Decoding EMR Logs: Synapse PACS Database Table Names

Where do I start?

TABLE_NAME:

A   B   C   D   E   F  G  H   I   J   K   L   M
N   O   P   Q   R   S   T   U   V   W   X   Y   Z

A

  • ACCESSOR
  • ACCESSOR_ACTIVE_DIRECTORY
  • ACCESS_ITEM
  • ACCESS_RESTRICTION
  • ACR
  • ADD_TO_QUEUE_JOB_STATUS
  • AFFINITY_DOMAIN
  • ALIAS_PATIENT
  • ANATOMIC_REGION
  • AUDIT_INSTALL
  • AUDIT_ROWCOUNT

B

  • BACKFILL_PROCESS_TYPE
  • BACKFILL_QUEUE_PRIORITY
  • BACKFILL_QUEUE_STATUS
  • BACKUP_CONFIG
  • BACKUP_LOG
  • BERMUDA_GSPS_CSPS_CNT_UPD_CTL
  • BERMUDA_STUDY_INS_EUID_UPD_CTL
  • BODY_PART
  • BROADCAST_MESSAGE
  • BUTTON

C

  • CALIBRATE_SEQUENCE
  • CANNED_NOTE
  • CASCADED_DICOM_SR
  • CASCADED_IMAGE
  • CASCADED_SERIES
  • CASCADED_STUDY
  • CASCADED_VISIT
  • CHANGE_NOTIFICATION
  • CODING_SCHEME
  • COMMAND
  • COMMAND_CLASS
  • COMMAND_COL
  • COMMAND_COL_OP
  • COMMAND_COMMAND_CLASS
  • COMMAND_COND
  • COMMAND_FILTER
  • COMMAND_INTERFACE
  • COMMAND_INTERFACE_CLIENT
  • COMPONENT_CLASS
  • COMPRESSION
  • CONFERENCE_WORKFLOW_STATUS
  • CONFIG_JSON

D

  • DASHBOARD_CACHE
  • DATA_AGGREGATION_NAME
  • DATA_GUARD_COMMANDS
  • DATA_MAINTENANCE_LOG
  • DB_CHARACTER
  • DB_MEMORY_SIZING_BREAKUP
  • DB_RECOVERY_CONFIG
  • DB_STATISTICS_CONFIG
  • DB_STATS_APRIL_WK#_1
  • DB_STATS_APRIL_WK#_2
  • DB_STATS_APRIL_WK#_3
  • DB_STATS_APRIL_WK#_4
  • DB_STATS_CBO
  • DB_STATS_CBO_CONFIG
  • DB_STATS_JUNE_WK#_1
  • DB_STATS_MARCH_WK#_2
  • DB_STATS_MARCH_WK#_3
  • DB_STATS_MARCH_WK#_4
  • DB_STATS_MAY_WK#_1
  • DB_STATS_MAY_WK#_2
  • DB_STATS_MAY_WK#_3
  • DB_STATS_MAY_WK#_4
  • DB_STATS_MAY_WK#_5
  • DELETED_DICOM_SR
  • DELETED_IMAGE
  • DELETED_PATIENT
  • DELETED_SERIES
  • DELETED_STUDY
  • DELETION_REJECT
  • DEPARTMENT
  • DIAGNOSTIC_CODE
  • DICOM_BACKFILL_QUEUE
  • DICOM_CONFIG
  • DICOM_DESTINATION
  • DICOM_GROUP
  • DICOM_QR_ATTRIBUTE_INFO
  • DICOM_QR_DATE_CLAUSE_INFO
  • DICOM_QR_MATCHING_INFO
  • DICOM_QR_SELECT_INFO
  • DICOM_RETRIEVAL
  • DICOM_SR
  • DICOM_STORAGE
  • DICOM_STORAGE_BACKUP
  • DICOM_TAG
  • DICOM_VALUE_REP
  • DICT_NOTIFY_BANNER
  • DISPLAY
  • DOCUMENT
  • DOCUMENT_TYPE_CONFIG

E

  • EBF_DASHBOARD_SUMMARY
  • EMAIL_CONFIG
  • EMAIL_TYPE
  • ERBF_SFQ_STAT_TRANS
  • ERF_PROFILE_ACTION_TYPE
  • ERF_PROFILE_VERIF_METHOD
  • ERROR_MESSAGE
  • ERROR_TRACE_LOG
  • EVENT_LOG
  • EVENT_TYPE_CONFIG
  • EXTERNAL_IMAGE
  • EXTERNAL_IMAGE_DELETED

F

  • FCR_CODE
  • FCR_TO_CR_QUEUE
  • FCR_TO_CR_QUEUE_CTL
  • FETCH_QUEUE
  • FOLDER
  • FOLDER_COLUMN_LIST
  • FOLDER_COLUMN_PROPERTY
  • FOLDER_ETAG
  • FOLDER_FILTER
  • FOLDER_GROUP_COLUMN
  • FOLDER_ITEM
  • FOLDER_JSON
  • FOLDER_LOCALE
  • FOLDER_MERGE
  • FOLDER_MIGRATION
  • FOLDER_OBJECT
  • FOLDER_TEMP_OAK_PATCH2
  • FOLDER_TEMP_OAK_PATCH3
  • FOLDER_TEMP_STARBOARD
  • FORWARDING_PROFILE
  • FORWARDING_QUEUE_RESPONSE
  • FORWARDING_QUEUE_STATUS
  • FRAME_BOOKMARK
  • FUJIRDS_LOG

I

  • IMAGE
  • IMAGE_CALCULATION
  • IMAGE_DISPLAY
  • IMAGE_OVERLAY
  • IMAGE_REALLOCATE_ACTIVITY
  • IMAGE_RETRIEVAL_OPTION
  • IMAGE_STORAGE
  • IMAGE_VERSION
  • IMAGE_VERSION_DELETED
  • IMAGE_VERSION_MIGRATE_CTL
  • IOCM_REASON
  • IOCM_REJECTNOTE
  • IOCM_STUDY_LAST_REJECT
  • IPP
  • IPPSET_REF
  • IPP_CURVE

K

  • KEYWORD

L

  • LINK_FOLDER
  • LINK_FOLDER_CONTENT
  • LOCALE
  • LOCALIZATION
  • LOCALIZATION_LOCALE
  • LOCALIZATION_TEMP
  • LOCAL_AE
  • LOCATION
  • LOCK_INFO
  • LOCK_TYPE
  • LOG_ACTIVITY
  • LOG_CATEGORY
  • LONG_TERM_EVENT_LOG
  • LOOKUP

M

  • MANUAL_FOLDER_MIGRATION_LOG
  • MANUFACTURER_MODEL
  • MATCH_WEIGHT
  • MENU_CODE
  • MODALITY
  • MONTHLY_EVENT_VOLUME
  • MPPS

O

  • OAK_FOLDER
  • OAK_FOLDER_COLUMN_PROPERTY
  • OAK_PATCH2_FOLDER
  • OAK_POST_UPGRADE
  • OBJECT_TYPE
  • OBSOLETED_IMAGE
  • OP5_POST_UPGRADE
  • OS_REGION

