Sunday, October 25, 2009

Clinic's medical files vanish

At "Data Malpractice on T-Mobile Sidekick: But Don't Worry, Your Medical Data is Safe", on Oct. 16 I wrote:

One of the promises made about healthcare IT is that your medical data is "safer" in electronic form than in paper form. The Hurricane Katrina example of paper records being destroyed is often used as a poster example of the dangers of paper records.

However, the risk of electronic storage of information, especially the talk of national EMR's stored on the "cloud" (an amorphous term meaning distributed storage "out there" whose physical sites and boundaries are supposedly irrelevant from the user's perspective) has also been under-reported.

Personal customer data had been "lost" from many of T-Mobile USA's Sidekick devices due to a computer malfunction, although the data was apparently recovered eventually, apparently through luck rather than good engineering.

I expressed concern that such mishaps could affect clinical IT. I did not have to wait long for such a case to appear. Less than one week.

Below is a story of a Canadian clinic that lost two years of electronic health records:

Clinic's medical files vanish

By Ryan Cormier, Edmonton Journal

October 21, 2009

During a recent investigation into whether a patient's confidentiality had been breached at the Fairview Medical Clinic, an investigator asked for a log of who had accessed the complainant's file. When the clinic responded that it had automated his records in 2004 but only had files from 2006 on, alarm bells rang.

"That raised a lot of questions," said Leahann McElveen, an investigator with the office of the information and privacy commissioner.

The clinic had permanently lost two years worth of health files that include patient information on visits, prescriptions, lab reports, doctor's notes and other information. The loss happened when the clinic switched from one electronic medical records system to another.

"They were two similar systems intended to do the same thing," McElveen said. "However, they weren't coded the same way behind the scenes. It's not that the records fall into the wrong hands, they just don't exist anymore."


*POOF*.

Deinstallation of one system in favor of another is not uncommon. EHR data may become unavailable due to lack of data portability and the expense of data migration, or in this case apparently due to preventable technical problems.

It is essential for clinical IT users to have robust disaster recovery and business continuity solutions, and take great care when performing actions that can lose large amounts of data very fast. This adds to clinical IT cost, and a concern is that some users might skimp on these capabilities.

This must be discouraged.

(To the reader: do you back up your own PC or Mac reliably?)

-- SS