On June 16, 2017, a 42-year-old mother of five in Florida arrived at a hospital with her husband of 22 years by her side for a scheduled outpatient hysterectomy. She was expected to be home with her family that night and back at work within a few weeks. Instead, several hours after the surgery began, hospital representatives approached the patient’s husband in the waiting room to tell him his wife was in the intensive-care unit as a result of an unexplained post-op cardiac arrest.

Several weeks later, his wife clinging to life, he was informed that the hospital’s investigation revealed no cause of the cardiac arrest and resulting anoxic brain injury. What they failed to tell him was that within hours of her being stricken, the providers responsible for his wife’s care began making alterations to the electronic medical records (EMRs) that would be undetectable via a basic review of the records themselves. It was only after years of litigation discovery, researching the complex regulations governing the hospital’s EMR data, and an on-site expert forensic audit of the EMRs that the damning facts came to light.

Contrary to what her husband had been told—and what was outlined in the official records—the audit revealed that at the end of the surgery, when the anesthesiologist and nurses were supposed to be watching closely, the patient’s vital signs plummeted. Her monitors recorded no oxygen saturation, no respiration and a lethal arrhythmia for more than five minutes in the recovery room before anyone started performing CPR.

The edited records substituted false vital signs for those recorded by the monitoring equipment and pushed the fiction that resuscitation efforts were initiated without delay. The anesthesiologist deleted an entry proving that he had signed out of the case at the same time his edited record claimed he was performing life support.

The patient’s vital signs recorded upon arrival in the recovery room show that had CPR commenced on time she would have recovered fully. Instead, nearly four years later, she remains in a brain-injury rehabilitation facility. She cannot speak or walk and will be completely dependent on others for every need for the rest of her life.

As in this lamentable case, the story in a patient’s medical record will, if accurate, reveal whether a doctor or hospital committed malpractice resulting in injury or death. How, though, does one determine whether the authors of the records have written a work of fiction, deleted a chapter, or changed the ending?

In many cases, the story of a medical record is relatively easy for an experienced medical-malpractice attorney to read, particularly when the record was finished before the error was discovered. Consider, for example, a case in which a radiologist fails to identify a visible mass on an X-ray which another doctor, months later, finds to be cancer. Because the radiology report was finalized well before the diagnosis, there would be no reason to suspect an after-the-fact exculpatory alteration.

Unfortunately, the same cannot be said when injury or death occurs as a result of poor patient monitoring or surgical errors in a hospital that uses EMRs. In such a setting, the EMR can be written (or rewritten) by those who bear responsibility for the harm before the victim’s family can hire an attorney or request records. As with any document generated electronically, there are legitimate reasons for someone to edit an EMR. However, the ability to edit without detection can leave victims of medical negligence with no way to prove their case. Fortunately, the same laws that require hospitals to convert their records to an electronic format also mandate that those records be maintained in a way that enables edits to be audited. The regulations also force hospitals to share electronically maintained records with the patient or the patient’s legal representative.

The History of Electronic Medical Records

In the past, health records were written on paper and maintained in folders divided into categories. Only one copy was available. A provider caring for a patient in a hospital would either hand-write entries chronologically in a chart or dictate notes that would be transcribed, printed, and added to the chart. The dictated portions would show both the date of dictation and when it was transcribed. This paper-chart method, primitive though it now seems, made it difficult for records to be altered without detection. The transition from paper records to EMR systems meant a worrisome increase in the potential for undetected alterations.

Although EMR systems emerged in the early 1990s in the United States, they got a big boost from the 2009 federal stimulus plan’s “meaningful use” initiative. As part of the American Recovery and Reinvestment Act, passed in the wake of the 2008 financial crisis, all public and private health-care providers and other eligible professionals were required to adopt and demonstrate “meaningful use” of electronic medical records by January 1, 2014, in order to maintain their Medicare and Medicaid reimbursement levels. This created an enormous incentive for hospitals to convert to EMR systems compliant with the meaningful-use criteria, as well as opportunities aplenty for large EMR vendors. In 2015, the Department of Health & Human Services established rules creating further incentives to comply with the meaningful-use doctrine, including incentive payments for hospitals using compliant EMR technology.

The discovery process in a medical-malpractice case may allow an attorney to access not only the patient’s final records but also the audit trails generated from the EMR’s metadata, the digital fingerprint information embedded within the recorded chart. Forensic experts can pull from the metadata detailed information about who made or altered entries to a patient’s record and preserve the original content of every entry that has been altered or deleted. In other words, access to metadata can reveal the actions of those who might have tried to hide the truth through the alteration or destruction of a patient’s record.

That is exactly what happened in the case described here. As is typical, the evaluation of a potential medical-negligence claim starts with a request for a copy of the entire medical chart. When we did so in this case, it was clear from the beginning that we hadn’t received the complete chart and that things we’d normally expect to see were missing. That ultimately led to a court order allowing our retained computer forensic expert access to the hospital’s EMR system.

That inspection, which was videotaped, occurred at the hospital, with hospital attorneys and IT personnel in attendance. With the same access available to a hospital physician, and the EMR program’s user manual, our expert was able to access the metadata and recover every alteration and deletion. The audit trail revealed a far different story than what had been presented in the edited version of the EMR: a tragic tale of patient neglect that was concealed in an attempt to protect the perpetrators.

David Carter is a shareholder at Gould Cooksey Fennell in Vero Beach, Florida where he founded and leads the firm’s Personal Injury and Medical Negligence Group. Over the last 30 years, he has tried numerous catastrophic injury and wrongful death cases. Mr. Carter has twice been recognized as Best Lawyers “Lawyer of the Year” in Orlando for Personal Injury Litigation-Plaintiffs.