Who knows what was going through the mind of the Melbourne hospital pharmacist who decided to take a peek at the medical records of a staggering 7000 people they were not involved in the care of. Even over four years that’s a hell of a lot, and as far as we are aware that number is in addition to the records that the pharmacist was authorised to access as part of their duty of care.
Healthcare professionals snooping in medical records is in no way a new thing – as our favourite correspondent Terry Hannan points out – but surely the pharmacist knew that every access would be logged and they’d be busted eventually. From the scant details available it seems that curiosity was the reason for the snooping as opposed to more nefarious purposes.
How they were exposed is also not yet known – one media outlet claims it was a colleague who noticed an unusual access of their My Health Record, which must have been in addition to the EMR access. Another said it was a patient who spotted the problem. Whatever it was, they were found out and punished, but that it happened for four years before they were exposed is a bit of a worry.
Alfred Health says it’s looking into “whether there is technology available to improve the detection of unusual behaviour in the electronic medical record system, while still ensuring seamless access for time critical patient care”. We’re not sure this exists, and may be counter-productive if it does.
It’s timely that this episode was revealed this week when the Health Information Management Association of Australia (HIMAA) held its 40th conference in Brisbane, as part of the wider International Federation of HIM Associations’ 20th congress. If there is a more fearsome group of people dedicated to health information privacy and confidentiality than HIMs, we have yet to meet them.
One of the highlights of the conference was former Australian deputy chief medical officer Michael Kidd’s presentation on the slow and at times hilarious progress of digital health in primary care, but it was also noteworthy for a couple of presentations on how hospital health information managers have experienced the introduction of EMRs. It has not been easy: paper still abounds, hybrid records are the norm, and unfortunately HIMs are often asked to take a back seat to IT people and clinicians in decision making when it comes to EMR implementations.
ACT Health’s DHR roll-out has been widely lauded, by Pulse+IT as much as anyone, while the shambolic roll-out of what was formerly known as EPAS in South Australia has had its fair share of bad press, but there were very obvious similarities in the HIM experience of the two projects. The lesson? Listen to HIMs. They know what they are talking about.
It turned out to be a big week in digital health this week. Magentus company Genie Solutions revealed a big breakthrough in interoperability this week with the release of an electronic booking solution it has worked on with Healthscope. It is built using FHIR standards, similar to the eRequesting solution that Genie has pioneered with Sonic Healthcare, and as such is open for other private hospitals to take advantage of. Genie really should be congratulated for its foresight on this. It will help Genie’s customers to be sure, but Genie is kicking goals whereas elsewhere there wasn’t even an attempt.
And finally, eHealth NSW this week revealed the cost of its single digital patient record project. The contract shows it will cost $1 billion over 10 years, a vast sum but not an unexpected one. While we still query the merit of ripping out the Cerner EMR, into which huge effort has gone over the last 20 years in NSW, as well as what will be a hugely problematic replacement of iPM and Cerner’s PAS, the project will proceed.
NSW Health Pathology for one is very pleased that they will be moving from five LIMS to one, and Hunter New England LHD really does need a contemporary system. And we hear that the gobsmacking cost of implementing Epic will be lessened somewhat in gobsmackishness when compared to the annual cost of maintaining Cerner. Still. One billion dollarydoos for an EMR. It had better be good.
That brings us to our poll question for the week:
Are contemporary electronic health records snoop-proof?
Vote here and leave your comments below.
Last week, we asked: Are you confident that the goals of the interoperability plan are achievable? Most were but it wasn’t a big margin: 60 per cent said yes, 40 per cent said no.
We also asked: if you said yes, how will the goals be measured? If no, what are the main barriers? Here’s what you said.
Last week we asked: Are contemporary electronic health records snoop-proof? Absolutely not, our readers said. 89 per cent said no.
We also asked: If you voted no, is there any way to improve them? If yes, are you 100% sure?
Here’s what you said:
– It will always be thus because humans are involved
– Strengthen the digital identity of the reader so that login details can’t be shared
– There are ways to improve but won’t be full proof – clinicians need access to information to provide care and restricting this could have negative impacts on patient safety
– Only to the detriment of those using the systems properly, by making access more difficult with more steps to authenticate for every transaction.
– Fully implemented care and support provider identification and consent mapping
– It will always come down to the integrity of the individual to abide by the confidentiality clauses of their employment contract and to adhere to the Code of Conduct. Many believe they are above these and will do as they want. They don’t see it as wrong. Can any system be safe from from these individuals?
– Audit trail in software, perhaps have software vendors develop a regular report of who accessing. questions can then be asked and or monitored
– By having better interoperability and EMR vendors letting 3rd parties easily access the system, without having to have weird and wonderful and dodgy methods of transferring (copying) patient data between systems; where unsecured copies may be inadvertently left along the way for snooping eyes
– Funds for Health Information Managers to audit
– My LHD has tracing software and regular audits but staff still do it. I think the consequences need to be more severe to deter staff. Mandatory loss of registration and charges and given a criminal record.
– Yes based on a reasonable set of assumptions: (1) that the system that is built with the EHRs uses an Identity Access Management (IAM) that has user permissions and (2) that the ingest of the data is made according to the IAM settings. In plain english, the system can define a user and what they can/can’t see and, the data is added based to the correct groups that the access rules have been setup for.
– Whilst it’s impossible to engineer a system to mitigate every variant of malicious intent, various EMR systems are capable of being implemented in a way which discourages and detects unauthorised access. This challenges is that implementation follows business process; safe implementation requires business processes which map patients to their care teams as authorised staff, which in turn requires positive identification of all members of each care team. This positive identification is a challenge in a world where we rely so heavily on a short-term / casual nursing workforce to fill the nursing rosters every day.
– Vigilance! Monitoring access and using tools (AI?) to help identify strange behaviour. But ultimately humans are curious and will find ways to snoop on records they shouldn’t – especially in hybrid documentation systems.
– Funding for HIMs to complete routine audits
– “Dont put all your eggs in one basket”. If interoperability lives up to its hype in healthcare then there is potential in the data being dispersed – the basis of the Internet. As we can see from the EMR Projects we still live in a world that is application driven and not data driven.
– The risk in locking or controlling access is that busy clinicians NEED to access multiple records promptly, without excessive barriers being placed in front of them. Any “solution” to unauthorised access will likely make access more difficult. A busy triage nurse in a city hospital may legitimately read the files of hundreds of patients a day. Slowing down that by adding additional layers of security would be unsafe. And running an audit- well, it would show a nurse who accessed hundreds of files of patients they weren’t directly caring for ??! The solution needs to start earlier- why would someone want to open the files of (7000) patients (and also- where did they find time !!!!)?
– We need to work on the core issue of privacy, dignity and respect.
– proactive auditing
– Mitigate-instant dismissal, and actually follow through.
– Mandate unique user ID-cancel ward logons.
– Display all audited access on-screen for everyone to see. If the access is visible to everyone looking after the patient, then access by staff not looking after the patient should be obvious. A questionable access flag should be available to be set in the EMR itself, with these ‘tasks’ reviewed, managed, processed, and escalated if appropriate.
– Run business intelligence analytics on Audit data routinely, flag anomalies and follow up. So that if this is found, it has not been happening for 7 years, and is more likely to be flagged during the patients admission