by Rachel V. Rose, JD, MBA
May 30th, 2018
Whether I am assisting clients or presenting, I am often asked about legal holds and e-discovery. The transition from paper to electronic records, which include emails, computer faxes, protected health information ("PHI"), personally identifiable information ("PII") and documents that are created, received, maintained or transmitted in an electronic format created the need for specific rules, practices, policies and procedures surrounding these items. All potential evidence in a lawsuit. As such, organizations-whether big or small, for-profit, or not-for-profit-need to appreciate what can be done both proactively and reactively.
The scope of these preservation duties is broad. They apply to business-related electronic information wherever it is stored, on a work station, laptop, tablet, smart phone or other handheld device-and including an employee's home computer. The preservation duties may also impact independent contractors, especially electronic health record companies and IT providers who provide managed and hosted services. Although legal duties require that information must be preserved, the preserved information need not be disclosed to other parties, including opposing counsel or the government, without first being appropriately reviewed to be sure that legally privileged information is removed.
Proactivity begins with understanding what legal holds and e-discovery are and how they impact business. Policies and procedures need to be created specifically for legal holds; and, in turn, should relate to the organization's data retention and destruction policies and procedures. Next, the organization needs to have a conversation with their IT person-both internal and external, to understand the current capacity and costs. Finally, it is vital to have a lawyer who litigates and understands what to do when a directive is issued by a court or other government agency.
The purpose of this article is to provide both an overview of legal holds and e-discovery, as well as provide some context of where they can come into play in a healthcare environment.
When a lawsuit is either filed or reasonably anticipated, an organization has a legal duty to take special precautions to prevent the loss of potentially relevant electronic data, as well as data in other forms. Fundamentally, a legal hold, which may be referred to as a litigation hold, is a directive from a court or government agency ordering that data/documents from a certain period of time not be destroyed. Receiving a legal hold does not necessarily mean the recipient is a party to the legal proceeding.
Failing to retain the information in the legal hold can result in a finding of "spoliation of evidence." Spoliation of evidence relates to the destruction of items in an unlawful manner, oftentimes to avoid certain facts from coming to light at trial, at arbitration, or at government administrative proceedings.
Once a legal hold is administered, here are some prudent steps that should be taken:
- Identify the individual(s), departments, and contractors that may possess the relevant data/documents;
- Identify where the data/documents are located;
- Send an internal "legal hold" notice to the appropriate people-both internally and externally. It may be prudent to provide a copy of a court order if it is not sealed;
- Designate a single individual to coordinate these efforts. Ideally, this person should already be identified in the policy and procedures;
- Assist your company's attorneys, which could include internal lawyers and external law firms. Be sure you understand what persons are representing you. Opposing counsel may try to reach out to unsuspecting employees or contractors for information;
- If necessary, image hard drives, halt the rotation of disaster recovery tapes, take inventories and other related steps;
- Conduct a preservation compliance check; and
- Have your counsel as the court to set parameters and determine who is going to pay for the cost of storing the data/documents.
The general framework of a legal hold relates to the discovery process in a legal proceeding. The discovery process is best described as the production of certain types of information to an opposing party in a legal proceeding. Discovery takes different forms including depositions, sworn statements, and document production. This is where a legal hold dovetails with discovery and, in particular, e-discovery.
Discovery in federal cases is governed by the Federal Rules of Civil Procedure in a civil matter and the Federal Rules of Criminal Procedure in a criminal matter. Local Rules, which are specific to an individual court, are also relevant. For purposes of this article, I am focusing on the Federal Rules of Civil Procedure ("FRCP").
Three of the main FRCP that govern discovery are Rule 26, Rule 30 and Rule 34. FRCP 26 forms the foundation of discovery. Once a complaint is filed and a response is received, FRCP 26(a)(1)(A) governs what must be provided to the opposite party before a discovery request is made. As is the case in the law, exceptions do apply and counsel should assess the situation before handing documents over. The timeframe for disclosure is governed by FRCP(a)(1)(C),
(C) Time for Initial Disclosures-In General. A party must make the initial disclosures at or within 14 days after the parties' Rule 26(f) conference unless a different time is set by stipulation or court order, or unless a party objects during the conference that initial disclosures are not appropriate in this action and states the objection in the proposed discovery plan. In ruling on the objection, the court must determine what disclosures, if any, are to be made and must set the time for disclosure.
A Rule 26(f) conference is a meeting between the parties and the judge.
FRCP 34, Producing Documents, Electronically Stored Information, and Tangible Things, or Entering onto Land, for Inspection and Other Purposes is referred to in FRCP 26. The general provision, FRCP 34(a) stipulates:
A party may serve on any other party a request within the scope of Rule 26(b):
- to produce and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party's possession, custody, or control:
- any designated documents or electronically stored information-including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations-stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form; or
- any designated tangible things; or
- to permit entry onto designated land or other property possessed or controlled by the responding party, so that the requesting party may inspect, measure, survey, photograph, test, or sample the property or any designated object or operation on it.
The typical response time is 30 days. This is important because failing to produce the documents can result in additional motions, court orders, hearings, and costs. In reality, much of discovery is collaborative between opposing parties with each side playing "give and take" on certain timing and production issues. The bottom line is that it is important to work with someone well versed in litigation before producing anything.
The concepts of legal holds and discovery are complex. And, this article was meant to provide a starting point to build upon. Technology, the variety of places that information could be stored, and the related complexities of gathering the information make e-discovery particularly complicated. The best place to start is within the organization; be proactive with substantive policies and procedures and create a culture of compliance. In turn, this can make responding to a request for discovery or a legal hold letter a bit less chaotic.
Rachel V. Rose, JD, MBA, is a Houston-based attorney advising on federal and state compliance and areas of liability associated with a variety of healthcare, legal and regulatory issues including: HIPAA, the HITECH Act, the False Claims Act, Medicare issues, women's health as well as corporate and security regulations.