August 4, 2008

eDiscovery Advice: Get Your Records Network in Order
By Joe Fournier
For The Record
Vol. 20 No. 16 P. 10

By establishing procedures, offering training, and implementing technology solutions, HIM and IT departments can better manage their ever-growing amount of discoverable electronic data.

You may not be a lawyer, but understanding the changing face of civil litigation rules concerning electronic information should be important if you have any responsibility for the process of storing and managing electronic records in your organization. HIM professionals and IT staff are increasingly finding themselves called on to play a role in responding to information requests that cross their desks as part of the discovery phase of lawsuits.

Because of recent changes to the rules and the ways those rules are being interpreted and enforced, now is a good time to get familiar with “eDiscovery” requirements and take a hard look at internal processes, technologies, and training to ensure your house is in order when the lawyers come knocking.

Electronic Information and Civil Procedure
Congress has established the Federal Rules of Civil Procedure, a set of edicts for courts and attorneys to follow in civil cases. Enforced in federal courts, the Federal Rules are generally followed in the state courts, with some exceptions. They cover all phases of trial, including discovery, which is a pretrial phase where both sides request information from each other and respond to those requests with information or objections.

Electronic data have long been subject to discovery during litigation under state and federal law or pursuant to court rules. However, the new Federal Rules updated at the end of 2006 set forth more specific guidance about how to address electronically stored data. As HIM departments continue to transition to electronic filing and storage systems and full electronic health records (EHRs), the universe of discoverable electronic data in healthcare organizations is growing rapidly. Now more than ever, HIM and IT departments need to work closely with legal counsel to determine best practices and investigate new legal EHR technology solutions, if necessary, to ensure efficient compliance with those practices.

When considering how to best prepare for legal requests for electronic information, your goals should generally be to establish procedures, training, and technology solutions to ensure that the following occurs:

• You have enough control over electronic data to provide all that you need for the litigation process as easily as possible.

• You have a clear understanding of what data you cannot provide and develop strategies to manage the discovery process appropriately.

Understanding Your Organization’s Risk
In the legal world, precedent is one of the best indicators of how the court will implement specific rules. Two leading cases exemplify the risks of inadequate records control and the dangers of an adverse jury instruction: Zubulake v UBS Warburg, LLC, 229 FRD 422; and Coleman Holdings, Inc v Morgan Stanley & Co, Inc, 2005 WL 679071 (Fla Cir Ct, 2005).

Zubulake involved a typical employee discrimination claim, alleging gender discrimination and retaliation. The defendant produced approximately 100 pages of e-mails pursuant to the plaintiff’s request for production of all relevant documents but failed to search its backup tapes for e-mails that may have been deleted or stored elsewhere. Since the plaintiff had saved more than 400 e-mails herself, she knew the defendant did not produce everything it had.

Ultimately, the court found that the defendant had deleted e-mails, lost backup tapes, and failed to diligently and thoroughly produce all its relevant files. The court penalized the defendant by allowing an adverse inference instruction to the jury (see sidebar), which permitted the jury to infer that the hidden evidence contained information adverse to the defendant’s case. In the end, the plaintiff was awarded more than $29 million in damages.

The Morgan Stanley case involved an alleged fraud connected with the sale of company stock in which the defendant was accused of being part of the fraudulent scheme. The defendant was ordered to search its backup tapes for relevant e-mails. Although it produced more than 1,000 pages of e-mails and certified compliance with the order, the defendant failed to reveal the discovery of more than 1,000 backup tapes until later in the proceedings. The court ultimately found that this failure was a willful abuse of its discovery obligations and resulted in the court giving an adverse inference instruction to the jury, which returned a $1.5 billion verdict for the plaintiff and fined the defendant an additional $15 million.

These cases demonstrate the following important items to keep in mind about eDiscovery:

• “Lost” data are a big problem. You need to know exactly what data you have or don’t have and be able to clearly document that for the court.

• Producing a lot of relevant data is no defense against not producing all relevant data.

