Click to view Video on Keys to Unlocking the EMR Audit Trails
(Electronic Medical Records)
Video Transcripts follows:
EMR Audit Trails, as produced by Healthcare Providers during medical malpractice discovery, frequently filter out the important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.
Lee Neubecker: So today, we’re going to be talking about the keys to unlocking Electronic Medical Record Audit Trails. We have a mixture of people on the webinar today. I know some people represent healthcare providers. Other people represent litigants involved with medical malpractice. I’m going to be talking a little bit today about how the process works.
Scenarios where Electronic Medical Records (EMR) are important
- Eldercare neglect or abuse
- Failure to provide appropriate & timely care leading to patient injury
- Failure for staff to provide to correct type of care
- Credentials of staff that performed procedures
- Discussions between staff are relevant
- Establishing the supervising physician neglected appropriate care
- Allegations involving child welfare accusing parents of harming a child
Lee Neubecker: We’ll begin with discussing some of the scenarios where Electronic Medical Records are relevant and important. If you’re suspecting that the elderly has been abused in a nursing home, that could be important to know. Records of care when medications were provided, whether or not patients were neglected. All of that information can be discerned from reviewing the electronic medical record history. In some cases, there’s allegations about not providing appropriate care over time or the staff providing the wrong type of care. So, many of these cases become litigated in various medical record experts or clinical experts get involved. We’ll be talking about later today about how you really want to start with getting command of the EMR or Electronic Medical Records so that it can be efficiently reviewed not only by you and your team but also by any experts that might be retained to assist with the case. It’s important to understand that there might be discussions between staff, physicians and nurses and whatnot that aren’t in the progress notes or printed medical record. So we’ll be covering that in a little bit. Allegations about harm to children by parents or healthcare providers. That’s also relevant as well. In some cases, we’ve seen situations where the chart reflects a certain color of bruising many days after a child was admitted into a facility for care but the coloration of bruises often can suggest that the bruising happened before entry into a facility. On a case like that, knowing whether or not the child was bathed and whether it was reported early on can help determine was the child injured in the health care provider’s place of care or did it happen prior to admission?
What typically happens when you request the EMR
- Printed pages (not searchable)
- Mixed in with junk
- Sorted most recent to oldest
- Lacking version historical revisions
- Limited reports that have unnecessary filters
- Hold back on communications (Sticky Notes / Routing)
- Records entered not contemporaneously to events
Lee Neubecker: So what typically happens when you ask for the electronic medical record for your patient or your chart, the healthcare providers will often produce it in the most unhelpful way. They might print it if it’s printed or dumped to a PDF that’s flattened, it’s not searchable.
It might be included with lots of redundant information, out of order, sorted not intuitively from oldest to newest, but backwards. Oftentimes, the version revision history of the progress notes are completely missing. So, for instance, if you have an Epic EMR production. With Epic, they have the ability to enable the specific version number so that you can determine the revision history over time and that isn’t always what’s included in the printed report that gets produced.
Some reports will have unnecessary filters. For instance, if only named providers are shown and you don’t see a mixture of healthcare staff providing care to a patient, that might suggest that the report was produced with only the name key healthcare providers included. And so, when you’re requesting electronic medical records, you really want to be very specific to say, use no other filter other than the patient identifier or the patient medical record number, date filters and whatnot, narrowly defining the date and time when the patient was in the hospital or healthcare facility might result in filtering out of important records that show that the chart might’ve been modified or manipulated well after the patient’s departure from the facility and after the patient experienced some type of harm.
Another thing I see, sorry about that. Another thing I see that happens sometimes is in addition to different filters, such as like filtering by date or filtering by healthcare provider or department, sometimes the filters aren’t displayed on the reports and you really want to be able to understand what filters are used. One other filter that might be used without your knowledge is whether or not the record is considered confidential.
Confidential would suppress the record oftentimes from appearing on the printed medical record report. So you want active, inactive, all version history, confidential, you want the entirety.
Another important thing that is relevant in many cases involves the communications between healthcare providers. With Epic, you have the ability and with Cerner, you have the ability for routing of communications, either almost like an email system within the healthcare system or something known as sticky notes, which is basically like an instant messaging platform between healthcare staff about a patient.
And there’s documentation out there where hospitals say that sticky notes are not part of the medical-legal record. Well, HIPAA requires that all that data be retained. So the data is in there, it’s in the backend database or you have to inspect the hospital information system to be able to document it on the photo or on video.
Another thing that we see a lot of our records that are entered in, after the fact, when you enter a record into a hospital information system, you can list the reported date and time of the event but that is oftentimes different than when the record was actually saved and created in the system. So we’ll talk about that more as we go through.
