Electronic medical records (EMRs) are widely used by physician practices and healthcare organizations. While there are many benefits to EMRs there are also issues that healthcare providers should be aware of—particularly when it comes to medical malpractice litigation. Problems emerge when healthcare providers don’t understand the implications of their actions, like accessing and changing patient records.

Case in Point

Consider the following example (based on an actual case):

A claim was filed against a physician working in a hospital-based office whose records were largely electronic. A patient had recently died from a heart attack and the patient’s estate filed suit, claiming that the physician negligently ignored the signs and symptoms of cardiac disease. In their opinion, the patient’s death could have been prevented if the physician had acted upon those observations. 

Experts in internal medicine, family practice medicine, and cardiology were retained on behalf of the physician; all were supportive of the care and treatment provided to the patient. The experts testified that none of the complaints, diagnostic test results, or symptoms experienced by the patient over the years had required a referral to a cardiologist or any additional testing.

Normally, this level of expert support would result in a solid case for the defense. However, the physician’s note regarding the patient’s last office visit was very detailed, including specifics regarding family history, diet, and exercise habits — unusually thorough for a patient with no evident health issues. At the deposition, the physician was asked if the note had been edited after the patient’s death. The physician unequivocally denied doing so, which was consistent with what he communicated to his defense team.

Still suspicious about the level of detail in the note, the plaintiff attorney hired an information technology expert to conduct a forensic audit of the electronic medical record. The audit established that the physician did add a great deal of detail to his last note after the patient’s death and did not mark it as a late entry or an addendum. Information about how, when, and by whom, medical data is collected, accessed, and stored is known as metadata; it is frequently requested by plaintiff’s counsel in malpractice cases.

In this case, the physician’s credibility was damaged, not just on the question of what was discussed with the patient during the last office visit, but also on every other aspect of testimony that would have been provided. What the physician had added to the record did very little to strengthen his case, but by changing the record and providing false information to the defense team, he seriously damaged the defense’s case. Ultimately, the case was settled for a significant amount of money. It is important to also point out that a physician in this situation may face sanctioning from the relevant Board of Medicine and possibly an accusation of perjury. 

Understanding the Landscape

For a host of reasons, healthcare providers must always be honest when discussing the facts of a case, even if the testimony poses a challenge to the defense.

It is essential that everyone working with electronic medical records understands that the record is under 24-hour-a-day surveillance. According to an article published by Professional Liability Advocate, “The metadata … compiled into an audit trail … shows the date, time, and user who accessed a patient’s chart. It even shows whether the user created or added to an existing record.” If an electronic medical record is altered or amended without indicating that the changes are a late entry, the plaintiff’s attorney will find out. As seen in the example above, this results in negative outcomes for both the case’s defense and the healthcare provider’s reputation.

Recommendations for Making Changes to Medical Records

What can you do to appropriately protect yourself and your organization with respect to patient records? We recommend the following practices:
  • Resist the urge to review your documentation when there is no legitimate reason to do so. Even the simple viewing of EMRs without adding or subtracting anything from the record can be problematic. Such viewings can be discovered during an audit and can open the door for a plaintiff’s attorney to suggest possible record tampering, even if that was not your intention.
  • Specify the reason for any changes made to a record, from addenda to late entries. In paper records, date, time, and initial the late entry. For EMRs, work with your organization’s risk manager, administration, and the software vendor to determine the method that works best in your EMR.
  • Refrain from accessing the EMR until you speak to your professional liability insurer if you are sued or a claim is brought against you. If an attorney is retained on your behalf, he or she can and should obtain the records for you.

When a situation with a patient becomes a legal issue, it’s important to understand that there are two records that will be considered: the patient’s actual medical records and the digital artifacts represented by the metadata — in other words, the record of how the patient’s information was kept, stored, and changed over time. Your commitment to maintaining thorough, timely records that are meticulously maintained and updated will help protect you and your organization should legal issues arise.

No legal or medical advice intended. This post includes general risk management guidelines. Such materials are for informational purposes only and may not reflect the most current legal or medical developments. These informational materials are not intended, and must not be taken, as legal or medical advice on any particular set of facts or circumstances.