The Risks of Paper Records!

The following short article appeared in the Canberra Times a few days ago.

“http://canberra.yourguide.com.au/detail.asp?class=news&subclass=general&story_id=514600&category=General&m=10&y=2006

Dumped files a 'break of faith'
Danielle Cronin
Thursday, 5 October 2006

The dumping of sensitive medical records and personal health information at a Canberra recycling centre was a serious breach of patients' right to privacy, a consumer group said yesterday.

The discovery is detailed in the new annual report from the ACT Community and Health Services Complaints Commissioner who recorded a 13 per cent spike in complaints about the health sector in 2005-06.

Health Care Consumers' Association of the ACT president Russell McGowan said the incident involving health records was a "break of faith" with patients and should not be tolerated.

"Appropriate penalties should be in place for those who do breach that privacy of those consumers," he said.

A spokeswoman for Health Minister Katy Gallagher said the commissioner's recommendations were fully accepted and implemented by the Health Department.

Yesterday, acting Commissioner Roxane Shaw would not disclose where the files had come from or exactly where the documents were found because this could compromise the privacy of those people who were affected.

In her report, Ms Shaw said 28 folders - including two containing sensitive health records and personal health information - were found at a recycling centre.

She launched an investigation but could not determine who last had hold of the folders and how the documents ended up at the recycling centre.

The commissioner's office received 580 inquiries that resulted in 276 complaints in the past financial year - up 13 per cent on 2004-05.

But the number of cases closed was down 13 per cent from 302 in 2004-05 to 262 in 2005-06.

Each complaint could cover up to three issues and there were slightly more grievances about the private health sector than the public system.”

I thought it would be worth having a look at the original report – here is what I found.

Case study 12 – Disclosure of personal health information


Twenty-eight folders were found at a recycling centre and passed to the commissioner.

The folders contained a variety of papers, which included sensitive health records and personal health information. An investigation into the circumstances surrounding the discovery of the folders was undertaken and found that, whilst it was not possible to determine who last had possession of the folders or how the folders came to be at the recycling centre, there were two folders that contained personal health information that had been in the control of a health service provider.

The Acting Commissioner considered that information in light of the Health Records(Privacy and Access) Act 1997 and concluded that, in its arrangements for safeguarding those files, the health service provider appeared to have contravened the Health Records Act and to have acted in disregard of the generally accepted standard of service delivery expected of a health service provider. The files had been lost to the health service provider as the record keeper, and were accessed in a public place by an unauthorised person. The health service provider did not have adequate file tracking systems in place.

The Acting Commissioner concluded also that the health service provider had acknowledged the deficiency in its file management system and had taken steps to implement an appropriate file tracking system to prevent a recurrence. The Acting Commissioner returned to the health service provider the two folders that contained personal health information.

The Acting Commissioner recommended that the health service provider advise the subject(s) of the personal health information found at the recycling centre of the disclosure.

The folders that did not contain personal health information were entered on a register and then disposed of by the Acting Commissioner.”

The reason for raising this report is that it highlights just how insecure, and open to possible leakage and abuse, paper records are. This incident is just the latest I have heard of. Over the years there have been an endless series of stories about records from practices that have closed being found in dumpsters or on a council tip, records that have been faxed to the wrong telephone number, records that have vanished through misfiling and so on.

Those that see the electronic record as a risk have to address the following.

First it is well known that in most major paper based hospitals at least 10% of patient encounters are not undertaken with the complete paper record to hand. The reasons for this are legion and include the record being lost, being locked in someone’s office for completion while the patient has presented to the emergency room and so on. The consequence of the lack of the record on patient treatment, safety and the ability to respond correctly in an emergency is obvious.

Second the paper record can only be in one place at a time. It is either here or there whereas the electronic record can be accessed and updated from as many sites as needed. This means the radiologist can report on the films with full rather than ½ a line of information and so do a much better job.

Third there is really no such thing as a back-up of a paper record. If it is lost, destroyed or stolen it is gone. At least a pretty current copy of the electronic version will always be available on the backup tape.

Fourth the paper record has no intrinsic privacy control mechanism of any sort. Once it is in your hand you can read or copy with no one ever knowing. Not so properly implemented electronic records that provide an audit trail of who read what and when etc.

We need to be clear that paper records have a very great potential for harm, error and simply being un-available. All this cannot improve patient care and should not be tolerated in the 21st Century.

David.

0 comments:

Post a Comment