3. ! BALKANIZATION OF JURISDICTION: TOO
MANY OR TOO FEW RESPONSIBLE FOR EHR;
BLURRED LINES OF JURIDICTION (IT?
RECORDS? RISK MANAGEMENT? LEGAL?)
! LACK OF CONSISTENCY BETWEEN AND WITHIN
ORGANIZATIONS (Clinical divisions may have
different applications)
! NO DEFINITIVE CENTRALIZED
UNDERSTANDING OF DATA CHARACTERS
AND REPOSITORIES (What do we have and
where is it?)
4. ! NO CENTRALIZED RESPONSE MECHANISM FOR
EXTERNAL DEMANDS
! POTENTIAL FOR LOSS OF DATA DUE TO LACK OF
PRESERVATION PROTOCOL
! HITECH INCENTIVE PAYMENT REQUIREMENTS
(“MEANINGFUL USE) MANDATE CAPABILITY TO
TIMELY EXCHANGE KEY CLINICAL DATA WITH
CAREGIVERS AND OTHER PATIENT-DESIGNATED
ENTITIES (courts, counsel, etc.) AND REPORT TO
OVERSIGHT ENTITIES
! RISKS OF EHR IN LITIGATION
5. ! EPHI PRESERVATION PROCESS (“LEGAL HOLD”)
WITH DATA MAP
! EPHI DEMAND RESPONSE PROTOCOL
! HITECH INCENTIVE PAYMENTS APPLICATION
AS A BUSINESS DRIVER FOR INITIATIVE
! HIPAA SECURITY RULE PROTOCOLS AS
DOCUMENTATION OF CHAIN OF CUSTODY
FOR ELECTRONIC EVIDENCE
! INFORMATION PROTOCOLS LEAD TO
EFFICICIENCIES, ENHANCED QUALITY OF CARE
6. ! Court Rule, effective August, 2010, requires
counsel to discuss electronic discovery at
Preliminary Conference
! 1st and 2nd Departments of Appellate Division
have ruled on e-discovery issues (i.e., cost-
shifting)
! Plaintiffs’ bar is holding e-discovery seminars
for malpractice (“Preservation Letters” sent)
! New England Journal of Medicine article
“Medical Malpractice Liability in the Age of
Electronic Medical Records” (11/18/10)
7. ! HITECH Incentive Payment Requirements:
“Meaningful Use” mandates demonstrated
capability to:
! Exchange key clinical information with caregivers
and other patient-designated entities (emphasis
supplied)
! Report electronically on quality of care metrics and
other aspects of care to oversight entities
$27 Billion available, up to $10 Million per hospital
(determined by formula), but Meaningful Use
criteria must be met
8. " Adverse Inference Jury Instruction: Jury told it
may presume data not produced would reflect
negatively on position of producing party. This
Instruction was largely responsible for $29.3
Million verdict in Zubulakev. UBS Warburg after
only 30 minutes of deliberation
" Loss of the case: Entry of judgment against party
unable to produce data. Qualcomm v. Broadcom
(Qualcomm patent held unenforceable due,
among other things to discovery abuses; $6
Million in sanctions assessed)
9. ! A Legal Hold Process, more than mere
notification of obligation to preserve by a
Legal Hold Notice, is required. See Pension
Committee of the University of Montreal v.
Bank of America Securities, LLC, Case No.:
05-CV-9016 (Jan. 15, S.D.N.Y.)
! Documented follow-up to show defensibility
of process is critical. Cache Le Poudre Feeds,
LLC v. Land O’Lakes Farmland Feeds, LLC,
2007 WL 684001 (C. Colo. Mar. 2, 2007)
10. ! STEP ONE: THE DATA MAP. What types of
EPHI do you have ?
! Progress Notes, Nurses Notes, Orders, Medication
Records, etc.
! Labs
! Radiology Images
! Communications (emails and texts between
caregivers and between caregivers and patients)
! Audit Trails and other Metadata (who accessed
patient record? What did he/she do with it?).
Increasingly in demand
! Social Media
11. ! STEP ONE, DATA MAP, cont’d: Where are
these data?
