EMR Audit Trails

Electronic Medical Record (EMR) Audit Trails are key to effective electronic discovery during medical malpractice litigation. Renowned EMR Computer Forensics Expert, Lee Neubecker interviews Insurance Defense Attorney Bill McVisk who usually helps defend hospitals embroiled in medical malpractice litigation. McVisk discusses common areas of confusion during discovery of patient medical records. Neubecker relays some of his past experiences helping plaintiffs uncover important medical records that are often hidden from plaintiffs during discovery. The two discuss how electronic medical record systems have often made the process of discovery more difficult and confusing to attorneys and litigants.

The transcript of the interview follows:

Lee Neubecker: Hi. I’m here today with Bill McVisk. He’s a patient medical records expert, a litigator. He works with hospitals that are dealing with EMR-related patient medical records and whatnot. I had him on my show today because I want to talk a little bit about electronic medical records. Bill, they said that electronic medical records were going to revolutionize everything and make everything so much better. What’s the reality of what’s happened since we’ve brought about medical records?

Bill McVisk: A lot of EMR has been great. I mean, there’s an ability of doctors to provide records to other people that they couldn’t have done before. There’s the ability, for instance, of a radiologist to look at a film that was taken, and he can be in San Diego, and the patient can be in New York, and it still works. The problems, though, there are some problems. I mean, the biggest problem I see is that anyone who’s ever gone to a doctor’s… the doctors are focused on their computers instead of focusing on the patient. What they’re doing is hitting all sorts of drop-down menus and stuff, and I think we’re losing something from the standpoint of presenting physicians and nurses in malpractice cases. It creates a situation where you don’t really get a sense of exactly what that nurse or doctor is thinking, and so the records just aren’t quite as helpful in medical malpractice cases as they used to be. On the upside, we can read them now, whereas in the past we had to worry about doctors’ handwriting.

Lee Neubecker: Yeah. I know from experience working as a EMR, a patient medical record expert, that discovery can often become challenging. When an attorney is preparing a witness for deposition related to patient medical records, what are some of the things that you look for and care about in that process?

Bill McVisk: Well, the first thing, quite frankly, is to make sure I have the entire record. I can’t tell you how often I’m getting records where I get part of the record, and for some reason, I don’t know if it’s stored on a different server or what, I’m not getting all of the record. I may get all the physician’s part of the record but not the nurse’s part of the record, and obviously, that’s essential. Other problems, like when I’m preparing a witness for a deposition, the big problem is that they’re not used to seeing these records printed out. I mean, in the past, they would look at the chart, it would be exactly the same as the chart they were looking at in the hospital. Now, they are looking at the chart on a computer screen when they’re in the hospital, but when you’re preparing them for a deposition, you’ve got a paper chart, and the paper chart prints out terribly. Every time there’s a slight change of any kind in the record from one minute to the next, the chart prints out the page again and again and again, so there’s all this stuff, and it’s just getting the nurses and the doctors to know where in the chart their entry is going to be makes it a little bit harder.

Lee Neubecker: Yeah. I have experience working with that, and I know that HIPAA requires that every instance of that medical record, pre-editing and post-editing, that that data be preserved and discoverable, but in reality, a lot of the software packages, they only have reports that run the last version, so to get into the true audit trail, you often have to get into the database backend to get access to that information.

Bill McVisk: Well, and I think audit trails are the other aspect of things that makes it a little bit harder in this situation. In the past, we basically, I could give the original medical record to the plaintiff’s attorney to inspect. If somebody had erased something or done something like that, it’d be pretty obvious. I would hopefully know about it before the plaintiff’s attorney would know about it. Then I’d deal with that. But, it may not be obvious now because people can go in, change records, and now, if an audit trail is suddenly showing me, “Oh, my god, somebody was in and did something “to the record,” and it’s two or three weeks after the treatment was over, or, say, two or three hours after a terrible incident occurred, that’s going to make it look concerning. So I think from our standpoint, it’s a matter of making sure healthcare providers are aware of how to do it in a way that isn’t going to look like you’re trying to fake or lie.

Lee Neubecker: And there’s a big difference between accessing a medical record, and editing it.

Bill McVisk: Right.

Lee Neubecker: That’s where sometimes attorneys on both sides become confused about the significance of what’s happening with the patient record.

Bill McVisk: Right. I mean, records get accessed all the time. Maybe it’s to prepare for a deposition. You have to access the record to look at it. Maybe it’s because there’s followup treatment and you need to access the record. That happens all the time, but sometimes, on these audit trails, it’s not always easy. Is this just an access, or is somebody going in and changing something?

Lee Neubecker: And there’s a whole other layer, too. I know from my experience working with many of the packages that the hospitals often use systems that have something known as sticky notes, where they can put comments about a patient. There’s a wide perception that those notes aren’t discoverable. Just because the software doesn’t have a report that will run it, doesn’t mean that if someone like me is coming in, and I get access to the backend database, those comments about the patient and whatnot become apparent. But unfortunately, it’s difficult to get at that data if you don’t know what you’re looking for.

Bill McVisk: And that creates a real problem if you’re defending the hospital, because if I don’t know about these sticky notes in the beginning, first of all, I’m not going to be thinking, “Oh, my goodness.” Then, if you come and discover them, it obviously is going to be, “Oh. I was trying to hide those notes,” or, “The hospital was trying to hide those notes,” which is always the worst thing you can do as a defendant in litigation. And they’re clearly, if there’s something about a patient in those notes, it’s almost never privileged, it is discoverable, and it should be provided immediately.

Lee Neubecker: Also, you know, there’s a tendency I see for the hospitals to try to cover things up. Do you think that there’s some value in bringing in, when you’re defending a hospital, your own forensic expert to dig around and find out what’s really happening?

Bill McVisk: See, I don’t think the hospitals are intentionally trying to cover stuff up. I really don’t think that’s, I’ve almost never seen that happen. There may be, you know, one or two, but in most of these cases, I think the hospitals are trying to find out what the truth is. That being said, the hospital may not be aware that some of these things, because the risk management for the hospital might not be fully aware of all of the situations that are involved in electronic medical records, and yes, at that point, it may be a good idea for me just to have somebody like you go through those records, let me know. Before I produce them to the plaintiff, I would like to know what’s out there.

Lee Neubecker: It would probably be a lot more useful for you to get just a listing of the changes on the record so you’re not looking at the whole document, but maybe here’s a first instance, and then change one, change two, change three, so you can see before text, after text.

Bill McVisk: Sure.

Lee Neubecker: That’s the type of thing that, unfortunately, there’s not canned reports that are in the software that do that. I think that could be by design of the software makers because they don’t want to make it worse for their clients, the hospitals, but it’s certainly possible that it’s just something that was never asked for.

Bill McVisk: That’s quite possible, and I don’t know any of these software makers, but to me, it would be really helpful to know what those are. Of course, that does make it more discoverable, easily discovered by the plaintiff’s attorneys, but on the other hand, I as a defense attorney need to know about it, and if there’s a change that’s improper, I need to know about it right away.

Lee Neubecker: Yeah. What kind of problems can occur when different providers have different EMR systems?

Bill McVisk: Well, that can create problems of a number of ways. Sometimes, the software of one hospital doesn’t communicate with the software of another. There have been situations, for instance, where a physician enters an order for something to happen, and then because of the software problems, it doesn’t get to the provider who’s supposed to do it, and they don’t know that they’re supposed to do it. That creates serious problems for patient care. And similarly, it’s like, if a hospital is discharging a patient to a nursing home, and they want the nursing home to have a certain specific type of care regimen afterward, that can create problems if they don’t communicate well.

Lee Neubecker: Well, thanks a bunch, Bill, for being on the show. I appreciate it.

Bill McVisk: Lee, thanks so much.

Related Links on the Web:

Please follow and like us:
error

Using Computer Forensics on Medical Malpractice

Summary

The transcript of the video follows

Lee Neubecker: Hi this is Lee Neubecker, I’m here with Jim Meyer from Ialongo and Meyer, and we’re here today talking about patient medical records, specifically electronic medical records. Some of the changes that have happened that impact medical malpractice litigation. So Jim, can you tell me a little bit about EMR and how computer forensics plays a role in cases that you’re litigating, where you’re trying to get a result for your client?

Jim Meyer: Well EMR has changed everything, in regards to medical records. HIPAA is required that the electronic medical records, both be secure and private, that requirement provides that a lot of metadata is collected with every electronic medical record. That metadata itself is very important in… Capturing information about where, when, how and whom, made the medical record, can be crucial in any medical investigation.

Lee Neubecker: Look, can you tell me an example of what type of metadata you might be asking for, and why it would be relevant to the outcome of litigation?

Jim Meyer: Well… The metadata that is most interesting in most cases is, when certain events occurred in a medical record. When a test was ordered, when it was performed, when the results were placed in the patient’s medical record, when the physician saw those results, what orders may or may not have been entered as a result of that medical test. When medication is prescribed, when it’s administered, who administered the medication. Many of these details are now electronically captured, as opposed to being physically noted, as they were in old written medical records. It can make a… Big difference in trying to determine when events occurred in a case.

Lee Neubecker: I know one of the cases I was involved in, I discovered that many of the different default reports that are provided with these medical software packages, don’t necessarily show all available metadata. In fact, what we had to do on one of the cases, we had to work through discovery to try to get the scheme of the database. And then we discovered in once instance that there was something known as a sticky note, that the nurses and physicians could type little comments in, but there was a presumption that would never get printed because it’s not in any of the default reports. So what we actually had to do is find the table that had these notes, and then work to get the data dumped. And as soon as we found that, the case quickly settled, because obviously, the hospitals don’t want everyone knowing what’s going on.

Jim Meyer: That’s a disadvantage that a plaintiff in a case may have. Hospitals often times have entire departments in medical informatics, departments in which they have experts that know the in’s and out’s of the EMR, the metadata collected, often times plaintiffs do not, but they should be aware of the fact that that metadata exists. Extracting it from the record is often times… It is a need for an expert at computer forensics, expert, an IT expert. But it’s important that plaintiffs, and all attorneys, defense attorneys and plaintiffs attorneys realize that that information exists as metadata in these records, it can be obtained. We take great deal of effort to obtain it, but it’s there.

Lee Neubecker: And Jim and I co-authored a paper along with another attorney that appeared in the Illinois State Bar Association on EMR patient medical records, the audit trail and other things impacting HIPPAA and medical malpractice regulations. We’ll put that up here too so that you check that out. Anything else you’d like to add about your practice, Jim?

Jim Meyer: No, we’re happy practicing attorneys in Chicago, Illinois. I would recommend any attorney who is involved in any issue similar to this, to take a look at the article that Lee was kind enough to co-author with me and John Tomes, it really is a lot of information. Detailed information that attorney’s should know.

Lee Neubecker: Great, thank you.

Jim Meyer: You’re welcome.

Read the Illinois State Bar Article co-authored by the interviewed subjects on Patient Medical Records.

Please follow and like us:
error