Updating digital discovery: It's all on record
■ The shift from storing information on paper to electronic form has prompted major changes in court rules for legal discovery. Doctors must be prepared to meet the digital demand.
Digging up old e-mails and business records from a computer, backup server or PDA isn't likely to be at the top of most doctors' to-do lists. But if they are whisked into a lawsuit, that's exactly what physicians must be prepared to do under new federal rules that address the discovery of electronically stored information.
Physician practices, like other businesses, are going from paper piles to digital files, and courts are catching up, experts say. Gone are the days when parties in a lawsuit could say they deleted e-mails or that electronic data are too difficult to find without facing severe penalties.
As of Dec. 1, 2006, the new Federal Rules of Civil Procedure approved by the U.S. Supreme Court prescribe what to produce, when and how in regard to e-discovery. The rules apply to federal lawsuits, from antitrust cases to employment disputes to physician class actions against HMOs.
Experts say state courts are not far behind, since they typically follow federal guidelines in developing their own rules. This means that eventually the procedures will apply to state actions, such as medical liability cases.
Though e-data were discoverable before, the new rules "create a framework and process for getting or not getting at that data," said Gregory D. Frost, a health information lawyer and partner with Louisiana-based Adams & Reese LLP. "But it can create problems for doctors if they aren't properly managing it."
The discovery process involves wrangling over what documents each side has to provide to each other. Before the rules changed, that typically meant paper records. Attorneys could request electronic information but might end up with a paper printout of an e-mail or PDF. This meant they couldn't search within the document or see the metadata, or background information, such as when it was created or where it was sent.
Also, requests often were "fishing trips" for a broad range of electronic information, which could be costly to produce. Depending on a judge's level of sophistication, a party may not get the information it asked for at all.
"Now, the rules make it clear that all electronically stored data is equally discoverable" and automatically included in a document request, said New York health lawyer Sean P. Dwyer, a partner with Havkins, Rosenfeld, Ritzert & Varriale LLP.
The guidelines require both sides to meet at the start of the litigation process to define the extent of information -- both paper and electronic -- to be exchanged to avoid overbroad and costly requests.
Know what records you have
That means that doctors need to know and be candid about what kinds of records they have -- be it e-mails, voice mails, medical records, billing and reimbursement information, payroll or marketing data, even credit card transactions -- and where they are stored, so that the other side can determine the scope of a request.
"When they think about e-discovery, most physicians only think in terms of health records, but just like anybody else, doctors don't realize how broad-reaching e-mail and [other electronic business records] can be," said Dallas-based lawyer Cynthia M. Stamer, a HIPAA expert with Glast, Phillips & Murray PC.
E-mails are especially important because so much business is conducted over the Internet nowadays, experts warn. The informal communications can pose risks in a lawsuit if doctors are not careful about what they say.
For example, in a peer review action, if a doctor is found writing out of context in an e-mail about a patient complaint or another physician, that communication would be open for disclosure in a lawsuit and could be used to show that the peer review confidentiality law was violated, Stamer said.
In an alleged anti-kickback violation, Frost said, e-mails exchanged between a doctor and a pharmaceutical company about a consulting agreement would be discoverable.
The new rules sometimes might work in physicians' favor. Lawyer Jake Frazier, vice president of marketing for RenewData, a company that assists law firms with e-discovery requests, cited a class-action lawsuit his firm is handling against a health insurer for fraudulent reimbursement practices to doctors. E-mails and backup databases on billing records are open to discovery in the case.
Whether doctors must produce the requested electronic records ultimately is up to the court, experts say. But federal rules draw the line at what is reasonably accessible or inaccessible based on financial costs or other burdens. This gives parties the ability to say no to outlandish requests.
For example, a court might rule that going back five years into business records that are stored on backup tapes because a practice updated its computer system is too expensive and time-consuming for one party, particularly a larger practice, said Stephen D. Whetstone, a lawyer with Stratify, an e-discovery service in Boston.
Failing to preserve information, however, does not get doctors off the hook for not being able to access it. Doctors now have a responsibility to make sure that e-mails or other documents are not selectively destroyed by putting a policy in place that regularly saves records and tags them if litigation arises, Whetstone said.
A "safe harbor" provision added to the rules, however, prevents penalties for information lost accidentally -- due to computer error or system failure, for example -- during routine or good-faith efforts to retain the data in an organized manner.
Punishment and privacy concerns
Failing to comply with the rules can result in harsh penalties. Dwyer explained that a court can make parties pay the opponent's discovery and attorney's fees, prevent them from making certain arguments to a jury with respect to missing evidence, or ultimately dismiss the case.
"If there's no system in place to retain documents and you go to court and say, 'I'm sorry,' that's going to have legal consequences," he said.
The new rules present other disadvantages and some advantages, experts say.
Federal HIPAA privacy protections pose a concern, because inadvertent disclosures can happen, particularly in a voluminous e-discovery request, Stamer said. The federal rules of evidence, which prevent the disclosure of privileged information unrelated to the case at hand, do not trump the privacy protections, she noted.
"You're letting people walk through your personal health information if you don't have a system that divorces [medical records from other business records]," Stamer said.
A procedure added in the rules requires parties to inform each other about accidentally disclosed data, though it is up to a court to decide whether such data can be used in a case.
If doctors aren't careful in observing HIPAA before they disclose private health information, they risk privacy violations, Frost warned.
"If a doctor gets a subpoena for all e-mails regarding patient Jones, HIPAA is very clear you can't dump all your e-mails and say, 'Go find it,' because there may be other patient information in there as well," he explained.
The new e-discovery rules also can add to the cost of a case, experts say, because doctors involved in a lawsuit might have to hire an outside consultant who knows how to sift through electronic data and furnish it in the proper form.
Since the procedures came into play, Frazier said, his firm has been brought in to consult on more legal cases in which parties are battling over what they can access.
"Once you let any party know that there's a pond to fish in, then it's more likely to become an issue of contention," he said.
But Frost said the procedures actually may cut down on litigation, and parties may settle sooner if the mounting expense of going through e-records outweighs settlement options.
John K. Rabiej, chief of the Rules Committee Support Office of the Judicial Conference of the United States, said the rules were seven years in the making and are intended to cut down on e-discovery costs and wrangling over requests. An advisory committee on civil rules developed the procedures because courts were inconsistent in how they dealt with electronic data.
"They were discoverable before, but the problem was either you got too much or not enough of what you were looking for. So in some cases, the burden outweighed the benefit," Rabiej said.
The committee still is waiting for the rules to play out in federal courts to gauge their efficacy, though Rabiej expects state courts to follow suit.
At least five states -- Idaho, Kansas, Michigan, Montana and New Jersey -- already have, according to lawyer Whetstone. "Where you don't have guidelines, it's still a bit of a free-for-all."
Meeting the demand
Meanwhile, before litigation arises and that document request arrives at the doorstep, doctors should put policies and procedures in place to avoid any hassle, experts say. They should seek legal counsel if they get pulled into a lawsuit.
Dwyer suggested that doctors not only be aware of federal and state e-discovery rules, but also "keep staff in the loop about how you do business on the computer, particularly a HIPAA compliance officer." If doctors are generating electronic files other than medical records, such as e-mail, that might fall under HIPAA, they should create a system that protects this information, he said.
Frazier recommended that doctors have a consistent policy for maintaining and destroying records.
And treat e-mail like any other business record, Whetstone said, "because people say the damnedest things in e-mail."