• Intentionally destroyed data need a clear record of when and why they were deleted (ie, pursuant to a well-established records management policy) that makes it clear it was not done to abuse the discovery process.

• Adverse jury instructions are devastating and can lead to massive damage awards.

Understanding the New Federal Rules

Protected Information
It is important to note that the new rules do not override HIPAA, state-enacted privacy protections, or the attorney-client privilege. Accordingly, you need to be careful not to violate privacy laws or the attorney-client privilege when producing electronic data. If you do inadvertently produce protected information in the course of litigation, the law does provide mechanisms to have the information returned or destroyed, but it is safer to avoid this potential misstep by having a good process for identifying and exempting protected data.

The Planning Conference
Under Rule 26(f), “the parties must confer as soon as practicable” to discuss a variety of matters, including electronic data issues such as storage format, data accessibility, and the parties’ preservation and disposal policies. During this planning phase, it is important to set the stage for potential discovery disputes by educating the court and the opposing party about computer systems and retention policies. This is a relatively new area of the law and, as such, there are relatively few experts in the legal community. Accordingly, it is good practice at this stage for HIM to work closely with IT, legal counsel, and senior management to ensure that the parties’ respective counsels and the court know up front what can and cannot be accessed and why.

Tip: If you anticipate discovery disputes, address them early. If you suspect the opposing party will request certain information that you either cannot produce or that you will want to produce in a different format, consider summarizing the discrepancies up front (ie, prepare a gap analysis). Show it to your opponent and, if they do not agree to accept your answers or the alternate format, it is reasonable to get the court involved immediately.

Production Format
Under Rule 34(b), the requesting party may specify the forms in which it would like to see electronic data produced. The responding party may object, but it must specify why the format is objectionable and the forms in which it intends to produce the electronic data. Generally, electronic data should be produced in the form in which they are “ordinarily maintained” or are otherwise “reasonably usable” to the opposing party. For example, producing an Excel file in a PDF format is generally acceptable, but the opposing party may have grounds to object if there is a need to sort the data or to view certain metadata.

Tip: Here again, formal document retention policies and the right medical record technology are critical. Ensure that HIM, IT, and legal work closely together to discuss retention policies, which documents are covered and why, and the format in which documents are maintained and can be produced.

Not Reasonably Accessible
Under Rule 26(b)(2)(B), the responding party need not produce information that is not “reasonably accessible” but also bears the burden of showing that the information is not accessible because, for example, it is too difficult to find or too expensive to retrieve.

Whether data are reasonably accessible may depend on the answers to the following questions:

• Where are electronic data stored?

• Are they on site or off site?

• Were the data deleted?

• Were they deleted pursuant to a formal document retention policy?

• Do the data reside on an older computer, medical record, or accounting system?

• Do they reside on a legacy system that is obsolete?

• Do the data or the underlying tables on which the data reside need to be rebuilt?

• Are the data maintained solely for disaster recovery purposes?

The court will typically balance the responding party’s burden and expense vs. the relevance of the data being sought and/or whether the requesting party can get relevant information in an alternate manner.

Tip: If you know you cannot access certain native data but are comfortable that you can provide a usable summary of such data, consider making that clear early in the litigation process. If a party can produce inaccessible data in an alternate format, it may save significant expense and, more importantly, avoid the court’s disfavor.

Safe Harbor
Rule 37 provides for the imposition of sanctions on parties that fail to produce certain documents. Rule 37(f) contains a “safe harbor” pursuant to which sanctions will not be imposed if electronic data are destroyed as part of the good faith operation of an electronic record management system, absent exceptional circumstances. This rule further reinforces the importance of implementing and adhering to a retention and disposal program.

Even just a few years ago, there was reasonable disagreement about whether companies needed a formal document retention and disposal plan. However, given the evolution of the law and the Federal Rules, this issue has been put to rest. It is now essential to have an established document retention plan that is rigorously enforced.

