Obtaining and Using Electronic Medical Records in Personal Injury Cases
a. Case Law Update
Federal legislation in 2008 (Medicare Improvements for Patients and Providers Act of 2008 “MIPPA”, codified at 42 U.S.C. § 1395w-3 and 2009 (American Recovery and Reinvestment Act of 2009,“ ARRA”, codified at 42 U.S.C. § 1396b(t) (2018) (“Payments to encourage adoption and use of certified EHR technology”) put into place special payments to physicians to induce the adoption of electronic medical records (EMRs), also referred to as electronic health records (EHRs) and personal health records (PHRs). The most popular EMR systems include Epic, Allscripts, eClinicalWorks, NextGen, Cerner, and GE Healthcare, although there are many more manufacturers and systems available. The widespread use of EMR systems by health care facilities (i.e., hospitals, clinics, long-term care facilities, etc.) necessitates tailoring interrogatory and requests for production discovery requests to ensure obtaining the complete EMR, preferably in native format.
For example, here is a request for production seeking the EMR, and the response from the defendant and a reply summarizing discoverability:
Request for Production No. 1. Ms. [Doe’s] EMR in native format.
RESPONSE: A complete set of Ms. [Doe’s] medical records has already been produced.
REPLY: This is non-responsive. We are entitled to discover Ms. [Doe’s] electronic medical record in native format as how [Def.] handled its medical practice including its patient portal and notification, alert and action plan systems. See Baker v. Geisinger Community Medical Center, 2017 WL 1293251 (Pa. C.P. 2017) (granting plaintiff’s motion to compel discovery of audit trail); Rauchfuss v. Schultz, M.D., 2015 WL 6125374 (Va. Cir. Ct. 2015) (granting on-site viewing of electronic medical record pertaining to decedent for underlying data that plaintiff’s counsel deems relevant, with the right to print that information to be reviewed later, as well as requiring defendant to provide data dictionary, edits, warnings popups and dropdowns); Rauchfuss v. Schultz, M.D., 2015 WL 6125377 (Va. Cir. Ct. 2015) (granting access to view data dictionary and providing protective order to protect proprietary information); Borum v. Smith, 2017 WL 3014487 (W.D. Ky. 2017) (holding that defendant’s contract with electronic records provider did not preclude discovery by plaintiff in medical malpractice case; nor were there any statutory barriers to access to EMR system. The plaintiff was allowed to perform an in person inspection of her medical record on the system itself, and to extent it is in fact impossible to produce an exact electronic copy, court required defendants to provide a printout of the entire audit trail).
b. Audit Trails
With the EMR one can electronically track the activities of all users within each specified medical record. Tracking occurs through metadata, access logs and audit trails. Metadata is the computer-generated and computer-stored “data about data. Access logs can create a report of all users who have accessed a specific medical record within the EHR. Most facilities and practices analyze access logs regularly for HIPAA compliance and potential hacking threats. Audit trails, also called audit logs, are a kind of metadata that provide documentation of sequential activity within a software application. An audit trail is a chronological record that provides a permanent record of all user activity, including who accessed the electronic medical record and from where; log on and log off times; what was viewed and for how long, as well as any changes, additions, or deletions; to enter new data or modify, or delete existing data; printing; and whether alerts or warnings were overridden, etc.
For example, a plaintiff’s attorney can use the information in an audit trail to see who had been in the medical record after the event and what they were looking at; to target who or what the attorney might want to also give special attention. In a recent case we obtained the audit trail to show each time the physician and nurse practitioner accessed the patient’s record and patient portal to show that missed treatments and oversights.
c. Emails, Texts & “Patient Portal Records”
Medical records may not be perceived by a health care provider to include e-mails, texts or patient portals. In many cases, however, e-mails, texts or patient portal entries and responses may be particularly relevant. Accordingly, do not overlook these sources for discovery. Here is an example request for production:
Request: Please produce each and every document or thing in the possession of or reasonably available to the Defendant relating in any manner to the incident which is the subject matter of the Complaint or its investigation, including, but not limited to, all medical records, ESI, the EMR, texts, emails, phone calls, phone records, letters, drafts, messages, instant messages, patient portal messages and replies, reports, investigations, CCTV footage and/or video.
Note: As of April 2021, “patient portal” entries must be provided to the patient. See .” See https://www.healthit.gov/curesrule/.
For more information on the effective use of medical records in personal injury cases see: