The New Electronic Discovery Civil Rule

As electronic health record (EHR) technology advances, sophisticated litigators are gaining a better understanding of the information they can obtain from e-mail messages, databases, software applications, computer logs, and metadata. Electronic discovery (e-discovery) is becoming a critical part in gathering and using evidence in legal proceedings, complementing traditional methods such as photocopies, printouts, and digital images of patient medical records.

New changes to the Federal Rules of Civil Procedure related to e-discovery will greatly affect how healthcare organizations manage their electronic records. This practice brief provides an overview of pretrial requirements in the e-discovery civil rule and reviews the relevance and application of each section of the rule to healthcare organizations. Additionally, it identifies the steps HIM professionals can take to prepare their departments and organizations for the challenges associated with e-discovery.

E-Discovery

Electronic discovery involves the access, use, and preservation of information, data, and records created or maintained in electronic media. E-discovery involves more than rephrasing discovery requests to include electronic records and data and simply printing out e-mail. It entails obtaining new information in new forms from new places and new sources and using it in a new manner. Its differing approaches and disciplines include:

The Federal Rules of Civil Procedure

The Federal Rules of Civil Procedure govern procedure for all civil suits in US district courts. They are established by the United States Supreme Court and approved by the United States Congress.

As a result of changing practices, the Supreme Court approved amendments to the Federal Rules of Civil Procedure on April 13, 2006, to address the unique aspects of electronic discovery. The amendments will take effect December 1, 2006, and begin to change HIM practices over time, specifically the management, retention, and disclosure of health information.

Although this rule applies to federal cases, it is expected to set the standard for e-discovery in state and local jurisdictions over time. The implications of these new rules will have far-reaching impact into how electronic records are managed within healthcare organizations.

The new rules present an opportunity for HIM professionals to collaborate with legal, information technology, and senior management in the development of operating policies, procedures, practices, and systems that fully conform and comply to ever-changing rules, laws, and regulations governing electronic records management.

Outlined in the following table is a summary of the relevant changes to the Federal Rules of Civil Procedure. HIM professionals should familiarize themselves with these rules and begin to prepare policies and procedures to respond to e-discovery requests for information.

Changes to the Federal Rules of Civil Procedure Relevant to HIM

Federal Rules of Civil Procedure

Intent, Description of Rule

Relevance

Professional Practice Considerations

16

Pretrial conferences, scheduling, management

Describes the process attorneys will follow before litigation

HIM professionals must be aware that the attorneys (parties) will meet and agree upon matters related to discovery before litigation. HIM and IT must work with the organization’s attorney prior to a pretrial conference to discuss information and record availability.

16(b)

Early attention to electronic discovery issues

Presents a framework for the parties and the court to give early attention to issues relating to electronic discovery, including the frequently recurring problems of the preservation of evidence and the assertion of privilege and work-product protection. It inserts and creates a much stronger role for the judge in the discovery process.

HIM professionals will need to be aware that the rule gives the court discretion to enter an order adopting agreements the parties reach for asserting claims of privilege or protection as trial-preparation material after inadvertent production in discovery. Credibility is established at the beginning of the process; therefore, HIM and IT must communicate with their attorneys before a meeting with the judge. HIM professionals should work with legal and IT to ensure added privilege protections for HIV, mental health, substance abuse, and employee records. In addition, HIM must be prepared to answer or research questions pertaining to the organization’s systems such as location, retention, and accessibility of electronic health information.

26

General provisions governing discovery, duty of disclosure

Describes legal obligation to maintain and disclose relevant records An organization has roughly 90 days after the complaint is answered to make the initial disclosure.

Organizations and HIM professionals need to be aware of this obligation, which is the same as the duties surrounding maintenance of paper records.

26(a)

Early attention to electronic discovery, required disclosures, methods to discover additional matter

Describes responsibilities of parties in initial disclosure and clarifies the party’s duty to include initial disclosures of electronically stored information for data compilations

HIM and IT professionals must be aware that parties involved in litigation are required to meet ahead of time to review and discuss matters related to electronic discovery. Communication between HIM, IT, and legal should be conducted prior to the parties meeting.

26(b)(1)

Early attention to electronic discovery, required disclosures, relevance of information produced

Limits the scope of party-controlled discovery matters “relevant to the claim or defense of any party,” allowing discovery into “the subject matter involved in the action.” The content of the medical record will be an extremely important factor in e-discovery.

HIM and IT must work carefully with legal and have communication channels established ahead of time. HIM professionals must know the specific documents being requested and their relevance to the claim. Take, for example, a party with a cause of action related to a broken arm in the ER. Records relating to an earlier OB delivery probably will not be relevant, despite a request that specifies “any/all records.”

26(b)(2)

Information that is not reasonably accessible

Provides that a responding party need not provide electronically stored information that is inaccessible because of undue burden of cost. The responding party has the burden to show that the sources are not reasonably accessible. Even when such showing is made, a court can still order discovery of those materials for good cause shown and could specify conditions for that discovery, including a reallocation of the costs of the discovery.

“Reasonable” accessibility will be more of an issue for IT professionals and HIM professionals practicing in IT. Organizations will need to establish mechanisms to determine the true costs and burdens for producing data that they determine “not reasonably accessible.” HIM and attorneys never want to be in a position of not knowing what is reasonably accessible. Organizations must be proactive and identify ahead of time what information is available and how it will be accessed.

26(b)(2)(C)

Information that is not reasonably accessible, balancing the costs and potential benefits of discovery

Sets up factors for the judge to consider. Provides whether the responding party is required to search and produce information not reasonably accessible depending on whether the costs and burdens are justified

HIM professionals may need to be apprised of whether a court order was issued requiring the organization to produce information not reasonably accessible in response to rule 26(b)(2)(C). HIM and IT may need to assist in preparing a summary evaluation supporting legal counsel’s definition of “reasonably accessible.” HIM and IT should already know what is relevant and what is not, and what is burdensome to produce and what is not. An organization must determine the costs of producing and the privacy concerns ahead of time.

26(b)(5)

Procedure for assertion of claims of privilege and work-product protection after inadvertent production

Established to present to the court claims that parties inadvertently produced information protected by attorney-client privilege or work-product doctrine. It provides that if a party discovers information inadvertently produced, protected, or privileged as work product, it must notify the receiving party and set forth in writing the basis by which the party believes the information is privileged.

This may become an issue for legal, risk management, HIM, or IT professionals if they produce electronic health records that are not requested or relevant to the request (e.g., inadvertent production of electronically stored incident reports or peer review records). Also, provisions should be made regarding the inadvertent production of HIV, mental health, and substance abuse records.

26(f)

Early attention - discussion between parties, preserving discoverable information

Directs parties to discuss “any issues relating to preserving discoverable information”

HIM and IT professionals may need to be made aware of issues related to discovery of electronically stored information.

26(f)(3) and Form 35

Early attention - discussion between parties, issues relating to disclosure, discovery of electronically stored information, and forms of document production

Directs parties to discuss “any issues relating to disclosure or discovery of electronically stored information, including the form or forms in which it should be produced.” Form 35 enables the parties to report to the court their proposed discovery plan and their proposals for disclosure or discovery of electronically stored information.

HIM professionals will need to be apprised of Form 35 and the parties’ proposed discovery plan. HIM professionals will be responsible for producing those electronic documents agreed upon between the parties. Issues such as the formats in which the data are to be produced, how much, and what is relevant will need to be provided to HIM.

26(f)(4)

Early attention - discussion between parties, issues relating to privilege and work-product production

Provides for parties to ameliorate costs and delays of document production created by steps necessary to avoid waiving privilege or work-product production during discovery through agreements that allow for the assertion of privilege or work-product production after documents of electronically stored information are produced

Organizations will need to establish specific policies and procedures outlining examples of what privileged and protected work products include. Legal, IT, and senior management will need to establish mechanisms to determine exact costs and burdens of producing electronically stored information. The policy should include provisions outlining how an organization will respond to requests for records subject to added protections such as HIV, mental health, and substance abuse records.

33

Interrogatories to parties

Provides for the procedure and process in which answers to interrogatories are provided and covers both business records and electronically stored information

HIM and IT professionals may be required to attest to authenticity of electronically stored information produced in answer to an interrogatory. HIM professionals must therefore be deeply familiar with the operations of the EHR system, particularly the vital legal functionality.

33(d)

Interrogatories to parties, option to produce business records

Allows responding party to respond to an interrogatory by providing electronically stored information

When HIM professionals provide answers to interrogatories by providing electronic documents, they are responsible for ensuring information can be located and identified by the interrogating party. They must also give the interrogating party a “reasonable opportunity to examine, audit or inspect” the information.

34

Production of documents, electronically stored information, and things and entry upon land for inspection and other purposes

Provides for discovery of the electronic health record and recognizes that on occasion the opportunity to perform testing of documents and electronically stored information

Discovery of electronically stored information will require new collaborative processes between HIM and other professionals (e.g., IT, legal) within the organization.

34(a)

Discovery of electronically stored information (stands on equal footing with discovery of paper documents)

Provides that electronically stored documents are equally as discoverable as paper documents and are normally required to be produced unless the request clearly indicates the party is seeking only traditional documents

HIM professionals working in organizations with both paper and electronic records need to be aware of this rule and ensure polices and procedures are in place to access and produce electronically stored health records in response to a legal request (including a legal hold, preservation order, and subpoena). HIM professionals should implement EHR management processes that include periodic review of existing policies and procedures and technical capabilities in support of the discovery process.

34(b)

Production of documents, forms in which documents are to be produced

Provides that a party must produce documents that are kept in the usual course of business or must organize and label them to correspond with the categories in the discovery request. The production of electronically stored information is subject to comparable requirements to protect against inadvertent or deliberate production that raise unnecessary obstacles for the requesting party.

HIM and IT professionals need to be aware of requesting parties’ requirements relative to document production. HIM and IT will need to establish organizational policies and procedures for retention, storage, and production of data, including native file format and metadata maintenance. Information that is retained for business reasons must include a plan for how it will be disclosed (in a reasonable format). If information is not needed for business purposes it should not be retained.

37

Failure to make disclosures in discovery, sanctions

Describes if, why, and what sanctions an organization will be subject to if it fails to produce agreed-upon documents

Organizations as well as HIM and IT professionals must be aware of Federal Rules of Civil Procedure regarding sanctions for inability to produce (absent good faith activities) electronically stored information.

37(f)

Sanctions and safe harbors for certain types of loss of electronically stored information

Provides that absent exceptional circumstances, a court may not impose sanctions for failure to provide electronically stored information lost as a result of the routine good faith operation of an electronic system. Good faith may require that a party impose a litigation hold, that it complies with agreements it reaches between parties on preservation, and that it complies with any court orders entered addressing preservation.

Organizations with the input of legal counsel and HIM and IT professionals must establish policies and procedures regarding retention and destruction of electronically stored information, including metadata. Additionally, HIM professionals need to be aware of new requirements that will be placed upon them such as legal holds and preservation obligations. Procedures will need to be established defining who will be the designated recipient of a legal hold notice and who is notified. The efficacy of the HIM program will be an issue for the judge to consider. The better the HIM systems, the better protection for the organization. Include e-discovery in periodic compliance reviews and activities to ensure ongoing monitoring and evaluation.

Key HIM Issues

The table identifies a number of relevant HIM issues. This section highlights key concepts and further explores the impact on disclosure processes, retention and destruction, spoliation, and business continuity planning. Although not specifically highlighed, it is important to remember the importance of security practices in maintaining the integrity and value of the health information for evidentiary purposes.

Discovery and Disclosure

Discovery is the pretrial phase of the legal process designed to compel the exchange of information between parties. HIM professionals are most familiar with discovery in the form of a subpoena and deposition, but under the new federal civil procedures organizations will need to establish processes to address pretrial conferences and the agreements reached between the parties for the preservation, disclosure, and format of information.

Any information relevant to the case that the organization possesses, whether in paper or electronic format, will potentially be subject to discovery. If discovery of electronic information is necessary it should be identified early in the litigation process. HIM professionals must be familiar with the formally defined records since they help establish relevancy to the litigation (e.g., legal medical record, business record, designated record setsee the definitions below). They must also be familiar with the location and types of health information stored within the various source systems and databases. Recent court decisions have established precedence where discovery orders can require the production of documents in native file format, including metadata, a rich source of information about the content, context, location, and other characteristics of data.

