An audit trail is a safeguard built into an electronic medical record (EMR) that keeps an electronic record of who accesses an EMR, the time and date the record is accessed, and what record is accessed (and what specific portion(s) of the record is accessed), and what notes are added, if any. Essentially, audit trails act as an electronic log-book.
Often, hospitals use different audit trails for different aspects of medical care. There may be separate audit trails for patients’ medical records and for specific departments such as radiology and pharmaceuticals.
Under the Health Insurance Portability and Accountability Act (HIPPA), hospitals and other medical providers that use EMRs must take steps to ensure the privacy and security of the EMRs, including:
- Limiting access to medical records to only authorized users
- Assigning unique user identification names or numbers to authorized users
- Keeping records — audit trails — of who accessed the information, what was accessed and what was added, edited or deleted in the EMR
- Keeping records for six years after they are created
Patients are allowed access to their EMRs upon request, and access must be given within 30 days of the request. With limited exceptions, patients should be granted access to their EMRs, possibly through a portal format, so that they can see their EMR in the same format as doctors, nurses and other medical professionals.
For victims of medical malpractice, audit trails serve as a check on the doctors and nurses charged with their care. Audit trails allow an injured patient to verify whether a doctor reviewed records and test results in a timely manner, if at all; whether tests were conducted in a timely manner; who entered test results or medical information, and when; and who entered information or accessed and reviewed a patient’s records.
Audit trails can be used in medical-malpractice cases in a number of ways. For instance, if a doctor claims to have reviewed (or not reviewed) an x-ray before performing a procedure, an audit trail will serve as a check on the accuracy of the doctor’s claim. The audit trail will tell exactly when and who reviewed — or didn’t review by the absence of a notation in the audit trail — the x-ray. This information can expose witness’ lies or fabrications and may be used to impeach or undermine a witness’ testimony at trial.
Audit trails have the potential to leave doctors and hospitals more vulnerable to medical-malpractice lawsuits because they provide an accurate historical record of what did and did not happen in a patient’s treatment and may expose errors or omissions in the patient’s care. For this reason, hospitals are sometimes reluctant to hand over audit trails to injured patients and their attorneys — especially if the hospital has something to hide.
If you suspect you have been injured at the hands of a doctor, nurse or other medical professional, speak with an experienced medical-malpractice attorney about your situation.