Keep up with the latest on information governance as this key strategy emerges for addressing a myriad of information management challenges in healthcare. This blog will highlight the trends and opportunities IG presents for ensuring information is treated as an organizational asset.
“Which came first: the chicken or the egg?” This age-old conundrum raises the question of what comes first in a causal chain. Put telemedicine and information governance (IG) together and the question becomes whether an existing IG framework can accommodate a new source of electronically stored information (ESI) created by telemedicine or whether that new source will require the development of a new framework. Either way, healthcare providers should prepare for litigation in which the ESI is relevant and discoverable.
Telemedicine is defined by the American Telemedicine Association as “the use of medical information exchanged from one site to another via electronic communications to improve a patient’s clinical health status.” More broadly, “telehealth” is defined by the Health Resource Services Administration as “the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, public health and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.” For these definitions and an extended discussion of telemedicine, see AHIMA’s Telemedicine Toolkit.
Note that, although these definitions encompass protected health information (PHI), neither makes any reference to the electronic health record (EHR). The definition of the EHR may vary across jurisdictions and healthcare providers. For a discussion of how the EHR might be defined, see my posts “What Do You Mean by ‘Electronic Health Record?’” and “Revisiting What Might Constitute the Electronic Health Record,” in the Journal of AHIMA blog Legal eSpeaking. In short, however technologies are used to exchange or promote long-distance healthcare of a patient or patients, a healthcare provider’s IG program must be capable of accommodating (or “fitting in”) PHI and, more specifically, the EHR. Healthcare providers at both ends of transmission of PHI must address this need. Moreover, those providers may use the services of third-party service providers to create, store, and transmit the ESI of a patient. This reality suggests that any IG framework accommodates the need to conduct “stress tests” of any third-party providers and to enter into written business associate agreements with them. Of course, compliance with the HIPAA Privacy and Security Rules is a must whenever and wherever ESI is created.
Integrating Telemedicine into an IG Framework
All of this demonstrates how telemedicine must be integrated into an existing information governance framework or how a new framework must be created to address telemedicine. “Regulatory and Legal” is one of the ten Information Governance Adoption Model (IGAM)™ competencies. An organization’s ability to respond to legal or regulatory requests and provide accurate or timely information for these requests (i.e., e-discovery or legal holds) is essential to staying compliant.
In addition, telemedicine also implicates the so-called Internet of Things (IoT), considered to be the transmission of electronic information across various devices such as cars, thermostats, and homes. There are several requirements needed to ensure these transmissions are protected and stored appropriately for litigation purposes.
So much for telemedicine and information governance per se. Let’s spend some time on litigation.
Litigation-Related Needs with Telemedicine and IG
While this post isn’t the place for an extended discussion of the various aspects of civil litigation (for those interested in such an extended discussion see my monthly blog Legal e-Speaking at https://ahima.wpengine.com/category/blogs/legal-e-speaking), ESI (which may be broader than PHI and an EHR) is a regular feature in litigation and litigation-related needs should be addressed within any IG framework—either existing or contemplated. Several of those needs include (but are not limited to) the following:
- Duty to Preserve: Every information governance framework should include a means to identify ESI that is subject to a duty to preserve. This duty derives from long-established case law and requires that ESI (as well as physical objects such as paper) relevant to existing or reasonably anticipated litigation be kept.
- Possession, Custody, or Control: The duty to preserve extends beyond the “four walls” of a party. Rule 34(a)(1) of the Federal Rules of Civil Procedure speaks of a duty to produce things within a party’s “possession, custody, or control.” In other words, assuming that a healthcare provider works with a third-party service provider, for example, then the former might be deemed to have possession, custody, or control of ESI “kept” by the latter. This is likely to require consideration of the contractual relationship between the two.
These legal concepts should raise some immediate questions for information governance:
- What relevant ESI exists?
- Where is the existing ESI?
- Who has “control” (not in the Rule-based sense) over the ESI?
- How will the ESI be preserved?
There are many more questions that might be asked. For examples of such questions, the Sedona Conference document “Jumpstart Outline: Questions to Ask Your Client and Your Adversary to Prepare for Preservation, Rule 26 Obligations, Court Conference and Requests for Production,” is a good place to start.
Which comes first: telemedicine, information governance, or litigation? These concepts should be seen in unity as a whole. Information governance is an enterprise-wide, overarching framework that helps to manage information from a more holistic perspective. The telemedicine program falls within the overall framework of the IG program and the two programs must work in unison to ensure that the telemedicine program meets maturity in the ten IGAM™ competencies, including the Regulatory and Legal competency.
**Editor’s Note: The views expressed in this column are those of the author alone and should not be interpreted otherwise or as legal advice.