• E-mail
• Print
• RSS

Preserve electronic data to prepare for potential litigation and avoid sanctions

HIPAA Training Advisor, August 24, 2006

Regardless of the size or how well it is operated, any organization could find itself involved in a legal dispute. When an organization faces possible litigation, the courts may require it to produce documents related to the case. These documents include not only paperwork, but also electronic data, such as voice mails, e-mails, and spreadsheets.

This means that if your organization anticipates that it may become the subject of a lawsuit, it must preserve the electronic data that pertains to the lawsuit, says healthcare attorney Terrence O. Reed, an associate with Waller Lansden Dortch & Davis, PLLC in Nashville, TN. This data could include information generated before the lawsuit is actually filed.. "Your duty to preserve electronic data [takes effect] when you should reasonably anticipate litigation," Reed says. "It's not necessarily when a complaint is filed. It may [take effect] before that."

If you fail to preserve applicable electronic data, you could face sanctions, including fines and instructions given to a jury that missing data is evidence against you because of your negligence.

Educate yourself about electronic data
You should understand how your organization generates and destroys electronic data so you can learn how to preserve it. Take these three steps to educate yourself:

Step 1: Learn about your document-retention policies. "You'd be surprised at the number of employees, even high-level employees, who may not be aware of what the company's document-retention policies are," Reed says. If your organization doesn't have such policies, it should develop them. Then, if you destroy or alter data that's relevant to a case, your lawyer can argue that you did so in order to comply with the policies, and not to try to keep it out of court. Make sure your document-retention policies address electronic data. If they do not, add the necessary language, as this language could play a vital role in your defense for why relevant data was destroyed. Speak to your legal counsel before developing this policy to ensure that your policy follows state and federal laws for document retention.

Step 2: Become familiar with your electronic data. In addition to e-mail messages and documents on your computer, the courts have given electronic data a broader definition, Reed says. Electronic data can include files in your disaster-recovery systems, backup servers, archives, laptops, cell phones, personal digital assistants, cache files, and data files, for example. Some of these data files may be considered "metadata," or "information about your information," Reed says. For example, when you create and send an e-mail, your e-mail program may attach to the message metadata, such as information about when the e-mail was created and to whom you sent or forwarded it. Meet with your information systems (IS) staff and gain a better understanding of the wealth of electronic data your facility generates and where and how it is stored and backed up. This will help you know what you need to preserve.

Step 3: Understand your document-retention and electronic data storage architecture. Talk with your IS people to learn about how pieces of data go to the network system and the backup system, how long they stay on the hard drive, when certain information is overwritten, and when it is copied onto a backup tape, says Reed. "I would suggest that organizations do this before they anticipate litigation because at that point you're kind of on a timeline and it's a stressful situation." This will help you understand how staff members could inadvertently destroy important data and metadata and what you need to do to avoid this from happening.

Take these actions when facing potential litigation
If you're facing potential litigation or anticipate a lawsuit, avoid sanctions by taking these actions to ensure electronic data preservation:

1. Identify data sources and gather relevant data. Once you know the nature of the potential lawsuit, identify the sources containing data relevant to the case and then gather and store the electronic data in a place where you know it will not risk spoliation-the destruction or material alteration of evidence or failure to preserve property for another's use as evidence in pending or reasonably foreseeable litigation. Talk to employees who may have any connection to the lawsuit to find out whether you're overlooking any additional sources of data.

2. Suspend document-retention policy. At the point where you anticipate litigation, you need to suspend the document-retention policy to prevent that plan from destroying relevant information, Reed says. Make sure you instruct your staff about this suspension to reduce the likelihood of spoliation, which is the destruction or material alteration of evidence or to the failure to preserve property for another's use as evidence in pending or reasonably foreseeable litigation. Also, disable automatic settings in data-retention applications that erase certain information after a set amount of time or to clear up space for new data.

3. Store future data. Put in place a process to handle relevant information generated after you start preserving data. File this information into a folder that is protected from potential spoliation, Reed says.

4. Remind staff of responsibility. "A company would behoove itself to periodically send out memos reminding employees that there is a litigation hold regarding this particular former employee/company so that employees won't relax and forget that there is a litigation hold or forget that certain information needs to get forwarded to a particular electronic file," Reed says.

Editor's note: Adapted from "Preserve electronic data to prepare for potential litigation and avoid sanctions," Briefings on HIPAA, July 2006.

• E-mail to a Colleague
• Print
• RSS
• Archive