Because technology now allows us to create and store a vast magnitude of information in a variety of formats, more information may be provided now than was customary prior to the e-discovery rules. However, requests for “any and all records” will be difficult to respond to and should result in a request to limit the scope based on relevance to the legal claim. Depending on the circumstances, requests for electronic discovery in addition to the legal health record may present a substantial challenge for organizations as they prepare to provide access to electronically stored information.

Records Definitions

The legal health record is a formally defined legal business record for a healthcare organization. It includes documentation of healthcare services provided to an individual in any aspect of healthcare delivery by a healthcare provider organization.1,2 The health record is individually identifiable data in any medium, collected and directly used in documenting healthcare or health status. The term also includes records of care in any health-related setting used by healthcare professionals while providing patient care services, reviewing patient data, or documenting observations, actions, or instructions.3

A business record is a recording/record made or received in conjunction with a business purpose and preserved as evidence or because the information has value. Because this information is created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business, it must consistently deliver a full and accurate record with no gaps or additions.

HIPAA calls for healthcare organizations to define what information would be included as their designated record set. According to the privacy rule (section 164.501), a designated record set is "a group of records maintained by or for a covered entity that is: 1) the medical and billing records about individuals maintained by or for a covered healthcare provider; 2) the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or 3) information used in whole or in part by or for the covered entity to make decisions about individuals."4

Notes

Retention and Destruction

The principles of retention and destruction are critical to e-discovery. Organizations must know where all of their information is housed and establish routine practices for retention and destruction. Information management plans can provide a useful baseline, but HIM must also work with IT and other departments to identify where relevant information may be hidden, such as old back-up tapes, instant messages, voice mail, word processing drafts, and shadow records. It is important to identify when the information’s useful life is over, resulting in data destruction. This is particularly important for information outside of the legal health record that is governed by retention guidelines.

The new rule under the Federal Rules of Civil Procedure provides a safe harbor for organizations that cannot provide information because it was destroyed as a result of routine practices. Sanctions may be imposed for improper destruction. HIM in collaboration with IT must create policies and procedures for retention and destruction of electronic records, which may include native file format for the legal health record, metadata, e-mail, audit trails, and business records. Any vendors and contractors possessing organizational records must be aware of the discovery rules and have the ability to administer their principles. At the time of replacement or upgrade of an information system, the information’s accessibility, retention, and destruction must be considered. In determining retention and destruction practices, the organization will need to balance legal requirements, costs, and reasonableness.

Legal Hold (Preservation Order)

A legal hold (also known as a litigation hold) in e-discovery is the same concept as that applied to a paper-based medical record. It is generally issued by the court as a result of current or anticipated litigation, audit, government investigation, or other such matters if the court believes that relevant information could be destroyed. A legal hold or preservation order suspends the normal disposition, including destruction or processing, of paper and electronic records. Organizations must establish policies and procedures that provide for the suspension of normal retention and destruction of data and information upon receipt of such communication.

When developing policies and procedures it is important to realize that a legal hold or preservation order can occur at any time in the legal process. Therefore, when litigation is threatened or internally identified through risk management, steps must be taken immediately to suspend destruction of records relevant to the potential claim.

A policy should identify who has the authority to suspend destruction, who is responsible for communicating the legal hold or preservation order requirements, who is responsible for implementing the legal hold, and who has the authority to determine when the need for a legal hold no longer exists. An organization’s procedures for suspension should be adapted to the circumstances of the litigation, investigation, audit, or other matters.

Spoliation

Spoliation is the intentional destruction, mutilation, alteration, or concealment of evidence. An organization’s legal health records must be reasonably protected from spoliation in any form. Although the e-discovery rule provides some legal shelter, the burden rests on the organization to show that information lost was a result of a good faith operation of the electronic system (i.e., proof retention and destruction policies and documented business procedures). Equally important are the interventions that were implemented to preserve information once a legal hold or preservation order was in place. Even if the party does not have direct control over the computer system, such as a system operated by another vendor, the obligation still exists to preserve or retrieve as much information as possible. A strong definition for a legal health record and sound record retention, destruction, and legal hold processes can help an organization avoid sanctions for spoliation; however, they may not completely absolve an institution. A judge may decide to impose sanctions or require the organization to reconstruct the information even if it has been destroyed.