P

  • PATIENT
  • PATIENT_MERGE_ACTIVITY
  • PERMANENT_DELETED_STUDY
  • POST_PROCESS_QUEUE
  • POST_UPGRADE
  • POWERJACKET_SETTING
  • PREFETCH_CFG
  • PREFETCH_QUEUE
  • PRESET
  • PRIORITY
  • PRIVILEGE
  • PRIVILEGE_COM_COM_CLASS
  • PROCEDURE_INFO
  • PROCEDURE_INFO_FCR
  • PROC_INFO_BODY_PART
  • PROPERTY

Q

  • QBE_FOLDER

R

  • RADIATION_DOSE
  • READING_PROTOCOL_OLD
  • READING_SPECIALTY
  • READING_SPECIALTY_PROC_INFO
  • RECYCLE_BIN
  • RECYCLE_BIN_DELETED
  • REFERENCE_RECONCILE_QUEUE
  • REFERENCE_RECONCILE_STATUS
  • REJECT_DICOM_SR
  • REJECT_IMAGE
  • REJECT_TYPE
  • RELATED_PROCEDURE_SYSTEM
  • RELATED_PROCEDURE_USER
  • REMOTE_AE
  • REMOTE_AE_NET_CONFIG
  • REMOTE_AE_SOP_STORAGE
  • REPORT_STATUS
  • RIS_CONFIG

S

  • SBP0_POST_UPGRADE
  • SCHOONER_POST_UPGRADE
  • SCRIPT
  • SECURE_URL_KEY
  • SECURITY_HIERARCHY
  • SECURITY_KEY_3D
  • SERIES
  • SERIES_DESCRIPTION_DOWNLOAD
  • SERIES_DESCRIPTION_REPORT
  • SERIES_REALLOCATE_ACTIVITY
  • SERVICE_PATH
  • SERVICE_PATH_PARAM
  • SERVICE_TRACELOG
  • SESSION_AGGREGATION
  • SESSION_AGGREGATION_DETAIL
  • SESSION_INFO
  • SFI_TEMP_TABLE
  • SGA_CACHE_TABLES
  • SHORTCUT
  • SITE
  • SOP_CLASS
  • SOP_CLASS_STORAGE
  • SSO_CLIENT
  • SSO_CLIENT_PROPERTY
  • SSO_CLIENT_SECRET
  • SSO_EXTERNAL_PROVIDER
  • SSO_REFRESH
  • SSO_SCOPE
  • SSO_SCOPE_CLAIM
  • SSO_TRANSIENT_DATA
  • STANDARD_PROCEDURE
  • STARBOARD_FOLDER
  • STATUS_CHANGE_QUEUE
  • STORAGE
  • STORAGE_BACKUP
  • STUDY
  • STUDY_ANOMALY
  • STUDY_DISPLAY_HISTORY
  • STUDY_DISPLAY_STATE
  • STUDY_DOCUMENT
  • STUDY_FOLDER_INTERSECTION
  • STUDY_FORWARDING_QUEUE
  • STUDY_IMAGE_SENDER
  • STUDY_MEDICAL_EVENT
  • STUDY_MEDICAL_EVENT_ACTIVITY
  • STUDY_MERGE_ACTIVITY
  • STUDY_OPEN_SESSION
  • STUDY_PRODUCTIVITY
  • STUDY_REALLOCATE_ACTIVITY
  • STUDY_SERIES_DESC
  • STUDY_SESSION_MONITOR
  • STUDY_STATUS
  • STUDY_STATUS_LOCALE
  • STUDY_TAT_HISTORY
  • STUDY_WF_EVENT_ACTIVITY
  • STUDY_WF_EVENT_LOG
  • SUBSCRIPTION
  • SYMON_ALERT
  • SYMON_MA_DEFINITION
  • SYMON_MA_TRIGGER
  • SYMON_SAMPLE
  • SYSMODEL_SERVER
  • SYSTEM_CONFIG
  • SYSTEM_VERSION

T

  • TAG_LOOKUP
  • TAT_AGGREGATION_DETAIL
  • TAT_AGG_MODALITY
  • TAT_AGG_MODALITY_PROC
  • TAT_AGG_MODALITY_STAT
  • TAT_AGG_MODALITY_STAT_LOC
  • TAT_AGG_TIME_PERIOD
  • TAT_AGG_USER_RAD
  • TAT_AGG_USER_TECH
  • TAT_AGG_VISIT_CLASS_STAT
  • TAT_AGG_VISIT_LOC_STAT
  • TEMP_LOCALIZATION_NEW
  • TEMP_LOCALIZATION_OLD
  • TEMP_LOCALIZATION_OLD_NEW
  • THINK_LOG
  • THINK_LOG_KEYWORD
  • TIMEZONE
  • TIME_PERIOD
  • TRANSFER_SYNTAX

U

  • USER_DEBUG_LOG
  • USER_DEBUG_LOG_DETAIL
  • USER_INFO
  • USER_PREFERENCES
  • USER_SESSION
  • USER_SESSION_MONITOR

V

  • VISIT
  • VISIT_MERGE_ACTIVITY
  • VISUALIZATION_METRIC
  • VIZ_METRIC_AGGREGATION
  • VIZ_METRIC_AGGREGATION_DETAIL

W

  • WORKFLOW
  • WORKLIST_COL_LOCALE_MODIFIER
  • WORKLIST_FAVORITE
  • WORKSTATION_SPECIAL_PATH
  • WS_PLUGIN
  • WS_PLUGIN_PARAM
  • WS_PLUGIN_TYPE
  • WS_PLUGIN_TYPE_PARAM

X

  • XDS_AUTHOR
  • XDS_AUTHORITY
  • XDS_BODYPART_EVENTCODE
  • XDS_BPPC_EVENTCODE_OPT
  • XDS_BPPC_PRIVACY_OPTION
  • XDS_CODES
  • XDS_CODETYPE
  • XDS_COMMENTS_POLICY
  • XDS_FORMATCODES_FILETYPE
  • XDS_MODALITY_EVENTCODE
  • XDS_PERSONLINK
  • XDS_PERSON_ID
  • XDS_PERSON_NAME
  • XDS_PIX
  • XDS_PROFILE
  • XDS_PROFILE_CONFIDENTIALITY
  • XDS_PROFILE_RECIPIENT_ORG
  • XDS_PROFILE_RECIPIENT_PERSON
  • XDS_PROFILE_SHARINGOPTION
  • XDS_RECIPIENT_ORGANIZATION
  • XDS_RECIPIENT_PERSON
  • XDS_RECIP_PERSON_ORG_MAP
  • XDS_REPOSITORY
  • XDS_REPOSITORY_DOCUMENT
  • XDS_SHARINGOPTION
  • XDS_SUBMISSION
  • XDS_TYPECODES_PROCCODE
  • XDS_USERROLE_MAP

A Cautionary Tale of Audio Forensics and Trade Secrets

One private firm’s artificial-intelligence system is deemed insufficient evidence

ShotSpotter, a gunshot detection firm contracted by police departments nationwide, has recently received criticism for its audio forensics system that, it claims, incorporates “sensors, algorithms, and AI” to identify gunshots and locate their source. While several precincts have praised the company for increasing police response to incidents of gun violence, its accuracy as evidence in court remains questionable.

