Rules for Handling and Maintaining Metadata in the EHR

Metadata is the foundation on which information management systems are built. It is required to support the various uses of data, to manage the information and record lifecycle, to verify data integrity, authenticity, and reliability, and to evaluate the relative importance of data and information for each contemplated use. Without metadata, information cannot be utilized effectively. Metadata provides the context for the information. Because of this, organizations must determine when and how metadata is preserved and retained, and whether or not it is a part of the official health record.

Defining Metadata

One definition commonly applied to the concept of metadata is the simple phrase "data about data." This simplistic definition, however, belies the significance and complexity of the nature of metadata.

As noted in Pocket Glossary of Health Information Management and Technology, AHIMA defines metadata as "descriptive data that characterize other data to create a clearer understanding of their meaning and to achieve greater reliability and quality of information." The Sedona Conference Glossary defines metadata as:

"Data typically stored electronically that describes characteristics of [electronically stored information] ESI, found in different places in different forms. [Metadata] [c]an be supplied by applications, users or the file system. Metadata can describe how, when and by whom ESI was collected, created, accessed, modified and how it is formatted. [Metadata] [c]an be altered intentionally or inadvertently. Certain metadata can be extracted when native files are processed for litigation. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed to paper or electronic image."1

Metadata consists of both indexing terms and attributes. A basic view of metadata in use in a health IT system is illustrated in Table 1. Metadata can be characterized as application, document, file system, or embedded metadata as described in the sidebar "Categories of Metadata." Though metadata exists in nearly all information resources, this practice brief addresses the role metadata plays in the patient's official record of care within the electronic health record (EHR).

Categories of Metadata

Application Metadata: Data created by the application specific to the electronically stored information (ESI) being addressed, embedded in the file, and moved with the file when copied. Copying may alter application metadata.

Document Metadata: Properties about the file stored in the file, as opposed to stored in the document content. Often this data is not immediately viewable in the software application used to create/edit the document, but can generally be accessed via a "Properties" view. Examples include document author and company, and creation or revision dates.

File System Metadata: Metadata generated by the system to track the demographics (name, size, location, usage, etc.) of the ESI that are stored externally from, rather than embedded within, the ESI.

Embedded Metadata: Generally hidden, but an integral part of ESI, such as "track changes" or "comments" in a word processing file or "notes" in a presentation file. While some metadata is routinely extracted during processing and conversion for e-discovery, embedded data may not be. Therefore, it may only be available in the original, native file.

Source: The Sedona Conference. "The Sedona Conference Glossary: E-Discovery & Digital Information Management (Third Edition)." September 2010.

Uses for Metadata

When developing a database structure for an information system, there needs to be a metadata schema. Currently there are no standardized schemata for metadata contained in health IT systems, including EHRs. Both vendors and providers have identified standardized metadata tags as a challenge. Standardized metadata schemata will be necessary for interoperability to support uses such as health information exchange and compliance reporting needs such as meaningful use compliance.

Metadata has been identified as a method to manage health information in recent efforts to use confidentiality tags that indicate information sensitivity levels. Tagging a patient's record at the "granular" or data-element level enables patients to give consent to the exchange of some parts of their health record while withholding consent for the exchange of other areas. For example, tagging at the granular level could allow a patient to consent to exchanging the medical diagnosis but not the mental health counseling session.

Another emerging use of metadata is in data analytics and the processing of "Big Data." Big Data has become a buzz word for the power of distilling large amounts of data for specific data points. Metadata will be critical for leveraging the volumes, velocity, and variety of healthcare data now available due to the increasing use of clinical information systems such as EHRs.

Metadata will be critical to maintaining and preserving the healthcare record. Currently, metadata varies by organization and within jurisdictions according to business needs. Organizations need to consider their specific business needs and the regulatory environment when making decisions about the maintenance and management of metadata.

Table 1: Metadata Categories

Metadata consists of both indexing terms and attributes. This table includes a basic view of metadata in use by many health IT systems.

Application Metadata

Metadata Tag



Patient Account Number

Patient Last Name

Patient First Name

Date of Admission









Document Metadata

User name



Length of time

















File Metadata

Name of Application

Laboratory Information System

Imaging Information System

Radiation Information System

Embedded Metadata


Track Changes

Metadata and Information Lifecycle Management

There is perhaps no more important use of metadata than in the management of the information lifecycle-especially as it relates to information created and maintained in EHRs. Application, document, file, and embedded metadata are all critical for effective capture and creation, maintenance and modification, and retention and deletion of health information in the EHR. Table 2 illustrates the types of metadata used to preserve the lifecycle of the health record.

