Using Information Technology Itself
Once we accept that clinicians and other care providers have a professional duty to protect patient information, it becomes a duty to assess and manage risks arising from the way that we process and store that data. In general, storing information using IT exposes it to greater risk.
However, the technology also provides much better facilities for managing and reducing that risk. Because you have these facilities available to you, you have a legal and ethical duty to use them. Not to do so, could be considered professionally negligent, if you do not take the steps that your peer group of professionals would normally take
Electronic data faces a different range of risks from paper-based data. In general, it is less at risk from accidental loss, damage or wear and tear. The technology itself can also help to protect the patients’ information if used correctly. On the other hand, there are new and different threats to electronic data.
You should consider how to protect personal information in your care against:
- unauthorised access
and malicious damage.
Some necessary actions will not be your job, but many risks can be reduced by good habits.
Paper-based records have always been at risk of accidental damage through the threats of fire and flood. Additional risks include loss due to incorrect filing.
Each of these risks has a corresponding risk for computerised records. Computers can be destroyed by fire or flood or even cups of coffee! Similarly, records may be filed under a wrong name or deleted accidentally. It is much easier to delete a computerised record accidentally than throw away a physical record accidentally.
Computers have additional risks due to their need for an external power supply, and their technological complexity. Clinical coding makes incorrect data entry potentially more likely, as different clinicians may wish to use different codes for the same condition.
However, the most significant difference is that the technology can provide a means of managing the risks.
As we have a duty to keep patient information secure, so there is a duty to make best use of technology to protect the information from accidental damage. The following list shows how we can protect against the identified risks:
- Flood risk may be managed by regular backups and remote storage of backups
- Fire risk may be managed by regular backups and remote storage of backups
Power failure risk may be managed by a continuous power supply and regular backups Equipment failure Regular backups
- Incorrect data entry risk may be managed by data validation, data entry protocols
- Accidental deletion of files risk may be managed by confirmation dialog boxes