Perhaps the most troubling aspect of the inadvertent disclosure of private information by Dent Neurologic Institute – at least from the broad view – is the damage it could do to patients’ trust of electronic medical records and the benefits that digital transmission offers to both the quality and cost of health care.
The national health care sector is still in the developing stages of using electronic records, a fact that underscores the sensitivity of the moment and perhaps also explains, at least in part, how this error occurred. The mistake was bad enough, although it’s fair to say that it could have been much worse.
Confidential information about more than 10,200 patients of Dent Neurologic was emailed to more than 200 patients on Monday, evidently by accident. The information included patients’ names, addresses, their doctors’ names, dates of their last appointments and their email addresses – enough information to get an identity thief off to a real start.
Fortunately, the information did not include specific information about the patients’ medical conditions, birth dates or Social Security numbers, according to the company. That could have been calamitous for some patients.
As it is, it could undermine efforts, such as those at HEALTHeLINK in Western New York, to promote an electronic system for sharing clinical information among health professionals. That is the way of the future, and not only does it need to be secure, the public has to perceive it that way.
The question is how something like this could happen. Indeed, for Dent, the question is compounded by a previous incident – though not nearly so serious – in which letters were sent to the wrong group of patients, causing confusion about their care.
Anyone who has sent an embarrassing email to the wrong person or a text they later regretted knows how easy it can be to cause a problem in the computer age.
But that is just the reason that significant safeguards need to be in place so that personal information such as Dent emailed cannot be inadvertently attached. A program, a firewall, a password, a warning – something that is digitally and psychologically secure – needs to be in place so that when sensitive documents are being made public, it can only happen intentionally.
If this is part of an electronic learning curve, then that can help to explain this violation of privacy, but it doesn’t excuse it. There aren’t many areas in public or private life more sensitive than the information shared between patient and doctor. It is legally protected for a reason.
That means there is a lesson to learn in this error for all health organizations, from the country doctor to the downtown hospital. There need to be protocols that ensure this kind of information cannot be inadvertently broadcast, potentially to millions of people.
Where that work has not already begun, this episode should provide the incentive, before truly significant damage can be done.