Tuesday, July 21, 2015

At First Read This Sounds Like a Very, Very Serious Issue. I Wonder What Is Going On With Patient Electronic Records Being Altered?

This appeared a few days ago.

SA Health inquiry into how medical records linked to patient death disappeared from Lyell McEwin Hospital database

  • The Advertiser
  • July 15, 2015 8:41AM
SA Health will investigate itself over claims that confidential medical records critical of management and linked to a patient’s death were deleted by a bureaucrat.
The Opposition has demanded an independent investigation of the incident at Lyell McEwin Hospital and warned that the “calculated deletion” of the medical record puts the entire system’s integrity in question and has ramifications for future legal proceedings.
SA Health chief executive David Swan, under direction from Health Minister Jack Snelling, has appointed SA Health chief medical officer Professor Paddy Phillips to review the incident, which is likely to take about six weeks.
“If we’re got a problem in our system we want to know about it so we can deal with it,” Mr Swan told 891 ABC radio today.
“It seems it was a deliberate act to remove that part of the record, but the reason why they came to that decision will be part of the review.”
Mr Swan said it was his inititial understanding that “a senior clinician and management” were involved in the decision to wipe the record but this would be examined by Professor Phillips.
That claim has infuriated Lyell McEwin staff, who told The Advertiser they were unable to access the system to delete records. They said a check of the metadata showed it was tampered with by a “super-user” who had access beyond the authorisation of doctors.
The scandal erupted after new software linked to the troubled EPAS system that records patients’ details electronically was installed at Lyell McEwin’s radiology department in May. Within three weeks, the delay in checking scans had blown out from same-day service to 1900 scans in the queue, including one of a man whose scan was examined only after he died.
Mr Swan today told 891 ABC Adelaide there was no suggestion the patient’s death was linked to the delay in checking the scans but this would be investigated by Professor Phillips.
He publicly invited a radiologist who raised the issue yesterday on ABC Radio to participate in the investigation by Professor Phillips.
The radiologist, Dr Paul Newbold, was advised of the death on June 30. That night, he was called back to work by an Emergency Department doctor to perform a CAT scan on an elderly man with a minor head wound.
Dr Newbold decided the expensive scan was not warranted. He later decided to do the scan but discovered a bureaucrat — not a clinician — had ordered the scan be done.
In his medical records of the incident, Dr Newbold was critical of the executive “who stuck her nose in” and he also recorded the possible link between the separate death and the software problem.
Three days later he found out that his medical record of the CAT scan patient — which included his complaint about the bureaucrat and also the software problem linked to the separate patient death — had been deleted.
Dr Newbold yesterday vented his anger on ABC radio. “This is very dangerous and very sinister. It is unheard of,” he said
Lots more here:
There are so many issues raised here that it is hard to know where to being and it is probably unwise to say too much until we have the results of the enquiry.
Clearly the biggest issue to me is that of trust. If clinicians cannot be sure when they record information in an EHR it will both be safe and unaltered then the game is totally over. The medico-legal implications in all this are just terrifying!
We can now all sit back and see what comes from the investigation. I hope it is a quality, thorough and careful review! I wonder whether an independent expert panel might not be a better idea?

1 comment:

Anonymous said...

I know of similar episode in which a patient died, possibly due to misdiagnosis of an image. After a complaint was made, the image was deleted, and subsequently so was the patient record. The rationale for the deletion was that this was routine, as space was limited on the record system. Difficulties with establishing the identity of the individual who did the deleting (it was a 'group' password that everyone used), and other matters, prevented this issue going to court.

It is very clear that we have a real problem in some EHRs in identifying who is actually logged on, and what they are doing. It will take a few of these cases in court for the law to make it mandatory for full audit trails to be available, for user IDs to be unique and verifiable, and for all records to be retained. These are issues that should be front of mind for government, but their priorities appear elsewhere.

The argument that "we delete after a month" because we don't have enough disc space at this point in history is utter nonsense. The argument that this was a 'group' password that everyone used also points to fundamental flaws in the way access is regulated.

I've obviously done my best to hide the details of this case, beyond the two informatics issues associated with it, and I've kept anonymous, because this area is full of landmines. Rest assured it was fully and appropriately investigated but the issues I identified and others prevented it going any further.