Spoliation is the destruction or significant alteration of evidence that denies opposing parties their due rights. While this word may cause you to think of intentional document shredding, video destruction or information deletion, it should also queue you to consider electronic health record (EHR) security. Spoliation in the case of a legal suit against a healthcare organization could occur due to unreliable EHR systems that make clinical data impossible to locate or retrieve.
To be compliant with HIPAA requirements, healthcare organizations are charged with collecting, storing and providing retrievable protected health information. So, when working with systems that store active or historical patient data, it is important to safeguard against spoliation as well as unintentional record damage or loss.
This is especially true during litigation and eDiscovery where healthcare organizations are expected to be able to produce clinical and other health data in a reasonable time-frame. The potential for being cited for spoliation in litigation or a regulatory investigation is one of the greatest exposures corporations have under the stipulations of the Sarbanes-Oxley Act. Further, courts in some jurisdictions will allow mistaken and negligent conduct to form the basis of a claim for destruction of evidence.
Being cited for spoliation could result not only in severe sanctions and fines, but also in public embarrassment from exposure on the front pages of widely read industry publications. Therefore, information systems’ architecture choices necessitate a conversation between the CIO and legal counsel to ensure that proper systems are in place.
Such a possibility puts a great burden on the storage mechanisms and applications being utilized to protect records for a required retention period. The challenge of ensuring record reliability grows in proportion to the length of time the electronic records must be retained. As it pertains to medical record storage, retention periods can range from as little as three to seven years, or – depending on record, medical specialty or facility types — to as long as 25+ years . . . or even in perpetuity.
Harmony Healthcare IT works with healthcare organizations of all sizes to implement solutions which ensure that clinical data is securely preserved and readily available for eDiscovery. Our industry-leading Health Data Archiver has many features built-in to combat spoliation, including:
- The archived database is immutable, meaning data that is archived is static in nature can cannot be deleted or removed. It can be struck through to be marked in error, but not manually deleted.
- The purge rules capability dictates when data can be expunged first in a non-searchable, but available method (soft purge), and subsequently by a deletion event (hard purge). This is driven by retention policies tied to purge rules.
- All activity, from login to logout, including purge activity, is tracked via audit logs, certificates of destruction and reporting.
For more information about eDiscovery and Healthcare Record Retention, download our white paper.
Make sure your organization’s clinical health data is preserved and secure. Our team can help you run a health assessment on systems and develop a plan to safeguard your data from spoliation.