Electronic records and metadata: Old and new liability risks

Sep 12, 2018

Metadata from an EHR form an audit trail of activity, which can make or break a malpractice case.

Electronic records are ubiquitous. Whether confined to one provider or group’s record of a patient’s care, the electronic medical record (EMR) or the comprehensive record of a patient’s entire care, the electronic health record (EHR), are now the standard for documenting a patient’s care. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 authorized grants and incentives totaling an estimated $28 billion to promote “meaningful use” of EHRs by providers.1 In recent years, EHRs have become somewhat more user-friendly, allowing customization to enhance efficiency and access to critical information in a patient’s record. The benefits are tangible, but new risks with EHRs are becoming evident. 

EHR benefits

EHRs offer opportunities. With them, there is no question that records are legible, a significant improvement over hand-written accounts. When EHRs are complete, they enhance the quality of patient care and potentially reduce errors. Access to a patient’s complete history allows all treating providers to coordinate care and communicate about the patient’s care. EHRs offer rapid access to imaging studies, laboratory findings, pathology, and outside records, improving efficiency and care coordination. Better documentation of clinical decisions and activity, through both user-entered data and metadata, may improve the ability to defend against malpractice claims when care was appropriate. Automatic alerts warn physicians about a patient’s allergies, potential harmful drug interactions, and caution about use of medications that may be contraindicated based on a patient’s medical conditions. Care pathways offer consistent, evidence-based guidelines to enhance care and minimize complications. Ultimately, universal access to care wherever a patient is seen would markedly enhance efficiency and quality. 

EHR risks

EHRs also present new challenges and risks. Liability can be increased based on inherent designs. Templates bring in data and assessments that may not have been performed or reviewed. Copying and pasting potentially propagates errors in documentation. Many “assessments” in EHRs merely list the diagnoses associated with the visit. Failure to document one’s thought process, assessment of the potential causes of the condition, and a thorough differential diagnosis reduces defensibility (Kevin J. Kuhn Esq., Wheeler Trigg O’Donnell LLP, Denver, Colorado, personal communication, June 22, 2018). 

Most juries understand physician judgment. Unfortunately, documentation in EHRs may not reflect this judgment. The ability to access all facets of the patient’s care could create a duty to act on the information. Even worse, metadata will document if the provider reviewed critical documentation found elsewhere in the record. Deviation from care guidelines and clinical-decision guidelines may bolster the plaintiff’s case. Academic environments add an additional risk, as attendings must attest to the assessment and treatment plans of trainees. It is incumbent on the attending to read the entire note and ensure that all facets of the documented exam were performed, assessments are complete, and treatment plans appropriate. Failing to adequately review the documentation can expose the attending to liability. 

Metadata and liability

What is metadata? In short, it is data about data. Both EHRs and EMRs automatically generate a time stamp that documents who accessed the document, what was accessed and when, where access occurred, and even how long someone was in the record. 

Physicians facing a suit may be tempted to review the record and clarify some salient points. That is fraught with much risk, particularly in the era of EHRs, with their inherent metadata. Today, it is not enough to defend just the medical record. Now one must defend the metadata. 

An audit trail is metadata that records who, when, where, how and sometimes why a person accessed a patient’s medical record. Typically, the identity of the user who accesses the patient’s record, the time of access, the terminal or device used for access, the action taken by the user (i.e., viewing the record, changing the record), and the substance of anything added to the record and any changes or corrections made by the user are recorded in the metadata, which can be reproduced in the form of an audit trail or log.2 To emphasize the level of detail available, one study by a surgery department assessed preoperative review of computed tomography scans.3 The researchers were able to determine which residents accessed the record, whether just the report was viewed, if the images were viewed, how many images were viewed, and for how long. The authors found that senior residents viewed more images than junior residents or family medicine residents. 

Of note, an audit trail only records who is logged into the computer. Thus, if an attending reviews the images with a resident who is logged in, the audit trail will not reflect that the attending viewed any images. The authors recommended that the attending login separately to view imaging studies and laboratory results to provide electronic confirmation of his or her involvement in a patient’s care. Without such documentation in the metadata, a rebuttable presumption is that the surgeon never looked at the images. 

Adverse neonatal outcome

In an obstetrical case with an adverse newborn outcome, the nurses’ records document that Dr. X was notified of late decelerations. Shortly thereafter, the nurses again documented that they notified Dr. X of late decelerations. Dr. X testified that he reviewed the fetal heart rate (FHR) monitor remotely and the decelerations were not ominous. Metadata demonstrated that Dr. X failed to review the FHR recordings, even remotely. Remember, metadata shows who accessed the EHR, when and where. Dr. X’s credibility was severely damaged. The case was settled for an undisclosed amount. 

