Audit Trail Analysis

The audit trail, which is essentially the fingerprint of each author and access in the medical record, is a vital tool in medical record tampering analysis. It also can authenticate entries and show deleted or amended data. According to HIPAA law, each and every facility using an electronic medical record must maintain an audit trail.

My medical audit trail analysis will look at the audit trail and determine if:

  • The medical record is authentic and truthful.
  • Did medical events get added after the fact?
  • Were notes or records altered or changed?
  • Was the documented care provided to the patient?

Types Of Cases We Can Help With

  • Personal Injury
  • Workers Compensation
  • Automobile Accidents
  • Medical Malpractice

Why Would I Need an Audit Trail?

Electronic discovery, known as e- discovery, is being used more and more in litigation.  An electronic medical record ( EMR) audit trail is a log file required by HIPAA of all software systems.  It is not part of the patient’s record and is not produced through a routine request. 

The audit trail is the stepping stone to more discovery, but it needs explanation.  My training in audit trail analysis can enhance your understanding of what the entries mean, fill in timelines, or point out objective data of what happened to the patient.  I am familiar with the different types of EMRs, their data dictionaries, and how to request specific data from certain systems.

What Can The Audit Trail Tell Me?

Identifies the “ Who, What, When, and Where of each person who accessed the patient’s EMR.  Many contain information about  who accessed what in the record, what entries were made and/or changed, by whom and when. A careful review can pinpoint additional providers or suggest supplemental discovery to request. 

  • What information they accessed
  • How long they were in the records
  • Location of the device where the provider accessed it
  • Any modifications that were done and by whom

Getting The Audit Trail

Getting the audit trail can be tricky!  Every jurisdiction is different and discovery requests must be specific to each type of EMR system.  Often, access logs are produced instead of a complete audit trail.  They can appear similar, but access logs are not the same.  They are limited to who accessed the medical record, not what providers were doing or looking at.  

Have you been told the production of audit trails is burdensome?

It takes minutes to produce by the IT department at the facility.

If you require assistance with reviewing the medical audit trail in a case, contact me today. We are located outside Boston, MA – serving attorneys nationwide.

Jane Shufro


My 35 years of nursing training and experience led me to medical legal consulting. I educate and assist attorneys to better understand medical records; the inner workings of health care organizations; and the challenges of medical documentation and standards of care. I’m experienced in analyzing electronic medical records and audit trails.


What My Clients Are Saying

“I have had the opportunity to work with Jane Shufro in several complex medical negligence matters. Ms. Shufro is a seasoned legal nurse consultant known for her expertise, professionalism, and integrity and is keenly aware of the complexities of litigation. She timely conducts a thorough, comprehensive case review and can pinpoint the areas of potential exposure as well as provide feedback regarding the issues of causation and damages.”

Robert E. Spitzer
Counselor at Law
MacNeill, O’Neill and Riveles
Defense Attorney

If You Have Any Questions,
Feel Free To Contact Us
617-605-1022 |