Archive | Records Management RSS feed for this section

Keeping the Problem People Out of the System – Possible?

It’s widely documented that most security breaches are caused by internal staff, either by accident or on purpose. Training can help in the accidents, but what about a disgruntled employee who deliberately causes a data breach? Think it won’t happen to you? Think again.

In an article on ZDNet, ‘After OPM breach, Manning and Snowden are just the beginning’, the author, David Gewirtz commented on the basic problem of people and security, “It is impossible to separate individual decision-making and action from the national security apparatus of any nation. Sure, we can carefully vet individuals, subject them to background checks and psychological tests. We can interview friends and neighbors. We can examine financial records and elicit stories about what they were like in college. We can certainly weed out the obvious problem cases. But we can’t keep all the problem people out of the system.”

Ok, you may say well, that’s the government and the staff can deal with highly secure information that impacts the country. That’s true. According to Mr. Gewirtz, “While some very misguided individuals celebrate Snowden’s actions, I submit that any individual who harms the American economy to the tune of at least 47 billion dollars and costs nearly a million jobs is no hero.” I hardly think that most organizations are in the same position as the government.

But, what if a data breach happened in your organization? Chances are it isn’t going to jeopardize national security – but your organization is in for some hefty fines, potential loss of brand and customers.

How do you protect your organization from the enemy within?

Comments are closed

Ok – doctor or lawyer? I say lawyer and hope I don’t get sick!

I had to at least peek at an article authored by Lucas Mearian, simply because of the title, ‘Lawyers smell blood in electronic medical records‘, published in ComputerWorld. It appears that Electronic Medical Records (EMRs) is becoming a gold mine for lawyers. Unfortunately, bad news for patients. Judgements have reached over $7.5 million in some cases as the information contained in the EMRs could not be trusted.

The next target on the list for legal professionals is technology vendors. Medical malpractice has focused specifically on physicians and hospitals. Lawyers see another opportunity to expand medical malpractice to include the vendors who make the products used. Rather a sad state of affairs. According to Keith Klein, a medical doctor and professor of medicine at the David Geffen School of Medicine at UCLA, “there are attorneys now looking for a clean case to sue the vendor,” he said. “This is reality. It is not theoretical. I was approached by Washington, D.C. law firm who had a very clean case for suing a vendor.”

The issue is people and technology. The technology needs to be simplified and provide safeguards. Healthcare professionals need to be more careful when entering information into complex applications.

To highlight a few mistakes:

  • One recent lawsuit involved a patient who suffered permanent kidney damage when he was given an antibiotic to treat what was thought to be an infection resulting in elevated creatinine levels. The patient was also suffering a uric kidney stone, which precludes the use of the antibiotic. Because of the complexity of the EMR, none of the attending physicians noticed the kidney stone. Detracting from the EMR’s validity was the fact that a date related to a previous intravenous drip was repeated over and over on all 3,000 pages of the record.
  • In another case, the physician was accused of plagiarizing data entered from another healthcare provider because he copied and pasted basic patient information.
  • And the best for last, “We’ve seen 92-year-old women getting diagnosed as crack addicts because of drop down menus.”

The vendors of medical applications better wake up, or they may be next at the mercy of the lawyer’s hatchet. I would also strongly suggest that there is more stringent oversight on health care professionals.

Let’s just hope none of us get sick – or we have an excellent lawyer.

Comments are closed