What Nurses Need to Know About Metadata, Documentation, and Legal Liability

Metadata analysis of information in a patient’s electronic health record (EHR) has the potential to provide valuable information to attorneys in the case of a lawsuit. This information, such as patterns of missing data, can bolster a legal case, leaving nurses vulnerable to punitive action. The best way to avoid negative results of a metadata analysis and subsequent legal action is effective documentation.


Metadata in the EHR

One of the first steps a plaintiff’s attorney takes when building a potential medical malpractice case is to review the documentation in the plaintiff’s/patient’s EHR. An EHR stores a wealth of information, including the data entered, when it was entered, who entered it, who viewed it, and whether it was modified. It also stores when someone simply viewed something and how long they were viewing the record. All this information is referred to as metadata, which can otherwise be thought of as “data about data.”
Metadata can be analyzed not only to identify single incidences of error, such as choosing the wrong descriptor from a checklist, but also to detect patterns that can provide insights into the nurse’s care and support an attorney’s case. For example, an attorney might use a metanalysis showing that a nurse is routinely late in documenting to imply that their work is sloppy, creating a negative impression that can affect the nurse’s perceived credibility and even undermine their defense.
Federal Rules of Civil Procedures recognize that metadata is “discoverable.” An attorney gains access to EHR information through e-discovery, which the American Health Information Management Association (AHIMA) defines as “the pretrial legal process used to describe the method by which parties will obtain and review electronically stored information (ESI)”. ESI covers any device (such as computers and tablets) and electronic data, such as email and progress notes and radiographic images in an EHR. E-discovery is a complicated process for both the attorney and the organization maintaining the EHR. Data is usually obtained via a computer-generated record of audit trails showing user access and actions.

Protection through documentation

In the case of litigation, metadata can play an important role in determining the credibility of evidence, including a nurse’s testimony and documentation. A one-time minor error in documentation is not likely to affect the outcome of a case, but more substantial errors can have a significant impact. For instance, if you testify that you notified a provider of a change in a patient’s status at 1130 but EHR data show you made the entry at 1630, without noting the late entry and when you notified the provider, your credibility may be affected. Frequent errors and errors of omission can undermine a nurse’s credibility in court.
On the other hand, metadata based on your complete and accurate documentation can help exonerate you by bolstering your credibility and providing evidence that you adhered to your organization’s policies and procedures and the standards of practice.

Documentation recommendations

Here are some recommendations that will help ensure your documentation serves you well in court.

  • Avoid documentation gaps. An example is neglecting to document normal vital signs or routine medication administration when required. Missing information enables an attorney to constructive a narrative that may not be flattering to you.
  • Don’t copy and paste from text from one patient’s EHR to another. It is too easy to forget to revise the text to reflect variations between patients.
  • Use templates and checklists cautiously. These tools can save time, but they also can cause errors. For example, you may forget to revise a template to reflect a patient’s condition.
  • Do not share your password. Sharing passwords not only compromises cybersecurity, it could also lead to documentation errors such as another clinician entering their documentation under your name, or your profile being logged in to multiple devices at once.
  • Make any changes to the record as soon as possible, per organizational policy. A correction of erroneous information is typically indicated in some way in the EHR. Information should not be deleted because that alters the record. Corrections are acceptable when made appropriately. However, negative narratives can be created when late entries or corrections have not been made according to organizational policy. You should also avoid making any changes to a record after receiving notice of a lawsuit, even if you intend to clarify points. In fact, you should not even access the patient’s EHR again without first speaking with your risk management team or attorney.
  • Know that what you view is recorded. The EHR will take note of what you view and for how long. This has implications beyond your own patients. For example, if another nurse asks you to pull up a patient’s record for a second opinion, the EHR will store the fact that you looked at the patient’s record, and how long you accessed it. You certainly want to provide assistance, but if your conclusions differ from the requesting nurse, it may be prudent to make your own note in the EHR.
  • Document referrals and notifications of other nurses about changes in a patient’s condition. You’ll also want to document the response to notifications of changes. If you fail to receive an appropriate response, take further action, such as notifying your supervisor.

Documentation as a tool

EHRs have opened the door for detailed metadata analysis that can support — or not support — a lawsuit. Complete, accurate documentation reflects your practice and is a tool that helps in defending you in case of legal action.

Organizations, metadata analysis, and e-discovery

Organizations should be aware of the implications of what metadata analysis can reveal. For instance, in a case described by Gardner, an analysis showed that a hospital turned off alerts in a clinical decision support system because they came up so often that clinicians ignored them. A plaintiff’s attorney was later able to show that one of the alerts might have prevented injury to their client.
Organizations should have a detailed plan for responding to e-discovery requests. Attorneys Hansen and Pratt note that requests must comply with Federal Rules of Civil Procedure 26(b)(2)(C)(iii). The organization will need to supply the requested information unless they can show a court that doing so will create an undue burden or expense.    