Metadata and Data Validation

Although metadata includes signature date and time as a component of each record entry, that information can also be expressed in XML syntax. However, late entries, or noting that various versions of an interpretive report existed at different times along a treatment continuum, may actually require that metadata for each of those entries or versions be maintained. For example, the latest version of the report may be easily viewable by clinicians or easily printable by the HIM department. Retaining the prior versions with the metadata supports the integrity of the health record and may be necessary to comply with state laws. Regardless, metadata regarding the various versions of health records that may have existed should be routinely retained.

Metadata create behind-the-scenes data user footprints and can tell a story of who made changes, when the changes were made, and what changes were made in an EHR. Metadata can also illustrate what parts of a record are reviewed, for how long, how often, and by whom. This metadata must be retained for a variety of reasons such as access reports, litigation, and validating the integrity of data.

Legacy Systems and Data Conversion

One environment in which metadata can be lost is upon replacement of EHR systems and the transition of primary record data (the official patient record) to the new platform. Numerous legacy systems do not have the capability to easily convert existing data or metadata into a new EHR system format. For example, an organization has recently purchased a physician practice clinic that has an electronic system for patient documentation. The legacy system only has the capability to produce information in a portable document format. Although critical historical patient documentation is retained and moved to the new EHR, metadata from the legacy system is not. So the ability to identify an audit trail of who viewed what portion of the legacy system's data prior to conversion will be lost.

Data Integration and Data Sharing

Metadata may also be lost when integrating the data from one system to another or sharing the data information across systems. Metadata that is not embedded may be lost. Again, the critical patient documentation is retained, but the metadata from the originating system may not be.

Table 2: Metadata in the Lifecycle

Information Lifecycle Phase

Example Metadata


Source, Date created, Time entered, Author, Version number


File name, Document name


Last date accessed, Date archived


Patient name, Record number


Date disclosed, Party disclosed, Status of disclosure


Retention date, Disposition of data, Status of record (hold/active/inactive)

Standards for Metadata

At this time, there are no standards for metadata schema. The 2010 final rule on Standards and Certification Criteria (45 CFR Part 170) does require the following information to be recorded on the audit log:

"The date, time, patient identification and user identification must be recorded when electronic health information is created, modified, accessed or deleted; and an indication of which action(s) occurred and by whom must also be recorded."2

In addition, the proposed Health Level Seven (HL7) EHR-S RM-ES Functional profile will require the capture and retention of authors, data creation time stamps, modification, view, and deletion. Though HL7 standards are not mandated at this time, using the conformance criteria will benefit health information management professionals who are involved with the RFP process or assessing an EHR system.

Retention of Metadata

There are no hard and fast guidelines for retaining metadata throughout the health record lifecycle. However, all uses described in this article indicate that organizations need to develop a metadata retention schedule. First, organizations must determine and document the metadata that is attached to the records identified in their designated record set (DRS) and official patient record. Next, organizations must determine if all or just a portion of the metadata will be defined as part of the official patient record. Though organizations may not choose to define metadata as part of the DRS or official patient record, they will want to ensure the minimum metadata element for record provenance is defined.

There are a variety of record retention requirements that may be reviewed to create a retention program. To begin creating a record retention schedule, organizations should use federal record retention requirements found within the Federal Register and compare these with state-specific requirements to determine the more restrictive timelines. Another mechanism that provides record retention guidelines is accreditation agency standards. The Commission on Accreditation of Rehabilitation Facilities, Det Norske Veritas, Medicare Conditions of Participation, and the Joint Commission have all incorporated record retention schedules into their accreditation survey processes.

When retaining metadata, the volume of metadata may be larger than the file information itself. There are several questions that should be considered when determining what metadata should be retained:

  • Does all the metadata need to be retained?
  • What metadata is relevant?
  • Will the metadata be retained as it is integrated or shared with other systems?
  • Will the metadata be archived?

Legal Requirements

Metadata has proven particularly important when it is used in legal disputes. There are currently no federal laws that have outlined whether metadata must be produced in all instances. However, the federal e-discovery rules outline procedures for identifying and submitting electronic data and its supporting metadata. There are cases that discuss what metadata are important to produce as part of the requested record.

