Mid-Atlantic Health Law TOPICS

A federal court in Illinois recently held that the metadata or audit trails associated with a patient's medical records are not protected from disclosure by the peer review privilege.

The issue arose in a medical malpractice case involving the death of a child following brain surgery. After the child's parent received two allegedly different medical charts relating to the child's care, the parent suspected that the records had been improperly altered. The parent therefore requested the metadata or audit trails associated with the charts, which included the date, time, the name of the person who accessed the record, their user ID, the action that was taken, and the items in the record that were viewed or edited.

The hospital involved argued that the data was protected by the Illinois peer review privilege, which protects from disclosure certain information related to the peer review process - a process in which medical decisions are discussed and commented upon by medical professionals.

The court rejected the hospital's argument. The court reasoned that the data was not specifically generated by the peer review committee, and did not reflect the committee's discussions. Indeed, there was no evidence that the peer review committee ever even looked at the audit trail in the course of their deliberations. Instead, the audit trail was one aspect of the medical chart that was generated in the ordinary course of the hospital's business and not for the specific use or consideration by a peer review committee.

The case is a reminder that medical providers must be mindful of the electronic footprint they leave behind when reviewing and editing records in an electronic database.