In 2006, the US Supreme Court amended the Federal Rules of Civil Procedure (FRCP) (1) in order to bring them up to the computer age. The added rules govern evidence gathering (discovery) that occurs during litigation. Specifically, they provide guidelines for evidence discovery of information in electronic form, referred to as e-discovery (2). The new rules introduced the concept of electronically stored information (ESI) (1), and created new data management challenges for everyone who uses electronic devices.
The amendments stipulate that when a lawsuit is filed, each party must disclose and share its relevant electronically stored information. What is considered ESI (2)? Anything that can be manipulated by computer: files, email, tweets, voicemail, digital images, blogs, and Facebook pages–you get the idea. While the FRCP changes apply only to federal legal proceedings, states have enacted their own versions of these rules. They are a fact of life, and if you are ever in a lawsuit, they apply to you.
At this point, you may be thinking, “I have a lawyer for things like this.” Not so fast. E-discovery is about data that you own and for which you are responsible. Failure to accept responsibility for managing ESI, may result in nasty surprises should a lawsuit occur. My goal in writing this post is not to create yet another article on e-discovery; rather, it is to alert readers (especially EHR users) to the potential dangers that the FRCP amendments create. I would place metadata at the top of that list.
Metadata is defined as:
Data typically stored electronically that describes characteristics of ESI, found in different places in different forms. Can be supplied by applications, users or the file system. Metadata can describe how, when and by whom ESI was collected, created, accessed, modified and how it is formatted. Can be altered intentionally or inadvertently. Certain metadata can be extracted when native files are processed for litigation. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed to paper or electronic image. (2)
All electronic information has metadata, and most of it is not readily accessible (or apparent) to users. A computer that is used to access an electronic health record will have an operating system log that contains log-on and file access information; a database log that shows which tables and stored procedures were accessed; and a log (audit trail) within the EHR that shows the portions of the patient chart accessed. At a minimum, these logs will contain date and time stamps; however, they may contain much more detailed information, such as which records were read or changed and by whom.
Common documents and files are also replete with metadata. Photographs taken with digital cameras often contain GPS information along with date and time stamps. That photo you uploaded to Facebook can tell a curious hacker not only when your photograph was taken but also, within a few yards, exactly where you were standing. Did you really intend to share that much information? Word processing documents, spreadsheet files, PowerPoint slides, and other common files contain information detailing who created the file; when it was created; and when it was last altered. Depending on the application, versioning information may be included in files. E-mail messages contain header files that show the origin, time sent, destination, and other information. Metadata is everywhere, and e-discovery rules make it available during litigation (3).
Forensics experts use metadata to verify the validity of electronic files. Unlike a paper document where handwriting might be used to establish authorship, electronic files have to rely on metadata. If it’s missing, the document is suspect. Because of the role metadata has in establishing the validity of electronic files, it is frequently requested during e-discovery.
Complying with an e-discovery request can be daunting. Rule 34 of the FRCP requires that information that ordinarily exists in electronic form must be produced in that same format on request (1). For example, in a wrongful termination case in which a business uses an electronic system for employee records, a request for the employee’s file might require production of an electronic copy, not simply a paper printout. The metadata would then be examined to see if any of the employee’s file had been deleted or altered.
Unfortunately, in the age of e-discovery, the request for information may not end with the file. Because the reach of e-discovery extends to all ESI, e-mails, voicemails, or other case-related communications, might be discoverable as well. If so, all relevant data would have to be made available to the requesting attorney. This is why businesses dread e-discovery. The costs of complying with an e-discovery request can skyrocket. Imagine the work involved in digging out 15 pertinent e-mails from the thousands received over the last three years.
Let’s not forget Facebook and other social media. Can Foursquare prove you were not where you claimed to have been? Making your information private will not prevent its use in court if it is pertinent to the case at hand (4).
The takeaway here is that all electronic devices create an electronic trail of information and e-discovery makes it all available during litigation. This is serious business; make sure that you are not caught off guard.
- Amendments to The Federal Rules Of Civil Procedure, Accessed February 20, 2012
- The Sedona Conference Glossary: E-Discovery & Digital Information Management, Second Edition, December 2007. Accessed February 20, 2012
- Williams v. Sprint/United Management Co. 230 F.R.D. 640 (D. Kan. 2005). Available at: http://datariskgovernance.com/ediscovery/e-discovery-course-fall-2009/williams-v-sprintunited-management-co-230-f-r-d-640-d-kan-2005/. Accessed February 20, 2012
- Private info on Facebook increasingly used in court. Available at: http://www.net-security.org/secworld.php?id=10524 . Accessed February 20, 2012