The Electronic Medical Record, Audit Logs and Revision History

By Christine Antonellis Norton, Esq. and Mike A D’Amico, Esq.
November 2014

Electronic medical records (EMR)/electronic health records (EHR) (hereinafter EMR) have largely replaced paper medical records since the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. Previously, when alterations were made to a paper medical record, the same health care provider that made the original entry would cross out the altered entry with a single line, add a correction, and initial the change with the date and time of the alteration. The change made was generally legible. Both the initials and handwriting aided a reviewer in identifying the individual. Some alterations were “late entries” where a health care provider would document an entry into the record as a “late entry,” identifying the date and time of the entry, the identification of the individual making the entry, and that the entry was made after the fact. Generally, alterations that were made to a patient’s medical record were made where the medical chart was kept during the course of care.

Thus with a paper record, generally, the identification of who accessed the record, where that access took place, the date and time the record was accessed, and what information was altered remained transparent and preserved for any subsequent users or reviewers of that record. Importantly, this method also discouraged unauthorized alterations to the medical record. The authenticity, completeness, reliability, and admissibility of the medical record were preserved for the health care providers, the patient and any subsequent reviewer. These types of alterations to the record were integral to the record’s usefulness as a business record and made with the intent to aid the users and/or reviewers of the record in understanding the medical care provided and clinical decisions that were made during the course of care. In the context of a lawsuit or other investigation, these alterations were not redacted from the paper record prior to production. In fact, these types of authorized and transparent alterations were considered a testament to the medical record’s accuracy, freedom from unauthorized alterations, and completeness.

Enter the age of EMR. Now, health care providers often take the position that EMRs have a “legal electronic health record” definition whereby the provider decides internally what information constitutes the official business record for evidentiary purposes. This definition often does not include the critical information about alterations to the medical record that had previously been preserved on the paper medical record. Unlike paper records, detection of any alterations by a simple inspection of printouts of electronic records is impossible. It is not that this information is no longer available in the context of EMR. Rather, health care providers exploit an EMR system’s ability to filter out documentation of who made alterations, what was altered, and where and when these alterations to the medical record occurred, effectively compromising everyone else’s ability to authenticate the record or fully understand the clinical events that transpired.

Further, alterations to a medical chart can now occur at any time and from various user-EMR interfaces (computer terminal in the emergency department; nurse’s station on an obstetrical floor; tablet in a doctor’s office). EMR users may or may not have taken part in the medical care documented in the record; and these users may not be medical professionals at all (billing personnel; medical records personnel). An EMR user is anyone with system access and designated EMR rights. These issues now make the EMR vulnerable to access and alterations that misrepresent or change the documentation of the medical care provided and jeopardize both the actual provision of medical care; and the admissibility of the medical record as a business record that accurately reflects the course of care at issue. Thus the federal government has mandated that health care providers utilize EMR systems that record information about access to an EMR. See, 45 C.F.R. 170.210, referencing ASTM E2147-01, 7.2 through 7.4, 7.6 and 7.7; 45 C.F.R. 164.308; and 45 C.F.R. 164.312. This information is preserved by way of audit logs.

An audit log (sometimes called an audit trail by some EMR companies) is a security-relevant chronological record that provides documentary evidence of, among other events, who accessed an electronic medical record system, when they accessed it, from where, and exactly what they did, such as enter new data, modify or remove existing data, view a part of the chart, obtain a printout, etc.

Audit logs may not, however, save the actual content of the record that was changed, i.e., what the record said before and after the change. Thus a revision history is needed to evaluate changes made over time (comparable to the Microsoft Word “track changes” feature). In other words, it is a chronological listing of document versions or data versions showing the changes over time. Without a duty to disclose the audit logs and the revision history, an EMR can be altered with impunity. Timelines can be changed, information can be altered or deleted, or “new” information entered. Importantly, these changes may or may not reflect falsification of a medical record; these changes may reflect the actual care, but it is impossible to know without an audit log and revision history to authenticate the changes.

In sum, whenever an EMR is produced, it should be mandated that it be produced with the audit log and revision history. The applicable statutes, regulations and/or the Practice Book should be modified in this regard and brought to the age of the EMR.