonewalled by a healthcare organization and feel that you are receiving cryptic EMR audit trails, or a production that is missing data that should exist, having an experience EMR computer forensics expert witness and consultant on your side can help you achieve a better outcome for your client. If you would like to discuss a case matter with us, we are happy to provide a complimentary consultation. Call us today at 312-668-0333.

Trade Secret Theft – Local Man Arrested

Trade secret theft of intellectual property, data misappropriation or corporate espionage is a growing trend. All are considered criminal acts that cost employers and employees millions of dollars and future income. This growing trend has attorney’s teaming up with data and computer forensic experts to find the smoking gun and save their clients a great deal of money. Ultimately saving companies or businesses that may be at risk of closing!

How to Avoid Trade Secret Theft of Intellectual Property and Data Misappropriation?

Corporate trade secret theft of intellectual property and data misappropriation with a competitive international company. All sounds right out of a James Bond movie!

Employee Resigns but Doesn’t Tell He Will Be Working for the Competitor

In September of 2015, an employee of a metal company was caught red-handed at O’Hare International airport with his luggage filled with company documents. That employee was Robert O’Rourke. O’Rourke was unhappy working for Dura-Bar, a McHenry County metal manufacturing firm he started working for in 1984 as a metallurgical engineer and eventually became a salesperson. He accepted a new position for a Chinese competitor named Hualong as Vice President of research and development. When he resigned he didn’t tell Dura-Bar management he was going to work for Hualong company. A company that manufactures cast-iron products and is in direct competition with Dura-Bar. On his last day of work, O’Rourke goes out for drinks with some of his colleagues. He slips up and tells them he is going to work for Hualong.

Departing Employee Downloads Electronic Data and Documents Belonging to the Company.

According to evidence at trial, in late 2013, O’Rourke began several months of negotiations to take a similar job with a rival firm in Jiangsu, China. While still employed at Dura-Bar, he then downloaded electronic data and documents belonging to Dura-Bar without authorization two days before officially leaving the company.  The following week, he packed up the proprietary information and went to O’Hare International Airport in Chicago to board a flight to China.  Federal authorities intervened at the airport and seized the stolen trade secrets from O’Rourke before he could travel to China. Gotcha!

Employee Charged and Convicted

About four years later, in October 2019, a federal judge sentenced a 30-year employee of a McHenry County manufacturing firm to a year and a day in federal prison for stealing trade secret information while planning to work for a rival company in China.

Hire an Expert (HAE)!

Enigma Forensics has over 20 years of experience. We work with attorneys on recovering and proving trade secret theft of intellectual property and data misappropriation for their clients. Criminal acts such as these can cost companies millions of dollars to defend and recover damages. Companies need to protect themselves by setting up protocols to alert when large quantities of data are being downloaded. To further protect themselves, employers must use non-compete agreements when hiring employees that work with proprietary company information.

To Learn More…

Trade Secret Theft and Misappropriation in the Food Industry

Rarely do we hear about trade secret theft and misappropriation in the food industry. It happens! Read about this high profile case involving a famous food celebrity chef!

America’s Test Kitchen (ATK) sues Christopher Kimball for Misappropriation of Trade Secrets

Here is another example of trade secret theft. Check out this blog to see how business and personal emails played a role in the misappropriation of trade secrets. Yes, there is trade secret theft in the food industry!

Who isn’t a fan of cooking shows?

Have you ever watched American’s Test Kitchen (ATK) on public television? In addition to the show, ATK is a multimedia company that has holdings in public television programs such as America’s Test Kitchen, Cook’s Country, cooking magazines and books, and several websites? Who knew? We love watching celebrity chefs like Christopher Kimball and other specialized professionals test the great American recipes like meatloaf, roast chicken, and apple pie!

Trade Secret Missappropriation Lawsuit or Foodie Divorce?

Christopher Kimball was the face and personality behind America’s Test Kitchen and Cook’s Country. In November 2015, Kimball left ATK’s program and started his own program called Christopher Kimball’s Milk Street. When two parties split it’s called a divorce, well, you guessed it, ATK sued Christopher Kimball, the co-founder, part owner, celebrity chef, and the former host of its TV shows. Almost a year later, America’s Test Kitchen Inc. filed a lawsuit on October 31, 2016, as the Plaintiff. They wanted Kimball to change his business model. We call this a foodie divorce.

