2019 American Society for Health Care Risk Management (ASHRM) Conference, Part 1

When healthcare organizations need to respond to discovery requests for electronic medical records (EMRs) in medical negligence lawsuits, audit trail records of electronically stored information are often included in the request for production, according to Matthew Keris, Esq., an attorney at Marshall Dennehey Warner Coleman & Goggin. Speaking October 14 at the American Society for Health Care Risk Management (ASHRM) 2019 conference in Baltimore, Keris noted that "sometimes that audit trail is receiving more scrutiny than the medicine." Copanelist Erin Rowan Myers, JD, senior claims consultant at The Risk Authority, commented that "unfortunately, it is not uncommon for staff to spend more time on reviewing audit trails than the EMR." Keris added that based on a growing body of case law, it is "game over" regarding attempting to fight production of the audit trail; organizations must be prepared to access and produce audit trail information. One challenge in producing electronically stored information occurs when documentation of the care provided is housed within an obsolete EMR system, making the information inaccessible. An argument over who is responsible (the hospital or the vendor) then becomes a primary issue in defending the lawsuit. Another important task is authenticating the audit trail. Keris recommends that organizations consider having an information technology (IT) specialist—not a physician—authenticate the audit trail, because IT professionals possess the skills necessary to answer specific questions about how the trail is created. Finally, when the scope of the record request includes information from old, outdated computer systems, organizations should be prepared to provide the court with an affidavit from IT on the difficulty or impossibility of accessing the historical data on machines or software to which the organization no longer has access.

A mass shooting is defined as a gun-related event in which four or more people are killed. The majority of mass shootings take place east of the Mississippi and along the west coast, according to Rodney K. Adams, Esq., visiting professor at the University of Richmond Law School, speaking October 14 at the American Society for Health Care Risk Management (ASHRM) 2019 conference in Baltimore. Referring to a map published in USA Today, Adams noted that 255 mass shooting events occurred in the United States in the first seven months of 2019. Adams reviewed federal, state, and professional standards regarding reporting concerns that someone is planning on harming others. He noted that HIPAA (the Health Insurance Portability and Accountability Act) is a permissive statute. While HIPAA does not require disclosure, it does permitdisclosure of protected health information when "it is necessary to prevent or lessen a serious or imminent threat to the health or safety of a person or the public, and the disclosure is made to a person who has a reasonable chance to prevent the violence (e.g., target, police, significant other, parent)." Other federal laws permit but limit disclosure of protected health information when someone makes a threat against an individual or against the public. State laws vary between a mandatory duty to warn, a permissive duty to warn, and no duty to warn. The landmark case Tarasoff v. Regents of the University of California (1976) established that clinicians, including mental health professionals, have a "duty to protect," including notifying a potential victim and the police if a patient makes a credible threat of violence. A case in Washington State in 2016 (Volk v. DeMeerleer) expanded the obligations of providers to warn when violence against the victim is foreseeable. Organizations should consult legal counsel to clarify provider...