Portrait of a Legal EHR: Developing a Legal EHR Conformance Profile

by Michelle Dougherty, RHIA, CHP; Harry Rhodes, MBA, RHIA, CHPS, CPHIMS, FAHIMA; and Megan O’Neill

Paper legal documents have certain characteristics. They are signed in ink and dated, and they often are a specific size and certain quality or weight of paper. Legal business records are even processed and handled in a certain, unique manner.

Now, since the spread of electronic health records (EHRs), everything that we know about legal documents seems to no longer apply. To address this problem, the Health Level Seven (HL7) Legal EHR Work Group has convened to determine the functional standards needed for an EHR system to support a legal record and all that it entails.

Identifying the EHR Attributes

An article published by the Council on Scientific Affairs summarizes the key reasons for developing a legal EHR functional standard:

The fundamental requirements of all health records [paper or electronic] are that they be accurate, secure, free from unauthorized access and protected from loss, alteration or destruction. Some of these requirements can be met by system design, and others are dependent on the policies, practices of the setting. If a computerized record lacks security in either design or operation, the record may not be sufficiently reliable to be introduced as evidence in a court of law.1

In the summer of 2006 an HL7 work group was formed to develop a legal EHR conformance profile, building on the work completed by a previous HL7 work group that identified EHR system functionality for maintaining a legally sound electronic record. A conformance profile is a subset of functions and criteria from the HL7 EHR system functional model standard that supports a specific purpose.

The legal EHR work group approached its charge by:

  • Reviewing and updating the work of the previous legal work group with new guidelines and resources such as the new federal e-discovery rules approved by the Supreme Court on April 13, 2006
  • Developing a legal EHR conformance profile including completion of applicable documents to become a registered profile under HL7’s EHR technical committee rules, identification of applicable functionality, and development of conformance criteria
  • Determining connections, if any, between the interoperability work being completed

The first legal EHR work group met from December 2004 through May 2005. It sought to define the business processes, EHR functions, and conformance criteria that would ensure an electronic health record is widely accepted as a trusted legal source. As one of its deliverables, the work group attempted to define the importance of appropriate business policies and practices in addition to system functionality for the creation and maintenance of a legal electronic health record. Building on that work, the legal EHR conformance profile includes this statement in its definition:

A medical record contains data that captures the dynamic relationship between day to day clinical activities and the body of rules, regulations and laws of any given place and time that govern that data. This relationship is best served by careful and thoughtful consideration of EHR functionality, assuring they are attentive to the intentions of those rules, regulations, and laws. The HL7 Legal EHR Workgroup strove to assure that known and future legal factors are taken into account.

Additional work group deliverables included an overview document, glossary, a scenario describing how the legal EHR profile will be used, and a list of functions culled from the existing functional model standard and related conformance criteria. Along with the updates, new issues were evaluated and incorporated into the profile. These issues consisted of examining the new e-discovery rule as well as investigating interoperability issues.

Key Challenges: Metadata and Versioning

Some of the most challenging discussions and analysis revolved around metadata. The functional model has been silent on the concept of metadata, which must be addressed to implement the federal e-discovery rule. The following questions surfaced around this issue:

  • What are metadata in an EHR system?
  • How are they related to the audit logging process?
  • What is a version of a document?
  • When does it apply?
  • When should an early version be retained?
  • How do functions support this?

The work group is drafting proposed functions and criteria to determine how to address metadata and versioning in the functional model.

One of the group’s most important discoveries was the realization that health IT standards don’t recognize and provide differentiation between the purposes for the audit logging process (security versus clinical record event audits) and the methods by which audit information is collected (audit record versus transaction log versus security audit).

The legal EHR work group recommended to the EHR technical committee that further work was needed to clarify these issues and provide clearer guidance on the various types of audit processes and applications. Security audits and clinical record event audits needed to be differentiated from each other, and guidance was necessary on when they should be applied and when they overlap.

To ensure that the profile had not missed any important aspects or external forces in the current healthcare environment, the work group analyzed other rules, regulations, and standards from Canada Health Infoway, the Certification Commission for Healthcare Information Technology, ASTM International, the International Organization for Standardization, the federal e-discovery rules, and HL7’s messaging standards and interoperability model. The work group added unique descriptions to the functions that reference the importance of maintaining a legally sound health record.

Next Steps: Feedback and Balloting

To ensure widespread acceptance and consensus regarding the legal EHR profile, HL7 will publicly vet and obtain feedback on the profile in the spring, with formal balloting later in the summer. Although balloting is not required for profiles, this type of collaborative and iterative vetting process will refine the profile and give it credibility within the healthcare industry.

The legal EHR profile provides a critical component in ensuring that EHR systems can support a legally sound health record. It would be the first functional standard for EHR systems that comprehensively addresses this need. Once the profile is officially balloted and approved, it will become the foundation for important future work in developing certification criteria, interoperability standards, RFI/RFP criteria, accreditation standards, and healthcare policy.


  1. Bergren, Martha D. “Criteria for Software Evaluation: Legal Issues.” Journal of School Nursing 15, no. 2 (April 1999): 32–33.

Michelle Dougherty (michelle.dougherty@ahima.org) is a professional practice manager and Harry Rhodes (harry.rhodes@ahima.org) is director of practice leadership at AHIMA. Megan O’Neill is an intern at AHIMA.

Article citation:
Dougherty, Michelle; Rhodes, Harry B.; O'Neill, Megan. "Portrait of a Legal EHR: Developing a Legal EHR Conformance Profile" Journal of AHIMA 78, no.6 (June 2007): 66-67.