28 Trial Lawyer • Summer 2023 They will also miss out on incentive programs for eligible professionals and hospitals that adopt, implement and use EHR technology. EHR products that cannot produce an audit log/trail by simply entering the query time frame, pushing a button, and logging into a dropdown menu of basic criteria such as log on attempts, log off, system, security, chart, encounter, person, will not comply with compliance certification requirements for usability and accessibility set forth in 45 CFR §170.314(d) or §170.315(d) and 45 CFR §164.304. A medical defendant’s claims of undue burden in response to requests for the audit trails should be viewed with skepticism and suspicion because an EHR that does not include an easily “useable” and “accessible” means of accessing necessary reports simply will not be marketable nor comply with the certification requirements. Where the truth lives In Jean’s case, the hospital produced multiple separate audit log reports. It produced an audit log report for the history of the emergency department note with all the revisions, who looked at the note and when they looked at it. It produced separate audit data reports for the orthopedic consult note, the progress notes of the hospitalist, the operative report and the discharge summary. The hospital also produced a chronological order summary, showing all the orders, the reasons for the orders, and who reviewed the orders and when. It produced an access log showing a chronological list of all users who accessed the medical record and what they accessed. It produced another audit trail alphabetized by user, showing what each user did and when. We took the deposition of the hospital’s IT person to help understand the audit logs and to authenticate the documents for trial. Other witnesses, such as doctors and nurses, may not be aware of the audit data and will not be able to explain it or authenticate the logs. Usually they have not seen the logs before and don’t know what they mean. In Jean’s case, the IT person was eager to explain the inner workings of the electronic medical record system. She explained what each audit trail depicted and how it was generated. She explained that the reports were created and printed at the click of a button. She explained in detail what the abbreviations meant, and she told us what other reports could be generated. It is increasingly common for lawyers to request an on-site inspection of the electronic medical record, especially when they suspect the hospital is not producing key documents. Before the inspection, the parties should agree on an inspection protocol. The inspection protocol should stipulate that a hospital representative with the highest level of EMR access will navigate the patient’s record and be able to print, screen capture and save to PDF. The inspection should be videotaped, and a court reporter should be present. The hospital representative should be able to shadow or use another’s credentials, which would allow the lawyers to see what the user saw at the time of the treatment. The parties should have access to all versions of entries into the medical record, including chart corrections, addendums, strike outs, redlines and changes. In Prieto v. Rush University Medical Center, supra, after years of discovery abuse by the hospital in failing to produce audit trails, the judge attended an on-site inspection of the decedent’s EMR. With the assistance of an EMR expert, the judge observed live the various audit trails the defendant hospital had denied existed and failed to produce. The judge was frankly infuriated, granted the plaintiff’s motion for sanctions and struck the defendant’s answer, ordering that the only issue to be tried was Audit Trail Continued from p 27
RkJQdWJsaXNoZXIy MTY1NDIzOQ==