Unnecessary hysterectomy with complications

A patient underwent a laparoscopic hysterectomy and suffered a bowel injury. The liability action included a claim of performing unnecessary surgery. At deposition, the surgeon testified that he had fully reviewed all studies in anticipation of the surgery. Multiple experts were deposed supporting the indications for hysterectomy and the surgeon’s performance of the surgery. 

A subsequent audit of the metadata, however, demonstrated that the surgeon did not access the studies until after the suit was filed. Further, it demonstrated that the surgeon had not reviewed pertinent lab results prior to surgery. Even worse, the surgeon altered the record to justify the surgery, with the timing of the alteration found in the metadata. The credibility of the surgeon’s testimony was destroyed, he committed perjury, and the case settled. Further, sanctions were filed against the surgeon because the expert depositions were based on fallacious information. The surgeon paid $90,000 in restoration of the plaintiff attorney’s expenses and is facing possible loss of his license by the state board of medicine. 

How common is alteration of the medical record? One plaintiff’s attorney estimated that 25% of cases involve alteration of the medical record (Personal communication, anonymous plaintiff attorney, June 20, 2018). As such, an audit trail expert is hired for every case. This expert examines the digital footprint of record, determining if there have been deletions, alterations, or modifications to the record. This has resulted in settlement of a number of cases-particularly if the modifications occurred after litigation began-that perhaps otherwise would have been defensible. Experts in metadata also advise the attorney on questions to ask to establish this type of evidence. 

Making changes to the medical record 

An EHR has the ability to generate templates for specific diagnoses or symptoms, which can be convenient and efficient. But errors in data entry can be propagated by copying and pasting. When discovered, a “correction” should be made. Corrections are changes in a patient’s medical record during the normal course of treatment.4 A change made prior to the issue of a claim or lawsuit would be considered a correction. Corrections are acceptable provided they are made appropriately. 

Institutions and practices should establish a policy for appropriate medical record corrections. Typically an addendum is made to the medical record, denoting the date, time, and author of the correction and the reason for it.5 Striking through the erroneous entry with a single line is preferable. If appropriate, attention should be directed from the erroneous entry to the corrected entry. Once the correction is made, the erroneous entry should not be removed or deleted because it may have been relied upon by other health care team members.4 Removing or deleting such data alters the integrity of the medical record. Authorized and transparent alterations are considered a testament to the medical record’s accuracy, freedom from unauthorized alterations, and completeness.6 When done appropriately, these corrections will not be construed as altering the medical record. 

In contrast, an “alteration” is when a provider receives a notice of suit and then goes to the medical record to “clarify” certain points, particularly for the purpose of aiding defense of the claim. Such alterations are considered a deliberate misrepresentation of the facts. Discovering such alterations during litigation severely impacts the ability to defend a claim. Further, many liability policies exclude coverage for claims in which the medical record was altered. Providers must not alter the medical record after receiving notice of a claim. In addition, after receiving notice of claim, physicians should refrain from accessing the medical records without first speaking with their liability carrier or legal counsel. Such access infers the possibility of record alteration. 

Summary

EHRs offer great benefits with some potential new areas of liability. However, proper and timely documentation enhances the defense in liability actions. Metadata will become the standard when integrity of an EHR is questioned. “Metadata is evidence, typically stored electronically, that describes the characteristics, origins, usage and validity of other electronic evidence.”7 According to one attorney, “Metadata is discoverable evidence that our clients are obliged to preserve and produce. Metadata sheds light on the origins, context, authenticity, reliability and distribution of electronic evidence, as well as providing clues to human behavior. It’s the electronic equivalent of DNA, ballistics and fingerprint evidence, with a comparable power to exonerate and incriminate.”

 

Acknowledgements: A special thanks to Kevin J. Kuhn, Esq., a defense attorney with Wheeler Trigg O’Donnell, LLP, Denver, Colorado, for his insight and defense perspective on electronic health records. Also, a special thanks to the anonymous plaintiff attorney for his perspective on metadata and the use of audit trails in litigation. 

 

 

References:

  • Mangalmurti S, Murtagh L, Mello MM. Medical malpractice liability in the age of electronic health records. N Engl J Med. 2010;363(21):2060-2067.

  • Meyer J, Tomes J, Neubecker L. Electronic medical records: metadata as evidence in litigation. Ill Bar J. 2013;101(8).

  • McLean T, Burton L, Haller C, McLean P. Electronic medical record metadata: uses and liability. J Am Coll Surg. 2008;206:405-411.