There are two primary reasons for skepticism: 1) studies have indicated that its algorithm has a propensity for generating false positives, and 2) employees are able to modify the database after alerts come in. Since its system is protected as a trade secret, it has been generally inscrutable from oversight.

As seen in this Associated Press investigation, a State’s Attorney’s Office used ShotSpotter’s data for evidence in a case against a Chicago man. This left him in prison for 11 months before the judge dismissed the case. The report eventually released by ShotSpotter showed that the alert in question was identified differently at first. It alerted to a “firecracker” several blocks away from the alleged scene of the crime — but an employee later revised the identification and location. As a result, prosecutors decided that the “evidence was insufficient to meet [their] burden of proof.”

How could it be improved?

This case emphasizes the importance of accountability in regards to digital evidence on either side of a case. The Health Information Portability and Accountability Act (HIPAA), for example, requires retention of Electronic Medical Records (EMR) stored in Health Information Systems (HIS). Healthcare firms must record a permanent record of all additions, changes and deletions of EMR, including the time and person making those changes.

While ShotSpotter obviously isn’t in healthcare, its system would still benefit from similar transparency. It would help improve the reliability of such information. In this case, such logs would have revealed human intervention earlier on. This would have saved the defendant from the 11 he spent months in prison. In other cases, transparency could support prosecution. Regardless, it would bolster ShotSpotter’s credibility when used as evidence.

It’s possible that we could examine information recorded — when the stored data was originally entered and changes to that stored data — without violating trade secret status to a software provider’s algorithms.  HIS software providers have trade secret protection to their software. Still, they are required to disclose all record EMR, as well as the revision history to those records.

Where we can help.

Asking the right questions and gathering all available digital evidence is important to achieving an equitable outcome. Enigma Forensics has experience auditing and authenticating digitally stored electronic evidence. We can assist with validating such claims as genuine.

Preparing to Work with an EMR Expert

Learn what details to provide when hiring a data forensic expert during medical malpractice litigation to increase efficiency and cost effectiveness.

Prepare a summary of the following:

  • Develop timeline of notable events
  • Organize case documents and provide to your experts
  • Copy of the Complaint
  • Requests to produce
  • Interrogatories filed
  • Replies to Interrogatories
  • EMR Produced
  • Audit Logs Produced

Ask Your EMR Data Expert to Prepare the EMR for efficient review by attorneys & medical experts

  1. OCR the produced EMR (Allows for keyword searching)
  2. Convert the EMR to a spreadsheet format where practical
  3. Identify key events and providers
  4. Consider filtering for key dates, workers, or concepts
  5. Produce subset pdf documents / spreadsheets that are more easily reviewable
  6. Consider having pivot tables created showing overviews

In-Person Direct access provides additional information

  • Routing History
  • What the notes looked like at various points in time
  • Access to deleted records
  • Communications between healthcare workers
  • Example Screenshots from Popular HIS Systems follow

Enigma Forensics EMR Data Forensics Experts provide detailed analysis and interpretation of an EMR Audit Trail to assist Medical Malpractice Attorneys during litigation. We help win cases! Hire an Expert (HAE)! Call 312-668-0333

To Learn More about the EMR process

EPIC Software

Epic software is used by many hospitals that is HIPPA compliant. It is used to track all additions, modifications, and ensures the complete patient history is recorded. Check out this blog to learn more about EPIC software!

EPIC software is used by many hospitals to track patient care and manage the overall patient experience.  When something goes wrong during a patient stay that leads to long-term injuries or death of the patient, it is highly common that medical malpractice litigation ensues. 

Health Information Personal Privacy Act, HIPPA

The Health Information Personal Privacy Act, commonly referred to as HIPPA, places several important requirements on health care providers.  HIPPA requires that all access to a patient’s electronic medical record commonly referred to as EMR, track all addition, modifications, and allow access while ensuring the complete revision history of the EMR is maintained. 

EMR Audit Log

Audit logs or audit trails are required to ensure that reconstruction of the complete revision history can be established.  EPIC printed reports of patient’s EMR can be produced using various filters that result in a less than complete production of the patient’s full electronic medical records.  Some of the filters that are routinely used include:

  • Date filter to show only the time the patient was receiving care at the healthcare provider
  • Production of only non-confidential notations
  • Production of only the final version of the EMR without the detailed revision history
  • Filter notes exclusive to the named defendant health care providers
  • Filter by department

These filters described previously when used in producing a patient’s EMR result in an incomplete production of the EMR.

Sticky Notes

EPIC has a communication platform known as Sticky Notes. This serves as an instant messaging mode of communication between healthcare workers discussing a specific patient.  EPIC lacks a report that can allow easy printing or export of these notes. This creates a common misperception among health providers that these notes are not part of the legal discoverable record.  In fact, there are other ways to access these sticky notes, which are an important part of documenting the patient care provided.  An in-person inspection of the EMR using a camera to record the user’s screen can allow for obtaining these important communications. These sticky notes are part of the EMR and are subject to preservation by HIPPA. 

On-Site Inspection

During an onsite inspection to obtain the complete EMR, it is important to ensure that the user accessing EPIC has full administrative rights to the system.  In some health care organizations, sticky notes may be accessible only to physicians.  Regardless, obtaining these important communications can be a vital source of information to reveal important events leading up to a lifelong injury or death.

Enigma Forensics has assisted in numerous medical malpractice cases working with either the plaintiff or defendant’s side of litigation. Our experts dig through each record to analyze ultimately to find the “smoking gun!” We call ourselves the data detectives! If you are working on a medical malpractice case and would like to win, call Enigma Forensics at 312-668-0333.

To learn more about Electronic Medical Records check out these blogs.

In-Person Direct Access Provides Additional Information

An in-person on-site discovery will allow you to view what the EMR notes look like at different points in time, and gain access to inactive or deleted records. Check out this blog to learn more!


In-person direct access is what is often required to be able to get a complete view of what happened, because some of the data doesn’t show when you’re just looking at the produced printed charts. Such missing items may include: routing history, what the notes look like at different points in time, access to inactive or deleted records, and communications. Below is a screenshot from a popular Health Information System, Epic.

