Patient Safety Now Includes Data Security
We consider what we do to patients through prescription or procedure as a potential source of harm, followed less so by our behavior, when we fail to be caring or courteous.
Andrew L. Pecora, MD
First, do no harm. It is the moral creed of every practicing physician, and this sentiment is drilled into our hearts and minds as we train to become licensed physicians. We consider what we do to patients through prescription or procedure as a potential source of harm, followed less so by our behavior, when we fail to be caring or courteous. Never did we imagine we could potentially hurt our patients by recording detailed patient history, such as our accurate impressions of patient condition and needs.
Medical data was not considered a source of harm until recently. More and more people are being victimized by medical fraud involving theft of patient data. In one of the more egregious examples, October of 2015 saw an unauthorized third party gain access to 2.2 million patient records through a 21st Century Oncology database. It was one of the more prominent cases of medical data theft that the Medical Identity Fraud Alliance has warned could become a potential epidemic.
21st Century Oncology is a physician-led cancer treatment company that includes 183 treatment centers in the United States and Latin America. In addition to names, Social Security numbers, and diagnosis and treatment information, insurance information is also believed to have been compromised. Imagine having to tell your patients that their personal information has been stolen and that the potential for identity misuse is possible.
Physicians and hospitals have been strongly encouraged (some say coerced) to switch from paper charts to electronic health records, the source for data theft. So who is liable for the losses that patients may incur? Is it the physician or the payer, who encouraged the use of EHR? If physicians are held accountable, there remains the question of who will bear the costs for legal defense and improved data security. Are these costs the responsibility of the EHR vendor? Unfortunately, these and other questions will need to work through the courts. At the end of the day, however, physicians must first do no harm. Does this mean … stop writing notes?
In next month’s issue, look for coverage of the data hacking threat to oncology practices, including the argument for cloud-based data storage and a perspective from the legal community that is battling to secure compensation for patients affected by medical data intrusion.
