April 20, 2016
Under Ohio law, a patient has the right to examine or obtain a copy of his or her “medical record.” But to understand exactly what a patient is entitled to see – and what a healthcare provider must provide upon proper request – requires a dissection of the term’s statutory definition. Under Ohio law, a “medical record” is defined as follows:
Recently, however, a majority of the Supreme Court of Ohio took a rather expansive view of the “Where”, the “Who”, and the “When” by holding that patient data retrieved at the direction of risk management after the patient discharge and then stored in the risk management department (and not the medical records department) still constituted a “medical record” that the hospital was required to provide to the patient.
In Griffith v. Aultman Hospital, Supreme Court Slip Opinion No. 2016-Ohio-1138, the personal representative of a patient who died at the hospital requested the patient’s complete medical record. The hospital produced what existed in its medical-records department. That production did not include cardiac monitoring data that was not printed out or provided to the medical-records department. Normally, that data was electronically stored in the cardiac monitor for 24 hours after patient discharge, and then deleted unless a physician decided it should be saved for the medical record. In this case, no physician decided to do so. However, risk management requested to review certain cardiac data shortly after the patient’s discharge, and those cardiac rhythm strips were printed and then stored exclusively in the risk management department. The hospital argued that those strips were not a part of the “medical record” because no physician directed those strips to be saved and because those strips were not maintained in the hospital’s medical-records department.
Led by Justice Kennedy, the Supreme Court majority was unmoved. The majority focused upon the word “maintain” in the statutory definition, which it defined as “whether a healthcare provider made a decision to keep data” generated during patient care. (Emphasis added.) As a result, the majority concluded that “the physical location of patient data is not relevant to the determination whether that data qualifies as a medical record under R.C. 3701.74(A)(8).” Nor does it seem that the majority was concerned with who decided to keep the data or when that was decided. In other words, as soon as the hospital decides to keep patient data generated during patient care, it becomes a “medical record” regardless of when that data is generated or accessed, regardless of who at the hospital decides it should be saved, and regardless of where that data is stored.
In dissent, Justice O’Donnell focused upon the reality of this particular situation – i.e., the actual use of the cardiac rhythm strips and who decided to save and use that data. In his opinion, patient data generated by and maintained within risk management after the patient’s discharge is not being “used” in the process of the patient’s health care treatment. Instead, that data is being used for risk management purposes, not in furtherance of any healthcare treatment that would trigger R.C. 3701.74(A)(8). Justice Lanzinger agreed, adding that the patient’s actual healthcare providers – as opposed to risk management personnel – are best able to determine what information is relevant to a patient’s treatment. If those providers decided during care that particular patient data should not be saved, which would include this cardiac data, then that data does not constitute part of the “medical record.”
To be clear, not all data that a healthcare provider generates or obtains from a patient during treatment constitutes a “medical record” to which the patient must be given access upon proper request. Such a result would be practically unfeasible. However, just as Supreme Court decisions tend to do, Griffith has far-reaching implications and may have created many more questions than it answered. Who at the hospital can decide which data is relevant and which data is not? Does that include texts and emails sent and stored on personal electronic devices? What about scrap paper commonly used by healthcare professionals to jot down notes during care? Does this expanded view of a “medical record” envelop audit trails? Does this ruling undermine the risk management process, which usually occurs after discharge? What about data requested by outside counsel in anticipation of potential litigation?
Only time, and further litigation, will tell.