M E D I C A L L I A B I L I T Y A N D H E A LT H C A R E L A Wand follow the Health and Human Servicestechnical and procedural guidelines for reporting.In addition, a data breach may fallunder the Federal Trade Commission’s RedFlag Rules (although currently an exemptionfor health care providers is being consideredin the legislature.) See Identity <strong>The</strong>ftRed Flags and Address Discrepancies Underthe Fair and Accurate Credit TransactionsUnder state and federallaw, a consumer may suea health provider if he orshe is damaged by a databreach involving protectedhealth information.Act of 2003, Final Rule, 72 Fed. Reg. 63,717(Nov. 9, 2007). To further complicate matters,most states now have data breach rulesthat sometimes have reporting obligationsthat conflict with the federal requirements.Liability does not end with data breachreporting. Under state and federal law, aconsumer may sue a health provider if he orshe is damaged by a data breach involvingprotected health information. Also, plaintiffshave employed traditional, commonlaw theories, such as breach of contractand negligent infliction of emotional distress.See Yath v. Fairview Clinics, N. P., 767N.W.2d 34 (Minn. Ct. App. 2009). A plaintiffs’bar niche area is currently developingto bring these suits. See Regan- Touhy v.Walgreen Co., 526 F.3d 641 (10th Cir. 2008)(involving an electronic discovery disputefor a claim of wrongful electronic disclosureof private health information by apharmacy employee).Expansion of Direct, Vicariousor Third-Party LiabilityAnother area of potential expanded liabilitycomes from medical institutions’increased obligations when they install,maintain or connect to an electronic healthrecords system and allow health providersand other institutions to have access to44 n <strong>For</strong> <strong>The</strong> <strong>Defense</strong> n <strong>July</strong> <strong>2010</strong>them. Obviously, the potential direct liabilitysprings from the obligation to usereasonable care when installing and maintainingthis software. If, for example, anEHR system is set up to import laboratoryreports from another EHR system withinthe institution, and the software corruptsimported data leading to insufficient followup on abnormal results, the institutioncould face potential, direct liability.<strong>The</strong> very act of providing an integratedelectronic health records system to cliniciansmay also increase vicarious liabilityfor the acts of independent providersif they use the system, potentially raisingthird-party claims. In many states, physiciansare not often directly employed byhealth care institutions but act as independentcontractors with privileges to practicein institutions. Despite the contractualrelationships, plaintiffs have argued thatemployment relationships exist under thecommon law between the institutions andclinicians. See Restatement (Second) ofAgency §220(2) (1958). Jurisdictions adoptingthe Restatement’s position employmultifactor tests to determine when anindependent contractor can be consideredan employee. Most germane to this discussionis whether providing an EHR systemconstitutes providing instrumentalities ofthe work or can constitute control over thedetails of a clinician’s work.<strong>The</strong> courts have not offered guidance yeton the first topic, but on the second, a federaldistrict court judge declined to findan employment relationship between theDepartment of Veterans Affairs and theUnited States of America and an independentcontractor physicians’ group based, inpart, on the physicians’ use of the Departmentof Veterans Affairs’ electronic healthrecords system. Gibbons v. Fronton, 533 F.Supp. 2d 449 (2008). Although a successfor these particular physicians, the plaintiff’sargument about the electronic healthrecords system was limited because thesoftware was used only to control follow- uptests, and the Department of VeteransAffairs maintained exclusive possessionover the health records. From that point ofview, the electronic health records systemwas not much different from paper recordsin terms of exclusivity of control. It is difficultto know what a court would do witha fully enabled EHR system with featuressuch as “order entry” and clinical decisionsupport making tools, software that interpretspatient details to suggest treatmentor interacts with clinicians as they exercisejudgment.Another interesting case tried to usea pharmacy’s participation in a statemandatedelectronic database as a groundfor expanding liability to third persons.Sanchez v. Wal-Mart, 221 P.3d 1276 (Nev.2009). <strong>The</strong> case involved a woman whoinstigated a car accident while under theinfluence of prescription drugs, resultingin the death of