EPIC

Epic Notes View

So this is Epic and here you see the notes view and when you’re entering into the system, there’s routing which can give you additional detail about what happened in terms of the routing of the notes. You have a note time, a filed time, and a note time. In this case, all these records with exception of this one down here, the 10:04 AM note time was filed 15 minutes later. So it’s important to have both date and timestamps because sometimes, the file times are many days after discharge or nowhere contemporaneously to the events and that’s important if notes are being entered into this EMR days after something awful happened, you really want to know when those notes were filed. If they’re filed long after things went wrong, oftentimes, that suggests that fabrication of the EMR took place. You can see here, here’s some of the routing, it allows for you to specify different recipients and so knowing that routing of information, that’s important because it’s not always evident when you’re looking at the chart. Here’s an example of adding a note and you can see here, there’s the ability to copy and paste different notations. The date and time on these notes when you first go to create a note, default to the current computer’s clock time but it’s totally possible to change the date and time to put it back in time by dates or hours and that information is relevant. Here’s an example of the Cerner notes. Again, Cerner allows the user to change the date to something other than the current date and time. And it still stores, again, the creation time of that note, even if the note purports to be days earlier. And there are also different filters here, when you’re looking at the EMR with power notes on Cerner, there are different filters, such as my notes only, there’s inactive, active, and so on.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPAA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Why is the Health Insurance Portability and Accountability Act of 1996 so important? It keeps our healthcare systems in check! Check out this video with transcripts to learn how it affects patient’s rights to request their own Electronic Medical Records (EMR’s).

Lee Neubecker: So HIPAA is the Health Insurance Portability and Accountability Act of 1996 and why this is important is all the hospital information system providers, have to certify that their software is HIPAA compliant. Otherwise, the hospitals receiving Medicare reimbursement wouldn’t be able to use the software. So, the presumption should be that any healthcare organization that is receiving Medicare funding is compliant with the rules of HIPAA and we’ll talk through what that requires here.

HIPAA Audit Trail Requirements: EMR / EHR

  1. Application audit trail audit trails
    1. EMR Opened / Accessed
    2. EMR Closed
    3. EMR Created
    4. EMR Edited (Original and Replacement Value) with last update time
    5. EMR Deleted
  2. System level audit trails
    1. Successful or unsuccessful logon event by username
    2. Date and time of each logon or logoff attempt
    3. Specific device used to logon
    4. Application user successfully or unsuccessfully accessed
  3. User audit trails
    1. Monitor and log user activity in an ePHI application 
    2. Record events initiated  by the user
    3. Commands directly initiated by the user
    4. Log access to ePHI files and resources
  4. Healthcare organizations must retain records at least six years
  5. States with stricter retention requirements must be honored

First, HIPAA requires that there be application audit trails that show when the EMR was open, accessed, closed, created, edited, the original value, replacement value, who updated it? When, from what computer, whether it was deleted? Your system-level audit trails, which has to do with the logons of the user to the system when they logged on, what computer was at the nurses’ station? Was it the computer that was actually bedside with the patient? So all of that can be relevant, especially in establishing whether or not a healthcare provider was with the patient at an important time.

User audit log trails monitor the user activity within a specific EPHI application. It records events, what commands were issued, and so on. Healthcare organizations must retain these records for at least six years and typically, if there’s an issue where litigation is involved at the point in time that they’re notified, their risk management committee will collect the records and make preservation of the available data. Some states have stricter retention requirements beyond six years and in those cases, the state rules should apply according to HIPAA.

HIPAA Audit Trail Requirements: Must Track

  1. Each time a user logins
  2. Whenever changes are made to databases
  3. When new users are added
  4. Access levels for each user
  5. File access by users
  6. Logins to operating systems
  7. Firewall logs
  8. Anti-malware logs

Other requirements of HIPAA include the following.

When a user logs on when changes are made to the databases, when users are added, access level for each user, what rights they have, the file access by the user. Logins to the operating system, firewall logs, anti-malware logs and more. So there’s a lot of requirements that hospitals are compliant and other health care organizations that are receiving Medicare funding follow these requirements.

Example Audit Trail: Meditech

Example Audit Trail

Lee Neubecker:

Here’s an example of what an audit trail log looks like. I know it’s probably a little bit difficult to see all of this but what we see, this one’s Meditech. What you’ll see here is there’s a run date, the date and time the report was run, the runtime, the username, the specific database being accessed, and who the patient was.
Then across the top, you have different data columns such as date, time, the user. What action, were they modifying, exporting, viewing? The description of the action? Then you have the device being used to access it. It also shows here that there’s a confidential flag and certain records which may or may not be produced.
And then there’s the ability for someone to, you know, Dr. Smith could enter something and emulate another user and you don’t often see the notion that someone else emulated another user when you’re viewing the progress note or printed chart. So the audit trail is important.
Now, unfortunately, this audit trail doesn’t show you the specific changes being made and oftentimes, what’s necessary is you actually have to get a direct in-camera inspection of the Meditech or other HIS system to be able to record and document what the care provider sees.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPAA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/

Navigating to Trial or Settlement

Where does one start when requesting Electronic Medical Records or EMR’s? Enigma Forensics has created a process for you to follow to help navigate to trial or settlement.


Process of Navigating to Trial or Settlement

Lee Neubecker: So now I’m going to a little bit about the overview and process of working one of these cases with electronic medical records, such as myself. And typically, the cases start off with the need to make the request for the complete electronic medical record. Oftentimes, attorneys contact us when this has already been done but they suspect that the data is deficient in some way or fabricated.

So, we often will review the records produced, identify examples or problems with filters, anything that looks suspect, and then assist with drafting a supplemental request to produce.

If the supplemental materials are produced, we review that. We look for deficiencies in the records, and oftentimes there will still remain deficiencies. So in that case, we have to spend time analyzing the EMR and working on a report of sorts that shows examples of what’s missing. And at that point in time, we’re trying to compel the judge to order an inspection. On the converse side, if we’re working for the hospital, we’ll be looking through the EMR and often reporting to them whether or not there was a fabrication by hospital staff and that’s important for insurance carriers because they want to understand what the risk is if they litigate a case to trial. And it may be more advantageous to simply settle the case if there are some problems in the EMR.

So after we’ve drafted the motion to compel, well, typically, we write an affidavit in support of the motion to compel an onsite direct inspection. That motion gets filed by the attorney with our affidavit attached and then there’s a hearing. These days, the hearings tend to be on Zoom telephonically, and oftentimes the judge will ask questions. Essentially when we’re doing an onsite, what we want is we want to be able to see the entire record of the patient as the physician can see it, the communications between providers, and the complete revision history. This often requires videoing or taking photos of the data to capture data that are not easily printed from current reports with the HIS system.