Important Concepts & Terms
- (EMR) Electronic Medical Records
- (EHR) Electronic Health Record
- (HIS) Health Information System
- (PACS) Picture Archiving and Communication System
- (ePHI) / (PHI) Electronic Protected Health Information
- Data Dictionary
- Delimited Format
- Native Files
- Audit Trail
- Audit Logs
- Pivot Tables
- OCR (Optical Character Text Recognition)
Lee Neubecker: First, I’d like to cover some important concepts and terms that are relevant to Electronic Medical Records in medical malpractice litigation.
EMR, Electronic Medical Records is synonymous with EHR, the Electronic Health Record. A hospital Information System is sometimes referred to as HIS and that’s like Cerner or Epic or Meditech or whatever software system is being used to manage the patient care and store their electronic medical record. PACS is specific to video, phototypes involved with the documentation of electronic medical records, as it pertains to things like MRIs, x-rays, videos of surgeries, and so on. And each of these systems often has its own audit logs separate from the HIS system. ePHI is Electronic Protected Health Information. That’s what all the stuff is about.
Data dictionaries are abstract or key to help you to cross-reference the initials of the health care provider or the department or procedures or lab test results to the friendly name. And if you’re working on one of these cases, you want to include in your request for production, a production of the data dictionary, so that you can make sense of the charts and records that are produced to you.
Another thing that I like to ask for when I’m getting electronic medical records is to request that that data be produced in what’s known as a delimited format, which is like a spreadsheet format, sometimes known as comma-delimited. That allows you to manipulate the data much more easily and filter and aggregate and do things that can help you see into what’s happening quickly without having to review oftentimes tens of thousands of pages.
Native files refer to the file as it exists. Like if there’s a transcription that’s saved as a WAV file that has the original doctor’s notes, asking for the native file of the transcriptions would give you the actual file that was recorded, as opposed to some transcription of the file.
Audit trail or audit logs, HIPAA requires that data be stored about the creation, modification and access of electronic health records. And these audit logs will show when things are added, updated, modified. The logs and audit trails that are produced often don’t answer the key question about what changes are happening. And usually, I get involved with helping the parties understand well, what really happened? What was a real revision history? When did it occur? Who did it, from what computer? At what date and time was data deleted? Was it added? And that’s very relevant to many medical malpractice cases. When we’re analyzing data, some of the things we can do, we can take the electronic medical records if they’re produced in a delimited format, we can quickly prepare aggregate summary charts that might show how many minutes did, or how many interactions with the EMR did the supervising physician have? What dates and time where the records looked at? When did modifications occur? If modifications occurred after a patient’s discharge, which I see quite a lot of times, that can be suggestive of efforts to fabricate the medical record history.
When we get the data, in addition to trying to get it into a delimited or a spreadsheet format, we’d like to make sure that the data is OCRed, which is optical character text recognition, that allows for searching and key concepts, names of providers, dates and times and so on. And all of that can be very important as you work a case.
Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.
Part 1 of 4: “The Keys to Unlocking Electronic Medical Records” https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/ |
Part 2 of 4: “HIPPA” https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/ |
Part 3 of 4: “Navigating to Trial or Settlement” https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/ |
Part 4 of 4: “In-Person Direct Access” https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/ |
I am communicating with you from the law firm of Pajcic & Pajcic in Jacksonville, Florida, and are interested in retaining someone to aid us with EMR Audit trail discovery.
Anita M. Lake, Legal Assistant
Seth A. Pajcic, Esq.
Hi Anita! Please call our office so we can get more information from you. Our office phone number is 312-668-0333 and we are open until 5:00 PM CST. Thanks!
I enjoyed your presentation a great deal. I consult as a nurse and have been reviewing audit trails. I have a question about something I recently found. Usually, the audit trail is sequentially numbered to the left of the column of each entry. I came across one that has gaps between numbers. For example, 1250, 1251,1252, and 1265. Does this indicate deletions or any omissions? It seems to occur more with one particular provider in question. Where did those numbered entries go?
Jane Shufro, MS, RN
Those are accession ID numbers and do indicate that there are missing records that have been filtered from the production of audit trail records. If entries have been modified to “in error”, or if filters were used in generating the audit trail records, a situation such as you describe can take place. HIPPA requires that the original data be retained in the backend database table(s). If certain audit trail entries were removed from the patient’s chart, or otherwise excluded by filtering logic used to produce the records, the filtering logic should be disclosed transparently so the Judge may direct the parties as deemed necessary.
Often times, Defendant health care organizations will filter out risk management user’s access to the patient’s EMR. Asking the producing party appropriate and targeted questions is important to authenticating to completeness of a patient’s EMR and audit trail records.