It’s all e-discovery
Electronic Discovery (“e-discovery”) is the modern version of the traditional pre-trial process of an attorney requesting that the opposing party turn over copies of documents in hopes of finding valuable evidence. The scope of the searches related to e-discovery includes nearly anything electronic, such as personal computers, computer networks, mobile phones and electronic devices. Stories about the search for “smoking gun” documents – usually e-mail – has become a staple of the news media in many industries. The healthcare industry has been surprisingly absent from these news stories, however, with noteworthy cases coming from allied industries: insurance carriers, medical device manufactures and pharmaceuticals. This situation will not last. Healthcare providers and their business associates are especially big targets for e-discovery, and if the last few years of e-discovery cases are any indication, especially vulnerable as well.
Today, all discovery is e-discovery.
Consider that the vast majority of information created in an enterprise (93+ percent) is created first in electronic form, and the majority of that (70+ percent) is never printed. All or nearly all litigation, then, is going to implicate electronic documents, even for sundry matters such as contract disputes.
Consider also that communications systems such as e-mail, voice mail, faxes, and text messages are used contemporaneously with the day-to-day functions of an enterprise, and they too are routinely implicated in e-discovery requests.
For healthcare, the problem is compounded by the drive to digitize patient records. Electronic Health Records are attractive targets for e-discovery because they contain so much potentially useful information, including patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data, and radiology reports. The danger is that the IT systems used to create them are not capturing all of the data needed to give a complete view of the circumstances surrounding patient care because those systems were not designed with e-discovery in mind. This distorted view increases the potential liability to healthcare providers in medical malpractice litigation, perhaps dramatically.
In 2006 the Federal Rules of Civil Procedure (FRCP) were changed to address e-discovery requirements. As a result, healthcare providers now have an implied duty to ensure that their IT systems are amenable to the identification, preservation and collection of EHR and other data. The preservation component alone has proven challenging for enterprises, and undoubtedly it will be so for healthcare providers as well. Other e-discovery compliance challenges for healthcare providers include the following:
Cloud Computing. Cloud computing, the process of moving IT infrastructure out of an enterprise’s local data center and out to third- party contractors, is very popular given the low cost. Cloud Service Providers (CSPs), however, do not necessarily have either the inclination or the capability to help a client extract their data from the CSP’s servers, and healthcare providers will have to devise a contingency plan to address e-discovery requirements if they choose to utilize CSPs.
Mobile Devices and Medical Equipment. Nearly any device that can connect to an electronic network, including cell phones and medical equipment, can contain potentially discoverable data. Some type of accommodation will have to be made to ensure that this data can be captured and extracted for use in litigation, perhaps through the use of computer forensics technology.
Backups and Archiving. In the late 1990’s, when requests for electronic documents were becoming relatively common, producing parties (usually defendants) often had to resort to the costly and time-consuming process of restoring backup tapes in order to comply with e-discovery requests. Today, enterprises are creating document archiving systems specifically designed to address those requests, and healthcare providers that do not already use archiving will most likely need to incorporate them into their larger IT infrastructure.
The most important step that a healthcare provider can take right now is to conduct an assessment of their readiness to comply with e-discovery requests. The assessments are usually performed by third parties, and the end product is a report illustrating the gap between the provider’s existing state of readiness and the state necessary to successfully fulfill e-discovery requests.
Providers can then incorporate the report’s recommendations into IT and personnel budgets as well as create an operations plan to determine roles for those personnel when e-discovery requests take place.
Finally, having a means for collaboration among in-house counsel, legal operations team members, forensic experts and outside counsel is a must. Many of the failures reported in the e-discovery jurisprudence were attributed to poor communication between counsel and experts. As such, a common platform for allowing e-discovery team members inside and outside the provider to collaborate will go a long way toward preventing sanctions by the court and position the provider for the best chance of success in litigation.