So when the onsite inspection happens, it’s not uncommon that there will be multiple experts there. I’ve been hired to observe an inspection by a plaintiff counsel that is seeking to look at the EMR. In that role, I’m looking to just document and understand how they’re requesting the data, whether data is being withheld despite the onsite, and to advise my client in terms of what the data is that was produced and whether there are any issues with it. The onsite inspection isn’t where the analysis happens. It’s usually an effort to try to dump all the data out, run reports, make sure the settings are documented appropriately, and really that the only filter being used is the filter for the patient. There should be no other need to filter anything. Those records are the patient’s records. They have a right to that content and this process is one that is going to become much more common as we continue with the understanding of medical records and audit trails becoming more prevalent. After the onsite inspection, there’s a need to review that data. Oftentimes normalize it again, compare it against earlier produced EMR. That analysis might document that early on, that the health care organization was willfully holding back information that was key and important. And so, in instances where that happens, there’s a need to write a report to document those changes or deficiencies. And long before the trial happens and the reports issued, the expert witness that you use is your EMR expert will have to be deposed most likely. And what I usually find, at least in cases I’ve been involved with is that the cases typically settle after the deposition. Because at that point in time, you’re really looking at what does the factual record reflects? There are not so many opinions so much as there are facts. In some cases, there are opinions about why does the chart shows lots of entries that all were created days after discharge and they’re all unrounded hours with no minutes. In a situation like that, my opinion would be that’s likely fabrication because usually if you’re entering notes and other procedures contemporaneous to events, you’re going to have randomization of the minutes and everything is not going to be stacked up at zero, zero minutes on the hour.

So if a case is going to trial, there’s a need to prep your EMR expert, to let them review the timeline, the earlier affidavits in the data that was collected so that they’re prepared for trial. In most cases, so cases tend to settle and they usually settle after the onsite inspection and collection of data. Sometimes they’ll settle much earlier. I’ve seen cases settled as soon as I get involved and help with writing a request for supplemental production but sometimes the cases go on further. In my experience, the further along through this process the plaintiff gets, if we’re able to identify willful withholding of records, the settlement offer tends to be much higher.

1. Request Patient’s Complete EMR

  • Provide the complete EMR audit trail for [Patient Name] detailing any health care provider’s access, review, modification, printing, faxing, or deletion activities in a comma delimited format with any and all corresponding native files or records that may relate to the patient as required by the HIPAA § 164.312(a)(1).
  • Audit trail should include the complete revision history of the EMR 
  • Provide the name of all medical software applications utilized to store EMR
  • Provide the data dictionary for each software application containing EMR 
  • Provide all User and Administrator Manuals for each EMR software application

Email [email protected] for a complimentary sample request for EMR

So, I gave an overview of this. There are slides here that I’ll walkthrough. I want to have plenty of time for questions. So, I’m not going to read each of these but in summary, you want to make sure that you’re getting all the data and there’s an outline here, if you email [email protected], she can send you a complimentary sample request for EMR that helps you form that request. Obviously, you may want to retain us to help you tweak that for your specific circumstances. It’s a good idea though to ask for the user manuals when you’re doing this process and you want to make sure that you’re clear about asking for the complete revision history.

2. Review EMR Records Produced 

Identify Examples of Withheld Records or Apparent Manipulation

  1. Filters beyond the patient used such as user id or department
  2. Lack of production of records from the beginning of the notable time period until the date the EMR report was generated
  3. Audit trail lacks details of the revision history
  4. Production of the data in a non-usable format

So I talked about the review of the records produced and typically, we’re trying to identify examples of withheld records or other things that we can find or prove that are deficient from the production. Audit trails that lack the definition of what was being changed are an example, the production of data in a non-usable format, going onsite to have it exported. So it’s not produced in a crazy, out-of-order duplicative format is often helpful.

3. Request Supplemental Production of Deficient Records

  • Ask for what you want specifically before filing a motion.
  • Request the complete revision history showing the life cycle of the patient’s EMR.
  • The supplemental request for the production of deficient records is likely to not bear fruit but is necessary to show you tried to work things out before seeking judicial intervention.

So when we’re asking for the records that we’re missing, we want to be specific on that and ideally pose that directly to opposing counsel in an email. So that it’s documented and that way, if you’re hearing a motion, you can show the judge that you’ve already tried to be specific about what you were asking for. It should always include the revision history. That phrase is so important. Usually, that’s missing from productions. And it’s often, the case that even though you ask for things correctly, they still aren’t produced as requested. So, having that clear documentation of asking for it in email is important.

4. Review Supplement Production of Records Received

  1. Immediately review the supplemental production upon receipt.
  2. Check to see if the request that was made was answered correctly.
  3. To the extent that production remains unresponsive, communicate that to opposing counsel before filing your motion.

So when the supplemental production comes in, we want to typically look at that quickly, try to see if they’ve complied or failed to address certain sections. If they failed to disclose their filters or they filtered things differently than requested, you want to create a paper trail and send a follow-up email asking for that, and then if they don’t comply, that’s going to help you with your motion to compel when appearing in front of the judge.

5. Affidavit in Support of Motion to Compel Onsite Direct Inspection

  1. Detailed foundation for the request
  2. Reference prior requests and data produced
  3. Communicate the deficiencies in the produced EMR
  4. Establish examples where the revision history showing changes is important
  5. Establish that the reported dates are not necessarily the original entry time and that modification history can be obtained by directly examining the EMR system

So the affidavit that we’re generating is typically outlining these deficiencies. It might be sharing exhibits that include the emails that you sent asking for the data. We want to make sure that we’ve detailed the foundation for the request, pointing out examples of what was asked for what was produced, how that was deficient? Giving examples where the revision history showing changes is important. Specifically, the lack of when the records were actually created or last updated, who updated them, when? That information is very important and it’s often not in the initial round of production of EMR.

6. File Motion To Compel Onsite Inspection Of EMR  

So, finally the motion to compel the onsite inspection of EMR, there’s a useful case out of Kentucky, Western District of Kentucky, the Borum versus Smith case. I think on our website, if you search at enigmaforensics.com for Borum, B-O-R-U-M, there’s a hyperlink to this case and it’s a federal case that lays out the arguments establishing and overcoming objections made by a hospital resisting an onsite inspection. So this can be very useful to lay the groundwork for arguing your motion to compel.

7. Court Testimony in Support of Motion to Compel Onsite Inspection

  • Having your EMR expert at this hearing is important
  • Overcome objections
  • Establish protocol for examination
  • Allow recording of the HIS software as it relates to the patient
  • Allow for the reproduction of previously produced EMR to verify filter settings and obtain the data in a delimited format
  • Ensure that all versions of notes including inactive and historical versions are included in the production of EMR

When that motion to compel hearing is held having someone like myself there to be able to answer questions of the judge, overcome objections, help to establish protocols for the exam to ensure that it’s effective and not a waste of everyone’s time is important. Recording of the HIS software should be allowable. An agreement to redact or call out anything that might’ve been captured that doesn’t relate to the patient is something that I see there’s no issue to but the ability to document and the record is critical. Ideally, during this onsite, you want to be able to reproduce what they produced previously so that you can confirm whether or not they had filters applied to it. If their earlier production of EMR only includes active records and no historical records, producing it in a more complete manner will help you to demonstrate to the court that the hospital was holding back important records that were your patient’s or your client’s records, that they have a right to. So again, making sure that inactive historical versions are included in the production of EMR is very important.

