Medical Records as Evidence: Admissibility Rules

Authentication failures remain the most common reason medical records get excluded from evidence at trial. Federal Rule of Evidence 803(6) provides the primary vehicle for admitting medical records as business records, but the rule carries specific foundational requirements that attorneys routinely overlook. Incomplete files, unsigned entries, and missing custodian certifications can turn critical evidence into inadmissible paper.

The problem is growing more complex. Recent decisions, including the 2025 Maryland Court of Appeals ruling in Hollabaugh v. MRO Corporation, show courts applying heightened scrutiny to digital health records. Judges now expect parties to address metadata, audit trails, and the gap between what appears on a printed page and what exists in the native electronic system. Attorneys who treat medical records as automatically admissible are losing evidence they cannot afford to lose.

The Rules Framework

Five Federal Rules of Evidence govern how medical records move from a provider's file cabinet to the courtroom. Each serves a distinct function.

Rule 803(6) is the foundation. It exempts business records from the hearsay bar, provided the records meet four specific requirements. Most authentication challenges trace back to a failure on one of these elements.

Rule 901 sets the authentication standard: the proponent must produce evidence sufficient to support a finding that the item is what they claim it is. The burden is low, requiring only a prima facie showing, but it must be met.

Rule 902(11) allows self-authentication of domestic business records through a written custodian certification, eliminating the need for live testimony. The catch: the proponent must give the adverse party reasonable written notice before trial and make the records available for inspection.

Rule 803(4) provides a separate hearsay exception for statements made for medical diagnosis or treatment. Patient statements to doctors about symptoms, medical history, and general cause of injury are admissible. Statements assigning fault are not.

Rule 1006 permits summaries of voluminous records when originals cannot be conveniently examined in court. The underlying records must be admissible, and a qualified witness must confirm the summary accurately reflects their contents.

Authentication Methods

Getting medical records past the authentication threshold requires one of several approaches, depending on jurisdiction and circumstances.

Custodian testimony is the traditional method. A records custodian testifies live that the documents are true and complete copies, created and kept in the regular course of business. The essential elements include a declaration of completeness, confirmation of regular business practice, a clear description of the records' scope, and a notarized signature.

Rule 902(11) self-authentication offers a streamlined alternative. A written certification from the custodian or qualified person replaces live testimony entirely. This approach has become standard in medical records cases, but it requires advance written notice to the opposing party. Miss the notice requirement and the certification is worthless.

State-specific requirements add another layer. California requires the custodian to state they are duly authorized and that the copy is a true copy prepared in the ordinary course of business. Virginia requires a sworn declaration and 10-day advance notice to opposing counsel. A Tennessee appellate court reversed a trial court that excluded properly certified records simply because the lower court misapplied Rule 902(11) authentication standards. Knowing the local rules is not optional.

Services that specialize in medical records retrieval, including LlamaLab, handle custodian certification as part of the retrieval process, delivering records with the authentication paperwork already attached. This eliminates the back-and-forth that often causes last-minute trial preparation problems.

Digital Records Present New Challenges

Electronic health records have introduced a layer of complexity that did not exist with paper charts. The printed page no longer tells the whole story.

EHR printouts vs. native format. The American Health Information Management Association has warned that printed versions of electronic records may not contain all information used in clinical decision-making. Drop-down menus, internal communications between practitioners, and system-generated alerts are visible in the software interface but often absent from printouts.

Metadata as evidence. Embedded metadata reveals when records were created, accessed, and modified, providing a timeline that can prove or disprove the authenticity of contested entries. This data typically exists only in native format.

Audit trails. HIPAA's Security Rule (45 C.F.R. section 164.312(b)) requires all EMR systems to maintain audit trails recording activity in systems containing electronic protected health information, with a minimum six-year retention period. These trails are not part of the standard patient record and must be specifically requested. At least one federal judge has sanctioned a hospital for failing to produce a complete EMR audit trail.

LlamaLab's retrieval platform requests records in formats that preserve metadata and audit trail availability, flagging potential authentication gaps before they become trial problems.

Common Admissibility Failures

Most exclusions fall into predictable categories. Knowing what courts look for makes prevention straightforward.

Incomplete records. Missing pages, inconsistent identifiers, and gaps in treatment documentation are the most frequently cited grounds for challenging admissibility. If the file is incomplete, the authentication foundation crumbles.

Late entries and amendments. Any documentation recorded beyond 24 to 48 hours of an encounter is classified as a late entry and must be labeled, dated, signed, and explained. Corrections must reference the original note and state the reason for the change. Entries that obscure existing information rather than supplementing it raise red flags.

Altered records. Quiet changes or backdating can be treated as falsification and fraud. Juries view altered records with deep suspicion, often treating them as an admission of guilt regardless of the actual content. True corrections must be transparent.

Double hearsay. A medical record may be admissible under Rule 803(6), but statements within that record can represent a second level of hearsay requiring an independent basis for admission. A patient's description of symptoms qualifies under Rule 803(4). A bystander's account of an accident recorded in the chart likely does not.

Records from multiple providers. Each provider's records require separate authentication. An affidavit from Hospital A does not authenticate records from Imaging Center B, even if both sets appear in the same litigation file.

Pre-Trial Authentication Checklist

Preventing admissibility problems is far simpler than solving them at trial. These steps should begin at least 30 days before any hearing.

The Bottom Line

Medical records are only as valuable as their admissibility. Rule 803(6) opens the door, but authentication, completeness, and proper certification are what keep it open. Every excluded record is evidence the jury never sees.

The shift to digital health records has raised the stakes. Metadata, audit trails, and native-format data now carry as much evidentiary weight as the clinical notes themselves. Attorneys who build authentication into their retrieval process from day one, rather than scrambling before trial, consistently protect more of their evidence.

Sources: Federal Rules of Evidence 803, 901, 902, AHIMA Legal Process and EHR White Paper, HIPAA Security Rule 45 C.F.R. section 164.312(b), Expert Institute Medical Evidence Analysis, Enigma Forensics EMR Audit Trail Sanctions, Hollabaugh v. MRO Corporation, Maryland Court of Appeals (2025).