Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Patient Misidentification Remains Common

Posted on February 27, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The following information was released several weeks ago, but I just found it and thought readers would still find it relevant. The research, from security researcher Ponemon Institute, concludes that patient misidentification is relatively common and continues to impact patient safety and experience.

Late last year, Ponemon surveyed 503 healthcare professionals from across the US, including nurses, physicians, IT practitioners and leaders in financial operations, on the frequency and root causes of patient misidentification, as well as the consequences.

According to the researchers, 86% of respondents said they’d witnessed or know of medical errors resulting from patient misidentification. And 67% said that when searching for patient information, they find duplicate medical records for that patient almost all of the time. Along the way, about three-quarters of respondents agreed that use of biometrics could reduce patient misidentification and by extension, cut down on medical errors.

The most common root cause of patient misidentification was incorrect identification at registration (chosen by 63%), followed by time pressure when treating patients (60%), insufficient employee/clinician training and awareness (35%), too many duplicate medical records in system (34%), registrar errors (32%), turf wars between departments (29%), inadequate safety procedures (20%), over-reliance on homegrown or obsolete identification systems (15%) and misinformation provided by patient (9%). (The remaining 3% was reported as “other”.)

The key causes of misidentification named in the survey included the inability to find a patient’s chart or medical record (68% of respondents), a search or query which brings up multiple or duplicate medical records for a patient (67%), patient associated with incorrect records due to same names and/or dates of birth (56%), or having the wrong record pulled up for a patient because another record in the registration system or EMR has the same name and/or date of birth (61%).

Not surprisingly, the survey also suggests that widespread patient misidentification can have a serious financial impact. On average, Ponemon says, respondents said that more than one-third of all denied claims resulted directly from an inaccurate patient identification or inaccurate/incomplete information. This costs the average healthcare facility $1.2 million per year, they reported.

Meanwhile, patient identification problems have a negative impact on patient experience, the survey concluded. Sixty-nine percent of respondents told researchers that staff spent up to or more than 30 minutes per shift contacting medical records or HIM departments to get critical patient information.

Not only that, misidentifying patients can have a ripple effect, with missing or incomplete information leading to patient care delays. Thirty-seven percent of respondents said that they spent an hour or more contacting medical records or HIM departments to get critical patient information.

Patient Portal Security Is A Tricky Issue

Posted on April 25, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Much of the discussion around securing health data on computers revolves around enterprise networks, particularly internal devices. But it doesn’t hurt to look elsewhere in assessing your overall vulnerabilities. And unfortunately, that includes gaps that can be exposed by patients, whose security practices you can’t control.

One vulnerability that gets too little attention is the potential for a cyber attack accessing the provider’s patient portal, according to security consultant Keith Fricke of tw-Security in Overland Park, Kan. Fricke, who spoke with Information Management, noted that cyber criminals can access portal data relatively easily.

For example, they can insert malicious code into frequently visited websites, which the patient may inadvertently download. Then, if your patient’s device or computer isn’t secure, you may have big problems. When the patient accesses a hospital or clinic’s patient portal, the attacker can conceivably get access to the health data available there.

Not only does such an attack give the criminal access to the portal, it may also offer the them access to many other patients’ computers, and the opportunity to send malware to those computers. So one patient’s security breach can become a victim of infection for countless patients.

When patients access the portal via mobile device, it raises another set of security issues, as the threat to such devices is growing over time. In a recent survey by Ponemon Institute and CounterTack, 80% of respondents reported that their mobile endpoints have been the target of malware the past year. And there’s little doubt that the attacks via mobile device will more sophisticated over time.

Given how predictable such vulnerabilities are, you’d think that it would be fairly easy to lock the portals down. But the truth is, patient portals have to strike a particularly delicate balance between usability and security. While you can demand almost anything from employees, you don’t want to frustrate patients, who may become discouraged if too much is expected from them when they log in. And if they aren’t going to use it, why build a patient portal at all?

For example, requiring a patient to change your password or login data frequently may simply be too taxing for users to handle. Other barriers include demanding that a patient use only one specific browser to access the portal, or requiring them to use digits rather than an alphanumeric name that they can remember. And insisting that a patient use a long, computer-generated password can be a hassle that patients won’t tolerate.

At this point, it would be great if I could say “here’s the perfect solution to this problem.” But the truth is, as you already know, that there’s no one solution that will work for every provider and every IT department. That being said, in looking at this issue, I do get the sense that providers and IT execs spend too little time on user-testing their portals. There’s lots of room for improvement there.

It seems to me that to strike the right balance between portal security and usability, it makes more sense to bring user feedback into the equation as early in the game as possible. That way, at least, you’ll be making informed choices when you establish your security protocols. Otherwise, you may end up with a white elephant, and nobody wants to see that happen.

Mobile Apps Pose Security Risks

Posted on July 11, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Mobile apps that share files via the cloud may be popular, but they pose risks in a clinical setting, according to a study reported by FierceMobileHealthcare.

The study, which was conducted by the Ponemon Institute, concluded that many health organizations aren’t taking the steps needed to guard protected health information on mobile devices and in the cloud.  In fact, more than half of respondents (54 percent) reported having an average of five data breaches involving the loss or theft of a mobile device containing  PHI, according to FierceMobileHealthcare.

About 33 percent of Ponemon respondents said they need to access PHI to do their work. That being said, only 15 percent of survey respondents were aware of HIPAA’s security requirements for regulated data on mobile devices.  This was the case despite the fact that 33 percent of respondents were part of a HIPAA-covered entity.

Meanwhile, 40 percent of respondents weren’t sure if their organization’s policies on employee access and use of regulated data on mobile devices were HIPAA-compliant. Twelve percent said they were compliant, 31 percent were partially compliant and 17 percent said they were noncompliant.

While healthcare organizations may be playing it a bit fast and loose where use of the cloud via mobile is concerned, they’re still being very cautious where other  uses of the cloud are concerned, FierceMobileHealthcare notes.

According to a recent survey by technology vendor CDW, healthcare organizations ranked seventh out of eight industries studied when it came to adoption of cloud computing.  According to CDW, healthcare leaders cited security concerns about proprietary data and applications as reasons they’d been reluctant to adopt cloud technology.