another motorist and theinjury of yet one other. <strong>The</strong> appellants sueda number of pharmacies that had filledmultiple prescriptions for the motorist whocaused the accident. Nevada has a statutoryscheme requiring the pharmacies inquestion to participate in a computerized,prescription- tracking system designed toidentify prescription drug abuse. Whilethe appeal was unsuccessful for a numberof reasons, one of which was that thepharmacies did not have direct access tothe database, it does again raise the fundamentalquestions, if health providers addnew data sources about patients to existingsources, does it create obligations to thepatients or others, and if so, when? In Sanchezthe issue was not so much the medicalstatus of the initial tortfeasor, the womanwho caused the accident, as it was her substanceabuse, which was dangerous to thirdparties. If such information is made availableto providers, plaintiffs may continue toclaim that knowledge of a patient’s dangerousnesscreates special obligations.Electronic Discovery ExposureIn November 2007, <strong>DRI</strong> first publishedmy article, “<strong>The</strong> Impact of E- Discovery inHealth Care,” discussing the likely effectthat e- discovery rules, as embodied in thethen-new Federal Rules of Civil Procedure,would have on the health care industry,especially given the growing use ofelectronic health records. Without repeatingthe material covered in that article,since November 2007, e- discovery law as itapplies to health care providers has developedfurther. In short, it is very clear thatthe e- discovery rules as embodied in theFederal Rules of Civil Procedure do applyto health care litigants.EHR Liability, continued on page 87
M E D I C A L L I A B I L I T Y A N D H E A LT H C A R E L A WCoupling Evidentiaryand Procedural ToolsBy Thomas J. Hurney, Jr.,Rodney W. Stieger, Philip L.Willman and Angela E. PozzoDefendingNegligentCredentialing CasesBifurcation presents anopportunity to defusethe prejudice createdby the introduction of“other acts” evidence.Actions against hospitals asserting negligence in grantingmedical staff credentials and privileges to physicianshave been recognized since the seminal case Darling v.Charleston Community Memorial Hospital, 211 N.E.2d253, 257 (Ill. 1965), cert. denied, 383U.S. 946 (1965). Large jury verdicts haveresulted in these cases. See, Frigo v. SilverCross Hospital, 876 N.E.2d 697 (Ill. App. Ct.2007) ($7.775 million dollar verdict).Sometimes a plaintiff finds that includingthese direct claims against a hospital to amedical malpractice action attractive becauseit potentially broadens the evidenceadmissible at trial, forcing a defendantto defend not only its actions in the case,but also its reputation, and it also adds a“deep pocket” corporate defendant. Dependingon the state, statutory limitations■ Thomas J. Hurney, Jr., is the manager of,and Rodney W. Stieger is an associate in,the Litigation Group of Jackson Kelly PLLC inCharleston, West Virginia. Mr. Hurney is pastpresident of the <strong>Defense</strong> Trial Counsel of WestVirginia. Philip L. Willman is a principal, andAngela E. Pozzo is an associate, in the Medicaland Health Care Litigation Group of Moser& Marsalek, P.C.,in St. Louis. Mr.Willman is thechair of <strong>DRI</strong>’sMedical Liabilityand Health CareLaw Committee.on medical negligence cases may not applyto actions for negligent credentialing.Compare, Browning v. Burt, 613 N.E.2d 993(Ohio1993) (Ohio limitations did not apply)with Garland Community Hospital v. Rose,2004 WL 2480381 (Tex. 2004) (Texas reformact applied). It sometimes follows thatplaintiffs’ counsel, looking for opportunitiesto strengthen medical negligence cases,will initiate or investigate direct claimsagainst hospitals for negligence in the credentialingand oversight of physicians.Some commentators suggest credentialingactions against hospitals have surged.<strong>For</strong> instance, two commentators havewritten, “<strong>The</strong> number of negligent credentialingclaims filed in conjunction with traditionalmedical malpractice claims hasincreased significantly. Lawyers for plaintiffpatients view healthcare organizationsas having ‘deep pockets,’ particularly nowthat some physicians carry less malpracticeinsurance than in the past.” MichaelA. Chabraja and Monica C. Wehby, NegligentCredentialing: Hospital Must MonitorIts Doctors’ Qualifications, Surgical Activities,Bulletin (American Association ofNeurological Surgeons), Summer 2007, at38; Wayne J. Guglielmo, Negligent Credentialing:Is the Danger Growing? ModernMedicine, May 4, 2007.<strong>For</strong> <strong>The</strong> <strong>Defense</strong> n <strong>July</strong> <strong>2010</strong> n 45