How to Manage the Risks to Patient Information

Once we accept that clinicians and other care providers have a professional duty to protect patient information, it becomes a duty to assess and manage risks arising from the way that we process and store that data. In general, storing information using IT exposes it to greater risk.

However, the technology also provides much better facilities for managing and reducing that risk. Because you have these facilities available to you, you have a legal and ethical duty to use them. Not to do so, could be considered professionally negligent, if you do not take the steps that your peer group of professionals would normally take

Electronic data faces a different range of risks from paper-based data. In general, it is less at risk from accidental loss, damage or wear and tear. The technology itself can also help to protect the patients’ information if used correctly. On the other hand, there are new and different threats to electronic data.

You should consider how to protect personal information in your care against:

• accidental damage,
• unauthorised access
• and malicious damage.

Some necessary actions will not be your job, but many risks can be reduced by good habits.

Paper-based records have always been at risk of accidental damage through the threats of fire and flood. Additional risks include loss due to incorrect filing.

Each of these risks has a corresponding risk for computerised records. Computers can be destroyed by fire or flood or even cups of coffee! Similarly, records may be filed under a wrong name or deleted accidentally. It is much easier to delete a computerised record accidentally than throw away a physical record accidentally.

Computers have additional risks due to their need for an external power supply, and their technological complexity. Clinical coding makes incorrect data entry potentially more likely, as different clinicians may wish to use different codes for the same condition.

However, the most significant difference is that the technology can provide a means of managing the risks.

As we have a duty to keep patient information secure, so there is a duty to make best use of technology to protect the information from accidental damage. The following list shows how we can protect against the identified risks:

• Flood risk may be managed by regular backups and remote storage of backups
• Fire risk may be managed by regular backups and remote storage of backups
• Power failure risk may be managed by a continuous power supply and regular backups Equipment failure Regular backups
• Incorrect data entry risk may be managed by data validation, data entry protocols
• Accidental deletion of files risk may be managed by confirmation dialog boxes

A good back up strategy is essential. A typical strategy might look like:

• Monday: Incremental backup
• Tuesday: Full backup
• Wednesday: Incremental backup
• Thursday: Incremental backup
• Friday: Full backup removed to a remote location
• Saturday: Incremental backup
• Sunday: Incremental backup

Procedures to make backup up copies of the patient record system must be:

• Appropriately planned to ensure that a valid recent copy can be recovered;
• Regularly, correctly and consistently carried out;
• Verified by checking the integrity of the backed up data (on every occasion).

Used backup disks and tapes should be replaced with new media at regular intervals taking account of the manufacturers recommendations on the anticipated working life of the media used. Old backup media should be re-formatted or physically disrupted so as to render any data on them unrecoverable. If the backup procedure offers a choice of backing up different parts of the system, the routine backup procedure should always include a backup of the audit trail.

The organisation should have a policy on data entry to minimise risks in this area. The policy may allow another person to make entries in the patient records on behalf of the responsible healthcare professional. The information on which such entries are based may be a written note, a dictated message or a verbal report by the healthcare professional responsible for the observations or interventions recorded.

Entries made in this way must be:

• transcribed to the computerised record by an authorised trained person who ascribes the entries to the healthcare professional who wrote or dictated the notes;
• monitored in accordance with the practice policy on data entry to ensure the accuracy and correct attribution of the entries made.

The clinical system should record details of who, what and when, in an audit trail. Audit trails should be capable of detecting tampering and should be secured against deletion. If reports and correspondence are received electronically from outside the practice, the practice policy should include procedures to ensure that:

• all information received is seen by the person responsible for the original request or by another doctor acting on his or her behalf;
• the information received is filed in the computerised record of the patient to whom it relates.

Finally, confirmatory dialog boxes are an essential part of any system design. They seek to stop you accidentally doing something with unforeseen consequences. I prefer to think of them as “Have you lost your presence of mind?” boxes.

It’s usually worth taking a deep breath before telling the computer that “No, of course, I haven’t!” and telling it to “Get on with what I asked you to do” by clicking on “Yes”

Gillies AC (2006) The Clinicians Guide for Surviving IT, Radcliffe Publishing, Abingdon

Gillies AC (2008) The legal and ethical changes in the NHS landscape accompanying the policy shift from paper-based health records to electronic health records, Studies in Ethics, Law and Technology, vol 1 no 2 article no 4