8. Onsite Inspection – Capture of Patient’s EMR 

  • Inspection can occur using Zoom or other remote desktop tools
  • An in-person inspection can be advantageous
  • Your EMR expert should be able to direct the health care provider’s IT admin to perform any query or other activity that relates to the patient
  • Data can be saved to external media for later examination
  • Your EMR expert should be allowed to capture photos or video from the live system

So inspection onsite during the pandemic, a lot of things have shifted to Zoom or WebEx, that can certainly happen. An onsite inspection does have advantages and I usually recommend the onsite where possible. Now that vaccines are widely available, the concerns over going onsite should be much less. During this inspection, I always recommend that the healthcare providers, IT person with admin rights actually be the person that’s typing at the keyboard and moving the mouse but at the direction of the requesting party. That helps protect from any potential harm to the hospital information system and really shuttle out for full observation of the EMR as it exists within the system.

Typically, data is exported to external media and at the conclusion of that, the data is shared with a producing party, in requesting party subject to the right for either party to deem data confidential or redact, which typically, the confidentiality requirements, hospitals are already following that for the most part. So really, as long as the data is restricted to the patient, there really shouldn’t be much reason to hold back data that belongs to a patient as long as it’s just that patient’s data. That data will be examined after the onsite when there’s time to analyze it.

9. Review Records Captured Onsite

  • Limited time for onsite inspection and collection of data
  • Consider delaying review if a settlement offer is likely
  • EMR expert compares initial productions vs. onsite data collected
  • Identify examples of manipulated records or previously withheld records
  • Consider disclosing some of these smoking guns before proceeding with a written report by an EMR expert 

So after the onsite, that’s when there’s more time to look at the data to analyze it, to compare it. If there’s an expectation that smoking guns were captured during the onsite, sometimes a plaintiff expert might want to just hold off for a week or two if they think that a settlement’s likely so that the costs aren’t incurred. To discuss the comparison of initial productions versus what was collected on-site, trying to identify examples of manipulated records or previously withheld records can be important in understanding what happened with the case.

So whether or not you write a formalized report or just disclose some of the smoking guns, that’s a decision that plaintiff counsel often considers. Defense counsel often needs to consult with their insurance carrier and have someone like me help tell them what the situation is so that they can decide, does the case have merit or should you proceed to trial and not make a settlement?

10.  Write Final Report

  • Detail examples of previously withheld information
  • Detail examples of fabrication or manipulation of information
  • Clarify what happened with the EMR

So the final report that gets written up again, details, examples of previously withheld information. Examples of fabrication or manipulation of information and trying to clarify, in human words, a storyline of what took place.

11. Expert Witness Deposed

  • Survive Daubert challenge
  • Avoid mistakes
  • Establish a foundation for the admissibility of electronic evidence
  • Clarify any opinions expressed in the affidavit(s) or report(s)

So, when the deposition phase occurs, it’s important that your expert be able to survive a Daubert challenge. You don’t want to have all the work tossed out because the collection of data was not done properly or not performed by someone that has appropriate experience. It’s important to try to avoid mistakes, which sometimes typos happen and whatnot but trying to minimize mistakes typically requires giving your expert time to review and proof their report. Having other peer review processes performed and engaging with your expert to make sure that everything is clear and understandable. And ultimately, you’re trying to establish a foundation to admit important information that relates to EMR so that you can clarify what events took place and having your expert be able to explain that to a judge is really important.

12. Trial Testimony with Prep

  • Select an expert that is skilled at presenting technically complex information to non-technical audiences.
  • Verify that your expert has court testimony experience.
  • Ensure your expert has time to review materials before trial.
  • Most cases never make it to trial and settle earlier where the EMR speaks for itself.

So one of the things you want to look for when you’re picking an expert, you want to look for identifying an experienced expert that has testified on cases before and is capable of taking technically complex information and presenting it in an easy-to-understand manner. And that isn’t always easy for many geniuses out there that understand a lot of complex information. You want to make sure again, that your expert has time to refresh and review the materials before trial. Experts that are busy are going to be in many different cases and shifting between one med mail case matter in another involving EMR takes some time to shift.

So, I like to try to work on a case solidly for a period of time, get it up to a report, finish that and then come back to a case at the next checkpoint so that I can focus and not be split between two similar but different cases. As I said before, most cases never make it to trial because ultimately, the electronic medical records, if obtained and produced in their entirety with the date and time that they were entered, modified, and whatnot, that data will typically speak for itself. So, whether you’re defending a case or pursuing one, getting an understanding of events that took place, it’s highly critical.

13. Case Settles or Case Dropped

  • In our experience, in cases where EMR has been withheld or manipulated, settlement agreements are usually reached.
  • Establishing that the medical record doesn’t support allegations of abuse can result in a case being dropped.
  • Settlement offers increase when you are able to prove that the health care provider purposely withheld information.
  • Proving willful fabrication or manipulation of the EMR can help win the highest settlement.

So when we find examples of manipulation of information, settlement agreements are usually reached because if a hospital took a case to trial and it was proven that they manipulated the records, they would face far more litigation from other plaintiffs as a result of that. In some cases, some of the outcomes might not be to have a cash settlement, it might be for a parent to regain custody of their child because there were inappropriate allegations of harm that aren’t substantiated by the electronic medical record. If you can prove that a healthcare provider purposely withheld information, it’s really helpful to get a settlement or a favorable outcome if you’re on the plaintiff’s side. And again, as I said, what I’ve seen is the highest settlement offers usually come if you prove the willful fabrication or manipulation of EMR.

I had a case back in, I think it was around 2004 involving a heart catheterization operation that went wrong, and days after the operation, the patient was discharged and then passed away. It’s an unfortunate circumstance that left a family with one less parent. In that case, so years after the accident, the surgeon produced a CD disk that contained the video clips documenting the surgery. But what happened when I examined the CD, I was able to establish that the CD had been created a month previously. The CDs have headers that show the date and time that they’re created by a specific computer.

Furthermore, I looked at the video clips, there were DICOM video files. DICOM is digital imaging and communication of medicine and these video files had embedded metadata that showed the sequence number and the date and time and length of the clip. Well, what had happened is I think it was clip six, seven, and eight were deleted nine, 10, and 11 were renumbered to be six, seven, and eight. So there were three video clips that were removed and then the renaming of the files effectively made it look like the deleted clips never existed. Well, in doing forensics on that, I was able to establish what had happened and then during my deposition, I testified to that. At the end of it, the attorney for the hospital asked me, do you have any proof that the hospital had anything to do with this? Keep in mind, the surgeon was the one who produced the CD years after the operation.

Oh, my reply to the attorney for the hospital was if, given the opportunity to examine the hospital’s equipment, I could determine whether or not the CD that was produced was generated by their equipment and my deposition ended. Quickly after that, they asked for my business cards and then the maximum settlement of the insurance coverage from both the surgeon and the hospital, that offer was made in the case of, so it was a favorable outcome.