  • AHIMA. E-discover litigation and regulatory investigation response planning: Crucial components of your organization’s information and data governance processes. n.d. https://bok.ahima.org/doc?oid=107115#.ZByfmBXMJhE
  • Barrett M, DeAngelo TR, DeAngelo JG. E-discovery: Metadata analysis in medical malpractice litigation. The Legal Intelligencer. 2020. Commentary. https://www.law.com/thelegalintelligencer/2020/04/09/e-discovery-metadata-analysis-in-medical-malpractice-litigation/?slreturn=20230223103325
  • Conn J. Making IT legal-size; As electronic health-record systems become more complex, so do the issues involving the legal status of those records. Modern Healthcare. 2008;38(20),
  • Gardner E. The weight of the I.T. evidence; why EHRs won’t reduce your malpractice premiums. Health Data Management. 2013;21(10).
  • Hansen MD, Pratt TJ. Follow the audit trial: The impact of metadata in litigation. Defense Counsel J. 2017;84(3).
  • Shwayder JM. Electronic records and metadata: Old and new liability risks: Metadata from an EHR form an audit trail of activity, which can make or break a malpractice case. Cont OB/GYN. 2018;63(9).

Disclaimer: The information offered within this article reflects general principles only and does not constitute legal advice by Nurses Service Organization (NSO) or establish appropriate or acceptable standards of professional conduct. Readers should consult with an attorney if they have specific concerns. Neither Affinity Insurance Services, Inc. nor NSO assumes any liability for how this information is applied in practice or for the accuracy of this information. Please note that Internet hyperlinks cited herein are active as of the date of publication but may be subject to change or discontinuation.
This risk management information was provided by Nurses Service Organization (NSO), the nation's largest provider of nurses’ professional liability insurance coverage for over 550,000 nurses since 1976. The individual professional liability insurance policy administered through NSO is underwritten by American Casualty Company of Reading, Pennsylvania, a CNA company. Reproduction without permission of the publisher is prohibited. For questions, send an e-mail to service@nso.com or call 1-800-247-1500. www.nso.com.


#Documentation #Minimizing Risk #Records

Share this article:


Frequently Asked Questions

You have questions. We have answers. (It's why we're here.)

What kinds of activities might trigger a disciplinary action by a licensing board or regulatory agency? 

The fact is anyone can file a complaint against you with the state board for any reason—even your own employer—and it doesn’t have to be solely connected to your professional duties. All complaints need to be taken seriously, no matter how trivial or unfounded they may appear. 

How does a shared limit policy work?

A shared limit policy is issued in the name of your professional business or company. The policy provides professional liability insurance coverage for the business entity named on the certificate of insurance and any of the employees of the business entity, provided they are a ratable profession within our program. Coverage is also provided for locum tenens professionals with whom the business entity has contracted for services the locum tenens performs for the business entity.

The business, and all eligible employees and sub-contractors you regularly employ, will be considered when determining your practice’s premium calculation and share the same coverage limits you select for the business.

We have a shared limit policy. Are employees covered if they practice outside our office?

The policy covers your employees outside the office as long as they are performing covered professional services on behalf of your business.

If your employees are moonlighting, either for pay or as a volunteer, they should carry an individual professional liability insurance policy to cover those services. Otherwise, they might not be covered for claims that arise out of these activities.

There are plenty more where those came from.

See more FAQs

More learning right here

Check out these related articles.

Keeping up with technology: your risks and responsibilities.

Information technology is constantly evolving. Among the most common types are electronic health records (EHRs) and computerized physician order entry systems (CPOEs).

Keeping up with technology: your risks and responsibilities.

Information technology is constantly evolving. Among the most common types are electronic health records (EHRs) and computerized physician order entry systems (CPOEs).

Protect yourself from secret recording

A nurse accidentally discovers a recording of himself giving patient care posted on the Facebook page of a patient’s family member. Another nurse receives a notice that a State Board of Nursing complaint has been filed against her for disparaging comments she made about a patient without knowing that the patient was recording her on his cellphone.

10 Surprising Facts from the Nurses Malpractice Claim Report

As a nursing professional, what do you consider to be the greatest risk to your career? In the Nurses Claim Report, NSO and CNA review and analyze malpractice and licensing claims to help nursing professionals understand your areas of greatest vulnerability. Armed with the knowledge gained from the Report, nurses can reduce their risks of potential litigation and take steps to help improve patient outcomes.