ATK said Kimball duplicated what he did on the show on Milk Street and that he misappropriated its trade secrets and breached his fiduciary duty to the company. In addition, they claimed that while Kimball was working at ATK as he actively created his new company Milk Street. According to ATK, Kimball stole its collection of recipes, TV show ideas, media contacts, and subscriber information. As a result, ATK sought damages against Kimball and wanted a large sum of all profits that he has derived through the use of the trade secrets he allegedly misappropriated from America’s Test Kitchen.  Other defendants named were Melissa Baldino, Kimball’s wife and a former executive director of ATK, Christine Gordon, and Deborah Broide. ATK claimed they aided and abetted Kimball’s breach of his fiduciary duties.

Non-Compete Agreement between ATK and Kimball

It seems that ATK and Kimball did not have a formal non-compete agreement in place. To protect intellectual property, corporations use a non-compete agreement where the employee agrees not to enter into competition with the employer during or after employment. If an employee departs and takes intellectual property without permission that’s considered trade secret theft and misappropriation.

It’s all in the Email!

This case is an example of where most evidence of trade secret misappropriation can be found. It’s all in the email! A variety of emails were attached to the complaint that included notes between Gordon and real estate brokers, between Kimball and an IT consultant covering such issues as how to copy and store tons of recipes. There were emails discovered between Broide and Kimball regarding the media lists; between Gordon and the ATK help desk about whether company scanners would keep copies of documents she scanned.

The Foodie Divorce finally settled!

To all our fellow foodies the good news is that both parties settled. Kimball agreed to return his ATK shares to the company for an undisclosed price. In the end, they agreed to business terms that will allow America’s Test Kitchen and Kimball’s company, Milk Street to co-exist. Giving us foodies the benefit of watching both shows!

Enigma Forensics is a computer forensic company with litigation experts that partner with attorneys to represent plaintiffs and defendants to help prove their case. We dig for evidence of trade secret theft or misappropriation of intellectual property. Most of all we are foodies! We found this story about trade secret theft and misappropriation in the food industry fascinating and wanted to share.

To learn more about Trade Secret Misappropriation

Electronic Medical Records Manipulated Post Lawsuit

Hiring an expert in electronic medical records (EMR’s) will help uncover record manipulation that will assist law professionals in winning medical malpractice cases for their clients. Check out this blog to see how a Kentucky woman waged a monumental fight against the medical system that failed her!

A site visit by an expert pays off, a Computer Forensic Expert Finds the Smoking Gun in the Electronic Medical Record (EMR) audit trail!

Kim Johnson noticed a lump on her right breast and because her mother died of breast cancer she feared the worst. In January 2015, she went to Fleming County Hospital in Flemingsburg, Kentucky, to get a mammogram. When she received a letter from the hospital that proved she had “no evidence of cancer”, this Kentucky mother of eight breathed a huge sigh of relief. Several months had passed and the lump continued to grow so she decided to get a second opinion. She was horrified to learn she has stage 4 cancer.

Sadly, Fleming County Hospital had sent the wrong letter, giving Johnson the all-clear instead of directing her to return for a follow-up examination. In September 2016, Johnson filed a lawsuit against the hospital claiming doctors misdiagnosed her, and that two employees deleted evidence of the letter saying she didn’t have cancer. How did she know this?

She hired a digital forensic expert!

Ms. Johnson and her lawyer’s hired a digital forensic expert skilled in examining EMR audit trails. During a court-ordered on-site visit, they found employee EMR entries that edited the history and deleted the evidence of the erroneous letter claiming that she was cancer-free.

In the wake of the misdiagnosis by the hospital, Ms. Johnson is left with a long battle with cancer. If her cancer would have been recognized at an earlier stage her quality of life would have been different as a result. She trusted the system and it failed her.

Who protects the patient? The HIPPA law ensures accountability

Required by the Health Insurance Portability and Accountability Act (HIPAA), hospitals and healthcare providers are to maintain an audit trail of all access, entry, and modification of the patient’s EMR to ensure accountability. Hiring a computer forensics expert that has experience with examining Health Information Systems (HIS) and the related EMR audit trails that can make or break your case. Call Enigma Forensics staff today if you think you may have a case requiring similar assistance. 312-668-0333.

To Learn More About EMR Audit Trails