One other thing too, in many cases that have caps on liability, if the plaintiff is able to prove willful manipulation, in some states, those caps go away. So, if you’re defending a hospital in one of these cases, having someone like myself help you determine if the EMR shows willful manipulation or fabrication. That can be very important because exposure to the hospital could be much greater than in the case where things simply, you know, mistakes happen and unfortunately, mistakes happen and good people suffer harm as a result of disease, surgeries, and whatnot. But in situations where bad things happen and then individuals in a healthcare organization take efforts to fabricate the record, to make it look other than what events really took place, that can be very risky for a healthcare provider. And knowing that early on in a case is really important that hospitals know that and other health care providers. So in those situations, I’ve had a lot of experience digging in and answering those questions quickly before the plaintiff gets their answers. I’ve also helped the plaintiff get the answers to those questions and reached satisfactory settlements.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPPA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/

BIPA Webinar Coming Soon

Panelists

The Illinois Biometric Information Privacy Act (BIPA) passed in 2008, has been used to pursue class action lawsuits against companies in and outside Illinois. Leaders that have and are shaping the future of privacy law, both in Illinois and throughout the United States will come together to have a thoughtful discussion and dialogue on the future of privacy law and the role biometrics plays in the past and future. Join us for this upcoming webinar free to registered participants. Sign up on EventBrite.com.

Recent BIPA Settlements in the News:

  • Facebook finalizes $650M BIPA settlement
  • TikTok Reaches $92 Million Settlement in BIPA Lawsuit
  • Six Flags agrees to $36 million settlement over fingerprint scan privacy allegations
  • $25M Settlement in BIPA Class Action against ADP

BIPA Panelists Include:

This image has an empty alt attribute; its file name is IrisMartinez-4.jpg
Iris Martinez
Cook County Clerk of the Court
Original C0-sponsor of the Illinois Biometric Protection Act (BIPA)
Former Illinois State Senator and Assistant Majority Leader
This image has an empty alt attribute; its file name is karen-yarbrough-2.jpg
Karen Yarbrough
Cook County Clerk
Original Co-sponsor of the Illinois Biometric Protection Act (BIPA)
Former Illinois State Representative and Assistant Majority Leader
This image has an empty alt attribute; its file name is DebbieReynolds-1.png
Debbie Reynolds
Data Privacy Consultant
DebbieReynoldsConsulting.com
This image has an empty alt attribute; its file name is Kantrow_Josh-1.jpg
Josh M. Kantrow
Partner
Lewis Brisbois
This image has an empty alt attribute; its file name is LeeNeubeckerOpenCollarHeadShot.jpeg
Lee Neubecker
President, Enigma Forensics, Inc.
Data Forensics Expert
Moderator

Keys to Unlocking the EMR Audit Trails (Electronic Medical Records)

Have you ever requested Electronic Medical Records (EMR’s) and its beyond difficult to read? The printed pages are not searchable, mixed in with junk, lacking versions that you know should be recorded? Check out this video blog with transcripts. Lee Neubecker, CEO and President of Enigma Forensics offers keys to unlocking the mystery of EMR’s.

Click to view Video on Keys to Unlocking the EMR Audit Trails
(Electronic Medical Records) 



Video Transcripts follows:
EMR Audit Trails, as produced by Healthcare Providers during medical malpractice discovery, frequently filter out the important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.

Lee Neubecker: So today, we’re going to be talking about the keys to unlocking Electronic Medical Record Audit Trails. We have a mixture of people on the webinar today. I know some people represent healthcare providers. Other people represent litigants involved with medical malpractice. I’m going to be talking a little bit today about how the process works.


Scenarios where Electronic Medical Records (EMR) are important

  • Eldercare neglect or abuse
  • Failure to provide appropriate & timely care leading to patient injury
  • Failure for staff to provide to correct type of care
  • Credentials of staff that performed procedures
  • Discussions between staff are relevant
  • Establishing the supervising physician neglected appropriate care
  • Allegations involving child welfare accusing parents of harming a child

Lee Neubecker: We’ll begin with discussing some of the scenarios where Electronic Medical Records are relevant and important. If you’re suspecting that the elderly has been abused in a nursing home, that could be important to know. Records of care when medications were provided, whether or not patients were neglected. All of that information can be discerned from reviewing the electronic medical record history. In some cases, there’s allegations about not providing appropriate care over time or the staff providing the wrong type of care. So, many of these cases become litigated in various medical record experts or clinical experts get involved. We’ll be talking about later today about how you really want to start with getting command of the EMR or Electronic Medical Records so that it can be efficiently reviewed not only by you and your team but also by any experts that might be retained to assist with the case. It’s important to understand that there might be discussions between staff, physicians and nurses and whatnot that aren’t in the progress notes or printed medical record. So we’ll be covering that in a little bit. Allegations about harm to children by parents or healthcare providers. That’s also relevant as well. In some cases, we’ve seen situations where the chart reflects a certain color of bruising many days after a child was admitted into a facility for care but the coloration of bruises often can suggest that the bruising happened before entry into a facility. On a case like that, knowing whether or not the child was bathed and whether it was reported early on can help determine was the child injured in the health care provider’s place of care or did it happen prior to admission?

What typically happens when you request the EMR

  1. Printed pages (not searchable)
  2. Mixed in with junk
  3. Sorted most recent to oldest
  4. Lacking version historical revisions
  5. Limited reports that have unnecessary filters
  6. Hold back on communications (Sticky Notes / Routing)
  7. Records entered not contemporaneously to events 

Lee Neubecker: So what typically happens when you ask for the electronic medical record for your patient or your chart, the healthcare providers will often produce it in the most unhelpful way. They might print it if it’s printed or dumped to a PDF that’s flattened, it’s not searchable.

It might be included with lots of redundant information, out of order, sorted not intuitively from oldest to newest, but backwards. Oftentimes, the version revision history of the progress notes are completely missing. So, for instance, if you have an Epic EMR production. With Epic, they have the ability to enable the specific version number so that you can determine the revision history over time and that isn’t always what’s included in the printed report that gets produced.

Some reports will have unnecessary filters. For instance, if only named providers are shown and you don’t see a mixture of healthcare staff providing care to a patient, that might suggest that the report was produced with only the name key healthcare providers included. And so, when you’re requesting electronic medical records, you really want to be very specific to say, use no other filter other than the patient identifier or the patient medical record number, date filters and whatnot, narrowly defining the date and time when the patient was in the hospital or healthcare facility might result in filtering out of important records that show that the chart might’ve been modified or manipulated well after the patient’s departure from the facility and after the patient experienced some type of harm.

Another thing I see, sorry about that. Another thing I see that happens sometimes is in addition to different filters, such as like filtering by date or filtering by healthcare provider or department, sometimes the filters aren’t displayed on the reports and you really want to be able to understand what filters are used. One other filter that might be used without your knowledge is whether or not the record is considered confidential.

Confidential would suppress the record oftentimes from appearing on the printed medical record report. So you want active, inactive, all version history, confidential, you want the entirety.

Another important thing that is relevant in many cases involves the communications between healthcare providers. With Epic, you have the ability and with Cerner, you have the ability for routing of communications, either almost like an email system within the healthcare system or something known as sticky notes, which is basically like an instant messaging platform between healthcare staff about a patient.

