New Jersey Courts Address Plaintiffs’ Demands to Inspect Electronic Medical Records – Appellate Division Sides with Plaintiffs (with Restrictions)
Plaintiffs have increasingly demanded to gain access to the Electronic Medical Records (EMR) of health care providers/facilities, citing Rule 4:18-1, and Rule 4:10-2(a), (g), and (f). This has become a contentious issue in pre-trial discovery as defendants argue that giving plaintiffs unfettered access to EMRs is unduly burdensome in time and expense; it opens up the possibility of HIPAA violations insofar as other patients’ health information may be exposed; and the practice opens providers up to a heightened risk of cyber attacks.
In Lasiw, the plaintiff requested to inspect the EMR of the defendant Hackensack University Medical Center (HUMC), which refused the request, citing that the EMR system was proprietary, it contained protected personal health information of other patients, and that the current EMR format differed from the one that was in effect during the care and treatment at issue. HUMC further asserted that if the court were to order an inspection of the EMR, the plaintiff would need to obtain cyber and criminal acts insurance of no less than $5 million prior to any EMR inspection. The defendants further argued against an inspection of the EMR, claiming that it should be a last resort and allowed only in cases where a plaintiff has shown that “conventional document productions that do not needlessly consume tons of staff [and] are not jeopardizing the security of the system” are insufficient.
The trial court permitted the plaintiff to conduct an on-site inspection of the EMR, and HUMC appealed the decision. On appeal, HUMC argued that the plaintiff should bear the burden of specifying the individual entries of the EMR that were being sought and the defendant would produce the requested metadata subject to potential assertions of privilege. The Appellate Division was unpersuaded by HUMC’s arguments and found that HUMC failed to demonstrate that an EMR inspection would put the overall EMR system at risk of a cyber attack. Further, the plaintiff was not requesting direct access to HUMC’s EMR system as a whole but, instead, was requesting to inspect the patient’s EMR on a screen which was controlled by HUMC’s employees, thus eliminating any potential HIPAA violations.
Ultimately, the Appellate Division permitted the plaintiff’s expert to review the EMR subject to the following conditions. The review would be:
- on-site;
- conducted with HUMC’s personnel in control of the system and the mouse;
- limited to four hours;
- conducted with plaintiff’s counsel present and she could request specific metadata be copied and produced in “reasonably usable form”;
- conducted in the presence of defense counsel who could raise any objections to particular metadata that appears on-screen (but any objections would be preserved and considered by the Court at a later time);
- conducted but not recorded; and
- conducted with confidentiality agreements in place pursuant to N.J.R.E. 530(c)(4) and (5) to ease any other concerns.
Since the Appellate Division’s decision in Lasiw, defendants have been faced with increasing discovery demands for EMR information and content. Since the Lasiw decision, plaintiffs have been requesting EMR documentation and EMR inspections in virtually every medical malpractice action, citing their unequivocal right to have their experts inspect the patient’s EMR and the associated metadata. This has become a hot-button issue that all defense attorneys representing hospitals, facilities, and medical practices need to be aware of.
Case Law Alerts, 4th Quarter, October 2023 is prepared by Marshall Dennehey to provide information on recent developments of interest to our readers. This publication is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. Copyright © 2023 Marshall Dennehey, all rights reserved. This article may not be reprinted without the express written permission of our firm.