Protect Subpoenaed Data from Routine Deletions
Responding to a subpoena can require a risk manager’s oversight of many functions in a healthcare organization, and one area is easy to overlook: the scheduled deletions of data from the computer system that happen in nearly every hospital and health system.
Failing to stop those routine deletions could bring legal trouble, cautions Katherine Lemire, JD, a former federal prosecutor and president of Lemire, a New York City-based compliance and risk management firm. The definition section of the subpoena spells out what information is being requested, and that data must be preserved until it is provided.
“You want to make sure that no one inadvertently destroys records,” Lemire says. “For instance, you might get a subpoena that asks for email correspondence related to a particular patient. You want to make sure your IT people know about that fast so that they’re backing up and not doing routine deletion of emails.”
Organizations vary widely in how long they keep emails or other general documents, with many deleting the data after 30 days, Lemire notes. Risk managers also should carefully document all instructions regarding preservation of data so that, if information is accidentally erased, the risk manager can show that it was not intentional and that he or she did make a good faith effort to preserve it.
Risk managers also should stay involved with the subpoena fulfillment, even if it is sent to outside counsel, Lemire says.
“The risk manager should manage that outside lawyer, as a way of controlling costs and ensuring that the process is moving appropriately,” Lemire says. “I’ve seen cases where hospitals just decided to farm it out to an outside lawyer and forget about it, but that can result in oversights that hurt the hospital much more than the lawyer. Some supervision and monitoring is always warranted, even if they are experts in the subject matter.” (For more on responding to a subpoena, see “You Must Respond Carefully When You Are Served With a Subpoena,” Healthcare Risk Management, September 2016, at http://bit.ly/2c8fsqO.)
SOURCE
- Katherine Lemire, JD, President, Lemire, New York City. Telephone: (646) 979-4100.
Responding to a subpoena can require a risk manager’s oversight of many functions in a healthcare organization, and one area is easy to overlook: the scheduled deletions of data from the computer system that happen in nearly every hospital and health system.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.