There are federal laws that imply metadata must be maintained. For example:

  • The Federal Civil False Claims Act, which can be applied to claims for services provided to federal health plan beneficiaries, states that document material and the materials necessary to use or interpret the data must be included in any product of discovery.
  • The Food and Drug Act (21 CFR Part 11) requires providers to follow the stated criteria in order for electronic records and signatures to be considered equivalent to paper-based records and handwritten signatures.
  • The Health Insurance Portability and Accountability Act (HIPAA) Security Rule also requires covered entities and their business associates to maintain the confidentiality, integrity, and availability of electronic protected health information. Metadata is used to determine where the information came from, who created it, and who accessed it.
  • The Clinical Laboratory Improvement Act requires that laboratory data be maintained in its original format; EHRs that process laboratory data for inclusion in other parts of the record must retain "pointers" to the location at which the original laboratory report is stored.
  • The e-discovery rules of the Federal Rules of Civil Procedure also affect how providers manage metadata:
    • Rule 16: Pretrial Conference, Scheduling and Management
      • Define data stores and effective mechanisms for retrieving information in a timely manner
    • Rule 26: Duty to Disclose; General Provisions Governing Discovery
      • Record retention and destruction policies; an ability to locate/retrieve data and know where data is stored
    • Rule 34: Producing Documents and Electronically Stored Information
      • Deliver data in a "reasonably usable form"
    • Rule 37: Safe Harbor Provision
      • Protection against data loss

Metadata Recommendations

Final recommendations from this practice brief for effectively handling and maintaining metadata in a health information environment include:

  1. Educate IT staff that they should inform HIM prior to decommissioning a legacy system.
  2. Meet with a facility's vendors to determine the contents of various reports generated from a patient's health record in the EHR environment to analyze capabilities of capturing and retaining the metadata.
  3. Determine if/how metadata is kept in the various versions of EHRs.
  4. Determine whether the retention of all or portions of the metadata surrounding the transferred patient record is worth the cost of maintaining the legacy system for some period of time.
  5. Review state and federal laws to ensure compliance of metadata.
  6. Determine if the metadata will be defined as part of the official patient record.
  7. Protect data by also securing metadata.
  8. Consider the cost efficiencies of storage and the relevance of the metadata to be maintained.
  9. Refer to the most current version of the HL7 Functional Model for EHR-S for metadata standards.


  1. The Sedona Conference. "The Sedona Conference Glossary: E-Discovery & Digital Information Management (Third Edition)." September 2010.
  2. HHS. "Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification for Electronic Health Record Technology Final Rule." Federal Register. 45 CFR Part 170. July 13, 2010.


AHIMA. "Enterprise Content and Record Management for Healthcare." Journal of AHIMA 79, no.10 (October 2008): 91-98.

AHIMA. "Comment on the Office of the National Coordinator for Health Information Technology's (ONC) advance notice of proposed rulemaking to establish metadata standards to support nationwide electronic health information exchange, published in the Federal Register, August 9, 2011."

AHIMA. Pocket Glossary of Health Information Management and Technology. Chicago, IL: AHIMA Press. 2012. p 221.

AHIMA. "Retention and Destruction of Health Information." Updated August 2011. 

Ball, Craig. "Beyond Data About Data: The Litigator's Guide to Metadata." 2005.

Conn, Joseph. "Working with the rules: Data tagging allows selective sharing with EHRs." Modern Healthcare. September 22, 2012.

Dougherty, Michelle and Lydia Washington. "Still Seeking the Legal EHR: The Push for Electronic Records Increases, the Record Management Questions Remain." Journal of AHIMA 81, no.2 (February 2010): 42-45.

Viola, Allison and Shefali Mookencherry. "Metadata and Meaningful Use." Journal of AHIMA 83, no.2 (February 2012): 32-38.


Mary Beth Haugen, MS, RHIA
Barry Herrin, JD, CHPS, FACHE
Sharon Slivochka, RHIA
Lori McNeil Tolley, M.Ed., RHIA
Diana Warner, MS, RHIA, CHPS, FAHIMA
Lydia Washington, MS, RHIA, CPHIMS


Cecilia A. Backman, RHIA, MBA, CPHQ
Ann Botros, PhD, RHIA
Alaina Capanna
Jennifer Gholson, RHIT
Sandra L. Joe, MJ, RHIA
Seth Katz, MPH, RHIA
Christina Merle, MS, RHIA, CMA
Theresa Rihanek, MHA, RHIA, CCS
Amy Richardson, RHIA
Angela Rose, MHA, RHIA, CHPS
Kim Turtle Dudgeon, RHIT, HIT Pro-IS/TS, CMT
Carole Uknes, MHA, RHIA
Lou Ann Wiedemann, MS, RHIA, CDIP, FAHIMA, CPEHR
Gail Woytek, RHIA

The information contained in this practice brief reflects the consensus opinion of the professionals who developed it. It has not been validated through scientific research.

Article citation:
AHIMA. "Rules for Handling and Maintaining Metadata in the EHR" Journal of AHIMA 84, no.5 (May 2013): 50-54.