XS
SM
MD
LG
XL

Audit Trails Are Watching You: How to Limit Liability Risk Through Thoughtful Interaction With EHR

By: Jason Newton
4 Minute Read

Among the many changes to the medical malpractice landscape in recent years, an increasing number of plaintiffs’ lawyers are attempting to malign the character of the defending healthcare provider rather than addressing the care they delivered. One tactic used by these attorneys is reconstructing a narrative about events using an audit trail of data in electronic health records. Unfortunately, many providers don’t know what an audit trail is until they are faced with such a situation. By then, it’s often too late to protect themselves against potentially damaging claims.

What Is an Audit Trail?

In many electronic health record systems, everything a provider does is tracked and stored as data for future access. This data includes information about when different records were accessed, how long providers spent on a particular page or image, when notes were added or deleted from the record, when notes were signed and finalized, and in some cases, every single keystroke that is typed. All this information is available and will likely be given to a plaintiffs’ attorney in the event of a malpractice claim. While this data is not technically part of the medical record, it’s generally understood that once requested, it will have to be produced.

By exploiting documentation errors, omissions, or malfeasance, plaintiffs’ lawyers are increasingly making the case about something other than medicine. Not only can the existing records and documents themselves be pulled for examination, but audit trails of the data stored within the files may show cause to believe the doctor is, at best, careless and inattentive, or at worst, dishonest and deceitful.

Audit Trails in Action: Two Stories

Medical record audit trails can be your worst enemy or your best friend during a malpractice trial. Let’s look at two hypothetical examples:

Case #1:

A teenager presented to the emergency room with hip pain on four separate occasions, and was diagnosed on her fourth visit with a deep-seated hip abscess—a highly unusual diagnosis for someone her age. The patient became permanently disabled, allegedly as the result of delayed diagnosis and treatment. According to existing medical records, the first ED physician included “potential abscess” in the differential diagnosis, and this entry was seemingly ignored by all other attending physicians in subsequent visits. However, the audit trail told a very different story.

Data within the electronic records showed that the first ED physician had, in fact, revisited the original record and amended it after the fourth ED visit to reflect the new diagnosis, failing to note that this was a late entry. It became clear to the jury that this physician was attempting to protect herself from allegations of a missed diagnosis, resulting in a verdict for the plaintiff. Had this information not come to light, the physicians may have been able to clearly illustrate the improbability of such a diagnosis at that point in treatment and convinced a jury that no negligence had occurred.

Case #2:

By contrast, audit trails can sometimes work to a provider’s advantage when cultivating a defense argument. The following case is an example of audit trail data providing definitive evidence that a physician was attentive to a patient’s medical chart and history during care:

A patient with sickle cell anemia died while under a physician’s care, allegedly due to an overdose of morphine during an admission for management of a pain crisis. During the trial, the plaintiff’s expert testified that one of his chief standard care opinions was that the physician who ordered the morphine dosage and frequency did not consider previous adverse reactions to narcotic analgesics noted within the patient’s medical record during a prior crisis. Through an audit trail of the medical record, data showed that, prior to prescribing the morphine, the physician spent over six minutes reviewing records, including portions involving prior adverse reactions, proving that she did observe and consider this information—a fact that contributed to a defense verdict for the provider.

Key Takeaways

When it comes to EHRs, there’s nowhere to hide, and awareness is key. Providers must interact with medical records in a way that is thoughtful and accurate and proceed with honesty and transparency throughout their care. Keep in mind that all discrepancies are recorded and will become known during a claim investigation. Some simple steps you can take to protect yourself include:

  1. Be factual, truthful, and timely. Any discrepancies between the records and reality can be exploited during claim investigation and litigation. Factual and truthful entry is the best thing you can do to protect yourself and your practice.
  2. Clearly state when information has been added or deleted. During certain circumstances, information will need to be entered or deleted at a later date or time. In these instances, clearly state when the information was added and deleted and why for total transparency into the reasoning and thought process behind information amendment.
  3. Never allow anyone else use your logins. It’s relatively common for physicians to ask their physician’s assistant or nurse to enter information on their behalf to save time and hassle. This can create an opportunity for liability should that information be incorrect or incomplete. We understand that this is a workaround for physicians who simply cannot spare the extra time, but if that’s the case, this problem needs to be brought to the attention of practice leaders and EHR vendors to make sure physicians are able to complete EHR information efficiently on their own.

For further guidance on this topic, Curi members are encouraged to reach out to our risk management experts at Curi Advisory by calling 800.662.7917.

Jason Newton
Jason Newton is Curi's General Counsel, based in Raleigh, NC. Follow Jason on Twitter @jason_newton.
News & Knowledge