Skip to Content

E-Discovery and Record Retention Policies

07.30.10 written by

The Federal Rules of Civil Procedure (“FRCP’s”) govern the process of discovery in Federal civil lawsuits. The FRCP’s were amended on April 13, 2006, in an attempt to address the unique aspects of electronic documents as they relate to discovery. These amendments affect how discovery will be conducted regarding the disclosure of electronic healthcare records. Further, the amendments affect the level of knowledge healthcare administrators need to attain with regard to their organization’s electronic record systems.

The amendments to the FRCP’s only affect how e discovery is conducted in federal courts, however, numerous state courts have followed the FRCP amendments by implementing similar changes to their respective state rules of civil procedure.
E-discovery involves the access, utilization, and preservation of information, data, and records created or maintained in any electronic media. E-discovery involves more than rephrasing discovery requests to include electronic records and data or simply printing out emails. The amendments to the FRCP’s address the characteristics that distinguish traditional paper discovery from the new wave of e-discovery.

E-discovery concerns the access, use, disclosure, preservation and handling of litigation data, including email and other computer-generated documents, which are transmitted, stored, and backed up electronically. E-discovery requires healthcare organizations to save information: in new forms; from new sources and locations; and use and disclose it in a new manner.

The approaches and disciplines involved in e-discovery include the following: computer forensics; searching, gathering, reviewing, analyzing, producing and using large amounts of relevant information in routine litigation; focused searches for e-documents relevant to the specific issues in a case, including cell phone or blackberry records, emails and instant messages.

Establishing policies and procedures prior to a lawsuit allows a healthcare organization to respond to e-discovery requests in an appropriate and cost-effective manner. These policies and procedures are known as record retention and destruction policies.

Record retention and destruction policies have traditionally focused on managing tangible paper documents. The electronic storage and generation of documents and internet wave has brought changes regarding the collection and use of electronic evidence in legal proceedings. The amendments to the FRCP’s drastically alter the manner in which healthcare organizations should manage their electronic data.
Record retention and destruction are critical to compliance with the amended FRCP’s. Healthcare organizations must know where information is located, including backup date, instant messages, voice-mails, word processing drafts, and shadow records. Additionally, healthcare organizations must establish a routine policy for both retention and destruction which specifically identifies when the information’s useful life is over, necessitating destruction of the information. In other words, healthcare organizations need to identify, generally, when a particular type of document becomes obsolete and based upon that information, set a date when that particular type of document can be destroyed.

The amendments to the FRCP’s contain a provision that provides healthcare organizations with a “safe harbor” in instances where information was destroyed based upon a carefully planned record retention and destruction policy. Sanctions will be imposed for improper retention or destruction of important documentation.
Analogous to all legal matters, record retention and destruction policies should be updated and revised on a continuing basis both from an e-discovery and HIPPA compliance standpoint. Management from healthcare organizations should provide input in the development and revision of record retention and destruction policies. Such policies should be communicated to personnel within the healthcare organization, as well as outside third parties with access to the healthcare organization’s records. Continuous monitoring is required to ensure compliance with the record retention and destruction policy. Further, continuous monitoring is crucial when determining whether a healthcare organization can utilize the protection provided by the “safe harbor.”

Before developing or updating record retention and destruction policies, healthcare administrators should consult with competent legal counsel in their respective jurisdictions.

NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.