! Servers, desktops, laptops
! Smartphones and Portable Media (iPads, USB’s, etc.)
! Home computers
! Backup Media (tapes, etc.)
! Cloud repositories
! Proprietary and legacy systems
12. ! STEP TWO: HOLD TRIGGERS, DISTRIBUTION
AND TRACKING OF HOLD NOTICE,
COMPLIANCE AND COLLECTION
! Formation of Legal Hold Team, facilitated by outside
counsel
! Decides when to issue written Legal Hold Notice, and
release Legal Hold
! Oversees, per Procedures, identification of those most
likely to have relevant information beyond the chart
! Determines preservation methods and production of
requested information
13. ! POTENTIAL BUSINESS DRIVERS:
! Meaningful Use and HIPAA: Capability to
exchange Key clinical information with caregivers
and other patient designated entities. Requires
demonstrated ability to identify key information,
preserve data, collect it, and produce it in a
timely and (additional requirement) HIPAA-
compliant manner
! Cost Savings ROI: Central Jurisdiction over EPHI
reduces expensive redundancies, enhances
quality of care, reduces legal costs in discovery
14. ! New England Journal of Medicine, Nov. 18,
2010 outlines some risks of EHR in
malpractice litigation:
! Defaults in medication application could lead to
injurious doses
! Metadata memorializes any record alterations and
also timing of review of records
! Clinical support system (safety prompts) establishes
standard of care; deviations not adequately
explained
! Incorrect or missing entries
15. ! Transition protocols not clear, resulting in
documentation gaps
! System “bugs” or “glitches”
! Documented failures to respond to patient emails
! Training does not comprise litigation/oversight/
discipline issues, leading to failures to
adequately document, or too much (“smoking
gun” emails)
! Consider litigators as part of EHR design and training
teams. EHR’S ARE STILL WORKS IN PROGRESS
16. ! Reliability: “Computerized data . . . raise
unique issues concerning the accuracy and
authenticity.” Lorraine v. Markel American
Insurance Co., 2007 U.S. Dist. LEXIS 33020
(D. Md. May 4, 2007) at *168
! Authenticity: Is the email what it purports to
be, i.e., a chart entry, other business record,
etc.? Origins and Chain of Custody must be
established. Id. at *68. See also, State of New
York v. Microsoft, 2002 U.S. Dist LEXIS 7683
(D.D.C. April 12, 2002
17. ! Courts are new to this area and need education
by counsel who, in turn, require education on the
hospitals’ systems from internal resources (IT,
Risk Management, Records)
! Example: People v. Lenihan, NYLJ 11/28/10 (S.
Ct., Queens Cty.): Court excludes MySpace
photographs because “ability to ‘photo shop’
photographs . . .(means) defendant could not
authenticate the photographs). . .”
! Court had no knowledge of proper authentication
procedure (did counsel?) and thus issued “blanket” ruling
18. ! Foundation for admissibility of EPHI is a degree
of difficulty greater than that for paper
! Security of EPHI, from hospital to technical
vendors (for collection and production) to law
firm presents Chain of Custody Issues because
EPHI is more susceptible to loss or inadvertent
alteration, potentially compromising its integrity
! HIPAA safeguards function as defensible
protocols AND assist in admissibility foundations
(reliability and authenticity)
19. " EPHI, poorly explained, leaves an opening for
doubt and attacks on credibility of the case as
a whole
" Prepare witnesses to testify jargon-free (or at
least be prepared to explain it), even on cross-
examination
" Focus on reliability (counter the “CSI/24 effect”)
" Pictures really do tell a story: visual aids
20. ! LEGAL HOLD PROCESS PREPARATION,
IMPLEMENTATION AND TRAINING
! DESIGN OR REVIEW OF EHR SYSTEMS AND
APPLICATIONS WITH LITIGATION AND
OVERSIGHT
! FORMATION OF INTERDISCPLINARY
DISCOVERY/DEMAND REPONSE TEAMS WITH:
! Risk Management
! IT
! Records
! Legal (in-house, facilitated by outside)
! Clinical