Disaster Recovery, Business Continuity

Disaster recovery and business continuity planning go hand in hand with records retention and management. Plans must include two key goals. First is the preservation of patient records in the event of a disaster. Second is the return of the healthcare facility to normal operations as quickly as possible with minimal impact on business functions. Thorough planning for disasters such as fire, terrorism, or any host of natural disasters focuses on prevention of loss, restoration of access to electronic records, and resumption of business process. Legal health records must be reasonably protected against spoliation in any form.

Legal health records in electronic media shall be made accessible, according to established policy, for resumption of normal business including legal discovery within specified reasonable timeframes. An effective disaster recovery or business continuity plan will ensure that the facility has taken the proper steps to minimize delays and return the organization to routine operational capacity. Back-up processes are important to getting an organization up and running after a disaster; however, retaining old back-up tapes can also be a legal liability. Retention and destruction plans must address destruction of back-up tapes once their useful life is over.

Tips for Implementing the e-Discovery Rule

Furnishing evidence related to e-discovery in legal proceedings presents new challenges to organizations that are accustomed to providing evidence based solely on paper records. HIM professionals must play a key role in helping their organizations recognize the different requirements and implement key policies and new business practices. Establishing procedures prior to a lawsuit enables an organization to respond in an appropriate and cost-effective manner.

Getting StartedPreparing to Take a Lead Role

HIM professionals are expected to assume a lead role in preparing their organizations to respond to requests for information of electronic records for the legal discovery process. Before beginning the process of writing new or updating existing policies and procedures, HIM professionals must be familiar with the issues related to electronic discovery. At a minimum, HIM professionals should:

Building Support

After reviewing the rules and requirements HIM professionals will recognize the need for new procedures. Inform and educate management of the issues and the risks the organization will face if it fails to take steps to prepare. Because these policies and procedures will affect the entire organization, it is essential that senior management is fully committed and allocates resources to prepare the organization to respond to e-discovery requests. It may be helpful to enlist the aid of the organization’s legal counsel and risk manager to inform senior management of the need to prepare and to obtain a commitment for a project to revise the policies and procedures.

Developing Policies and Procedures

Once you possess an understanding of the requirements and have obtained management support, the following guidelines will be helpful in developing or revising procedures to provide evidence related to discovery in legal proceedings.

Establish a formal project or task to create or review the organization’s procedures for providing evidence related to discovery in legal proceedings. The project should be recognized by the organization’s management as an effort that will require resources, has a procedure document as a deliverable, and has an estimated completion date. Select project team members with the following roles or expertise:

Initially, a large group may be needed to evaluate and develop new procedures. Only a few key people (i.e., legal and HIM) should have responsibility for overseeing e-discovery processes on an ongoing basis.

Prepare an education session for the team covering the Federal Rules of Civil Procedure with respect to electronic discovery and the results of your research of state laws and AHIMA resources.

Locate existing policies and procedures for the definition of the legal health record, retention, destruction, and electronic records management. Review existing policies and procedures for adequacy and identify gaps and issues that should be addressed in the new or revised policies and procedures.

Locate any existing procedures for providing material in response to a subpoena, court order, or request from an attorney. Review existing procedures for adequacy and identify gaps and issues that should be addressed in the new or revised policies and procedures. Develop procedures to cover three primary situations:

Prepare drafts of the policies and procedures for review by the team, senior management, and legal counsel. Revise the drafts based on comments and submit for further review as needed until senior management approves the procedures. Before rolling out the changes to the organization, purchase and install any additional software or equipment needed to implement the policies and procedures.

Develop a comprehensive communication and education program to inform all members of your organization about the existence of the procedures and their responsibilities with respect to electronic discovery. Publish the approved policies and procedures.

The Time for Demonstration, Collaboration

Implementation of the amendments to the Federal Rules of Civil Procedure presents new opportunities and challenges for all involved in the management of electronic information. The legal process surrounding electronic storage, maintenance, and production will change dramatically. Legal concepts such as legal holds and spoliation will present new demands upon healthcare organizations.