And there’s documentation out there where hospitals say that sticky notes are not part of the medical-legal record. Well, HIPAA requires that all that data be retained. So the data is in there, it’s in the backend database or you have to inspect the hospital information system to be able to document it on the photo or on video.

Another thing that we see a lot of our records that are entered in, after the fact, when you enter a record into a hospital information system, you can list the reported date and time of the event but that is oftentimes different than when the record was actually saved and created in the system. So we’ll talk about that more as we go through.

Important Concepts & Terms

  • (EMR) Electronic Medical Records
  • (EHR) Electronic Health Record
  • (HIS) Health Information System
  • (PACS) Picture Archiving and Communication System
  • (ePHI) / (PHI) Electronic Protected Health Information
  • Data Dictionary
  • Delimited Format
  • Native Files
  • Audit Trail
  • Audit Logs
  • Pivot Tables
  • OCR (Optical Character Text Recognition)

Lee Neubecker: First, I’d like to cover some important concepts and terms that are relevant to Electronic Medical Records in medical malpractice litigation.

EMR, Electronic Medical Records is synonymous with EHR, the Electronic Health Record. A hospital Information System is sometimes referred to as HIS and that’s like Cerner or Epic or Meditech or whatever software system is being used to manage the patient care and store their electronic medical record. PACS is specific to video, phototypes involved with the documentation of electronic medical records, as it pertains to things like MRIs, x-rays, videos of surgeries, and so on. And each of these systems often has its own audit logs separate from the HIS system. ePHI is Electronic Protected Health Information. That’s what all the stuff is about.

Data dictionaries are abstract or key to help you to cross-reference the initials of the health care provider or the department or procedures or lab test results to the friendly name. And if you’re working on one of these cases, you want to include in your request for production, a production of the data dictionary, so that you can make sense of the charts and records that are produced to you.

Another thing that I like to ask for when I’m getting electronic medical records is to request that that data be produced in what’s known as a delimited format, which is like a spreadsheet format, sometimes known as comma-delimited. That allows you to manipulate the data much more easily and filter and aggregate and do things that can help you see into what’s happening quickly without having to review oftentimes tens of thousands of pages.

Native files refer to the file as it exists. Like if there’s a transcription that’s saved as a WAV file that has the original doctor’s notes, asking for the native file of the transcriptions would give you the actual file that was recorded, as opposed to some transcription of the file.

Audit trail or audit logs, HIPAA requires that data be stored about the creation, modification and access of electronic health records. And these audit logs will show when things are added, updated, modified. The logs and audit trails that are produced often don’t answer the key question about what changes are happening. And usually, I get involved with helping the parties understand well, what really happened? What was a real revision history? When did it occur? Who did it, from what computer? At what date and time was data deleted? Was it added? And that’s very relevant to many medical malpractice cases. When we’re analyzing data, some of the things we can do, we can take the electronic medical records if they’re produced in a delimited format, we can quickly prepare aggregate summary charts that might show how many minutes did, or how many interactions with the EMR did the supervising physician have? What dates and time where the records looked at? When did modifications occur? If modifications occurred after a patient’s discharge, which I see quite a lot of times, that can be suggestive of efforts to fabricate the medical record history.

When we get the data, in addition to trying to get it into a delimited or a spreadsheet format, we’d like to make sure that the data is OCRed, which is optical character text recognition, that allows for searching and key concepts, names of providers, dates and times and so on. And all of that can be very important as you work a case.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

 

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPPA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/

Cyber-Attacked on Supply Chain Again!

In lieu of the recent ransomware cyber attacks on critical supply chain assets, Enigma Forensics analyzes two recent cyber attacks and what lessons we have learned.

Cyber attacks on our supply chain. Will it stop? Enigma Forensics is a cyber forensic company and our love for data security keeps us focused on the 4W’s and 1H of a Cyber Attack. Here’s the latest of two very important cyber attacks on our crucial supply chain.

Who was involved? What happened? When? Where? How did it happen?

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, experienced a ransomware cyberattack. Colonial Pipeline carries gasoline and jet fuel mainly to the Southeastern United States. The cyber attackers impacted computerized equipment managing the pipeline. They took the company offline and wanted a sizable ransom to reverse the cyber attack.

This pipeline disruption caused an immediate reaction. Americans felt a rise in gasoline prices, people were panic buying and there were crazy long lines at the pump. Some areas reported no gasoline at all. What was the company’s response? Colonial Pipeline’s CEO Joseph Blount reported, they learned the criminal cyber attackers infiltrated Colonial’s computers through a legacy or old virtual private network, commonly known as a V.P.N.

Joseph Blount, CEO of Colonial Pipeline paid approximately $5 million in Bitcoin ransom to the attackers. Blount told the Senate Homeland Security Committee at a hearing, paying the ransomware was the hardest decision of his career. Blount said he knew how critical Colonial’s pipeline is to the country and he put the interests of the country first. When asked about the security on the particular VPN that was hacked, Blount said it was not a two-factor security password that texts to a phone but single factor authentication using only a plain text password. He said it was more complicated than the typical Colonial123 password. Lesson learned?

Following the attack on Colonial Pipeline, another ransomware cyber-attack occurred on our supply chain.

JBS Meat Packing Hack (it rhymes!)

JBS is considered to be one of the largest meatpacking companies in the world. At the end of May, they reported cyber criminals used ransomware to take over the company’s network systems and stopped meat production. JBS revealed they made a payment of $11 million to a Russian-speaking ransomware gang called “REvil” to protect JBS meat plants from any further impact on farmers, grocery stores, and restaurants.

Why are we seeing a surge in targeting a crucial supply chain?

There are many contributing factors in the recent wave of hacking attacks. It’s a fact more folks are working from home and lack the cybersecurity necessary to guard against intrusions. Another large contributing factor is that software used to allow bad actors to break into a network system is more sophisticated and readily available. The largest factor is that the United States companies are more globally connected than ever before therefore increasing their exposure to cybercriminals.

Who’s in Charge?

You might be asking who is in charge. It’s the United States Department of Homeland Security (DHS). Its stated missions involve anti-terrorism, border security, immigration and customs, cybersecurity, and disaster prevention and management.

Cyber Security Prevention

June 10, 2021 – The Department of Homeland Security Cybersecurity and Infrastructure Security Agency unveiled guidance for defending against ransomware attacks targeting operational technology assets and control systems, in light of the rise in critical infrastructure attacks.

The guidance joins a host of federal agency and White House efforts to crack down on ransomware and improve threat sharing between entities, as the frequency and disruption of attacks continue to ripple across the country. Combining knowledge and sharing prevention ideas will be the key to thwarting future attacks.

Fingers Crossed that the guidance works. We have all learned the lesson that it’s vital that we secure our supply chain in the United States and abroad. We don’t want to say what’s next!

Check out this series of our video blogs pertaining to cyber breaches!