Brian Hedgeman Quoted in “Protect Metadata When Disclosing Information from Electronic Health Records”Healthcare Risk Management August 1, 2019
Brian Hedgeman, Law Clerk – Admission Pending – in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, was quoted in Healthcare Risk Management, in “Protect Metadata When Disclosing Information from Electronic Health Records.”
Following is an excerpt:
When protected metadata are outside the scope of the subpoena, the healthcare organization may be providing information the other party should not see, says Brian Hedgeman, JD, a law clerk with admission pending at Epstein Becker Green in Washington, DC.
“Some information contained within the metadata might be privileged. Thus, your clients may be at risk of losing their dispute because opposing counsel has acquired information that bolsters their case. Additionally, client representatives may have disclosed something to opposing counsel that they were unaware of,” he explains. “For instance, if metadata related to care and clinical decision guidelines were obtained, opposing counsel would have an opportunity to identify deviations from those standards, which may bolster his case.”
However, some courts today generally require that parties who request metadata during litigation show “a particularized need for the metadata,” as opposed to a generalized view of its importance, Hedgman says.
Also, proprietary or privileged information contained within the metadata would compromise the individual’s economic or personal interests. Hedgeman notes these best practices for avoiding improper release of metadata:
- Converting a document into another format so that it does not preserve the original metadata;
- Transmitting the document via email or fax;
- Using scrubbing technology to remove metadata from various materials;
- Developing plans for disposing of metadata in the system when no longer needed;
- Restricting staff and third-party access to multiple systems where metadata can be accessed by allowing read-only permission levels.