Healthcare disputes arise for many reasons. Healthcare providers challenge payors’ claims policies, practices and actual payments. Health insurance beneficiaries and healthcare providers dispute coverage decisions by payors. Patients file malpractice claims when the end result of a medical procedure doesn’t meet their expectations. Healthcare disputes can lead to litigation which also leads to eDiscovery. Healthcare eDiscovery can be complex and burdensome due to the myriad formats used as well as the data security requirements imposed via federal and state regulatory requirements.
New healthcare information management requirements are changing the way healthcare organizations evolve their enterprise infrastructures as new regulatory requirements direct how information is created, stored, shared, referenced and managed. As new information governance technology is adopted and changes how patient and business records are utilized, healthcare providers as well as healthcare payors and suppliers will have to change and adapt how they respond to eDiscovery.
Healthcare eDiscovery Key Requirements and Recent Developments
The 2006 amendments to the Federal Rules of Civil Procedure (FRCP) established that all forms of ESI are potentially discoverable if not deemed privileged or heresy by the Judge, and apply to all legal actions filed in federal courts on or after December 1, 2006. Under the FRCP, any information potentially relevant to the case, whether in paper or electronic format, is subject to an eDiscovery request. Many states have adopted the federal rules of civil procedure in whole or in part with respect to defining what’s discoverable when it comes to electronic data.
The eDiscovery process for the healthcare industry is the same as for any other industry except that special care has to be taken with patient data. When attorneys do handle protected health information (PHI), they must be aware of state and federal legal ramifications of being exposed to this type of information. Failure to do so could lead to significant fines and damaged reputations stemming from the improper handling of PHI.
Effective Healthcare eDiscovery steps
eDiscovery is a complex process that requires a multidisciplinary approach to successfully implement and manage. Healthcare organizations should consider the following activities to successfully prepare for eDiscovery.
- Establish a litigation response team with a designee from the legal, HIM, and IT departments
- Review, revise, or develop an organizational information management plan
- Identify the data owners or stewards within the organization
- Review, revise, or develop an enterprise records retention policy and schedule
- Audit compliance with the records retention policy and schedule
- Penalize non-compliance with the records retention policy and schedule
- Conduct thorough assessment of the storage locations for all data including back-up media
- Review, revise, or develop organizational policies related to the eDiscovery process
- Establish an organizational program to educate and train/retrain all management and staff on eDiscovery and records retention compliance
The eDiscovery process is equivalent to searching warehouses, waste baskets, file cabinets, home offices, and personal notes to find that “needle in the haystack” that will help prove the other side’s claims. Healthcare organizations are finding it especially difficult to respond to and review the huge amounts of data due to additional healthcare specific data formats and regulatory requirements around patient privacy.
The huge expense of information review during litigation coupled with the high risk of enforcement action by regulatory authorities drives many legal professionals to seek a more proactive, defensible and cost efficient approach.