Now more than ever, HIM professionals are being called upon to ensure a systemized approach to electronic record management that conforms to state and federal legal requirements. HIM professionals must demonstrate their knowledge and work collaboratively with legal, IT, and senior management to develop policies, procedures, and appropriate mechanisms that guarantee not only data integrity, but also compliance with state and federal mandates.

Note

References

AHIMA e-HIM Work Group on Defining the Legal Health Record. “The Legal Process and Electronic Health Records.” Journal of AHIMA 76, no. 9 (2005): 96AD.

AHIMA e-HIM Work Group on Maintaining the Legal EHR. “Update: Maintaining a Legally Sound Health RecordPaper and Electronic.” Journal of AHIMA 76, no. 10 (2005): 64AL.

AHIMA Work Group on Electronic Health Records Management. “The Strategic Importance of Electronic Health Records Management. Appendix A: Issues in Electronic Health Records Management.” 2004. Available online in the FORE Library: HIM Body of Knowledge, www.ahima.org.

Black’s Law Dictionary (8th ed. 2004). See Hannah v. Heeter, 213 W.Va. 704,
584 S.E.2d 560 (W.Va. 2003).

Kohn, Deborah. “When the Writ Hits the Fan.” Journal of AHIMA 75, no. 8
(2004): 4044.

Patzakis, John. “How the New Federal Rules Will Likely Change eDiscovery
Practice.” The Metropolitan Corporate Counsel. June 2006.

The Sedona Conference Working Group Series. “Best Practices for the Selection
of E-Discovery Vendors.” July 2005.

The Sedona Conference Working Group Series. “The Sedona Conference Glossary for E-Discovery of Digital Information Management.” May 2005.

The Sedona Conference Working Group Series. “The Sedona Guidelines for
Managing Information and Records in the Electronic Age.” September 2005.

The Sedona Conference Working Group Series. “The Sedona Principles Addressing Electronic Document Production.” July 2005.

Tomes, Jonathan P. “Spoliation of Medical Evidence.” Journal of AHIMA 76, no.
9 (2005): 6872.

University of Sydney. “Records Management Services.” Available online at
www.usyd.edu.au/arms/rms/body.htm.

Withers, Kenneth, J. Esquire Federal Judicial Center and Sedona Conference Observer, MER Conference, Chicago, IL May 24, 2006.

Coming Next Issue
The roles of HIM professionals will clearly change with the implementation of the e-discovery amendments. A discussion of the coming changes, and a further description of the structure and content of the Federal Rule of Civil Procedure, will be featured in the October issue of the Journal.

Acknowledgments

AHIMA’s e-Discovery e-HIM Work Group:
Brian Anderson, RHIA
Ashley Austin, RHIT
Linda Baker, RHIT
Kim Baldwin-Stried (Reich), MBA, MJ, RHIA, CPHQ
Carrie Bauman, MSA, PMC
Jill Burrington-Brown, MS, RHIA, FAHIMA
Stacy Carlson, RHIT
Debbie Case, RHIT
Beth Danielczyk, MHA, RHIA
Michelle Dougherty, RHIA, CHP
Nate Dudley, JD
Carrie Dugic, RHIA
Bev Fincher
Elisa Gorton, MA, RHIA
Chrisann Lemery, MS, RHIA
Susan Lucci, CMT, RHIT, FAAMT
Stephanie McKay, MBA, RHIA
Dale Miller, CHP
Keith Olenik, MA, RHIA, CHP
Monica Baggio Tormey, RHIA, CHP
Patricia Trites, MPA, CHBC, CPC, EMS, CHCC, CHCO, CHP
Kathy Westhafer, RHIA, CPS

Article citation:
AHIMA e-HIM Work Group on e-Discovery. "New Electronic Discovery Civil Rule." Journal of AHIMA 77, no.8 (September 2006): 68A-H.

Copyright ©2006 American Health Information Management Association. All rights reserved. All contents, including images and graphics, on this Web site are copyrighted by AHIMA unless otherwise noted. You must obtain permission to reproduce any information, graphics, or images from this site. You do not need to obtain permission to cite, reference, or briefly quote this material as long as proper citation of the source of the information is made. Please contact Publications at permissions@ahima.org to obtain permission. Please include the title and URL of the content you wish to reprint in your request.