Tip: Implementing a document retention plan is critical but, to show good faith, consider instituting a litigation hold for pending or reasonably foreseeable litigation to ensure that no disposal of relevant data occurs.

Why the New Rules are Necessary
Electronic data are dynamic and mutable. They may be in multiple places at one time, such as a local user’s computer, the supervisor’s computer to which it was e-mailed, and the company server to which it was backed up. Think of this in the medical record context. Rather than a paper record that may be stored off site, in clinical use, or otherwise inaccessible, the evolution of EHRs and the associated electronic workflows allow multiple users to access and use medical records at one time such that the records, or at least the information contained within the records, can be retrieved more quickly when necessary.

The newly defined rules for electronic data may help reduce the costs of discovery by allowing, and in some instances requiring, electronic rather than paper data exchange. The parties should have lower copying, mailing, and storage costs. Additionally, electronic data are typically easier to review, organize, and manage than paper files. For example, a spreadsheet that contains tens of thousands of lines of data is instantaneously sortable in a variety of ways. However, the same data in a paper format are unsortable and may fill multiple boxes.

With the new rules, the days of lawyers playing dirty tricks by sending mounds of paper files should be history if organizations adopt record management systems that can generate required data in appropriate formats. Today’s systems are designed specifically for the purpose of generating a “legal EHR” that contains all of the relevant, nonprotected information typically required in litigation in a format suitable for legal review.

eDiscovery Action Plan
The following are specific actions your organization should consider to be properly prepared for eDiscovery:

• Establish a response team to be assembled for each litigation event. The team should at a minimum consist of representative(s) from the relevant business departments associated with the suit (eg, the HIM director), a company executive who is knowledgeable about both the relevant business department and the company’s electronic data, IT personnel who understand the electronic data retention and disposal policies, and inside and/or outside legal counsel. Generally speaking, inside counsel will be less expensive and have more knowledge about the interplay of the underlying business and electronic data issues. Outside counsel may better protect the attorney-client privilege and may lend the appearance of additional credibility and objectivity to the court.

• Identify the scope of available electronic data (their content and location). Determine which electronic data may not be reasonably accessible due to financial costs or other burdens and document why they cannot be accessed.

• Identify which data may be protected from discovery and develop processes to prevent potentially inadvertent disclosures. For example, deploy systems with legal EHR functionality that separate private health information from regular business files to avoid inadvertent disclosures.

• Institute well-documented, enforceable document retention policies.

• Establish consistent policies and procedures for discoverable e-mail and teach employees to treat e-mail communications like other business records.

• Train staff thoroughly on all relevant policies and document all training.

• Develop a litigation hold process that can be evoked as soon as litigation is commenced or becomes reasonably foreseeable. The company has a duty to notify personnel who may have to preserve discoverable information.

— Joe Fournier is vice president of legal affairs and administration at ChartOne, Inc.

Key Terms

Adverse Inference Jury Instruction
This occurs when the court instructs the jury to assume that if a party cannot produce certain information, such information would have been harmful to that party’s case. Generally, this is an insurmountable hurdle to overcome for the party that cannot produce its data and will result in a finding against that party.

Attorney-Client Privilege
A rule of evidence pursuant to which conversations or communications between a party and its counsel for the purposes of obtaining legal advice are generally protected from being put into evidence. The privilege is held by the party (ie, the hospital or company for which you work), not you personally. Accordingly, the hospital or company makes the decision whether to assert or waive this privilege.

Litigation Hold
This is an internal procedure typically put in place when your attorney requests the suspension of scheduled document destruction for materials that may be relevant to pending or reasonably foreseeable litigation. The fact that a relevant document was destroyed pursuant to a standing document retention plan does not protect the organization from negative legal consequences such as adverse jury instructions.

Metadata
These are data that describe other data. For example, if the data are a medical record, the metadata for that data could include information such as the date the document was created, who created it, who edited it, when it was edited, who signed off on it, and how much data are in the file.

— JF