In addition to any financial penalties, the loss or unintended disclosure of patient data can cause significant stress to the patients involved and cause reputational damage to the healthcare entity responsible. 3 – 5 Should patient identifiable data be visible to non-approved parties, the responsibility will lie with the healthcare provider where the data originated, regardless of any third parties employed to “dispose” of the hardware containing the data 5 and regardless of any certification provided as evidence of “safe disposal”. In addition to demonstrating a failure in the duty of confidentiality between healthcare provider and patient, in recent years loss of data has cost the National Health Service (NHS) more than £500,000. Again, this clearly breaks the institution’s duty of confidentiality to the patient and contravenes the Data Protection Act. That data will survive for the life time of the hard drive, be it within the system or as a scrapped component. ![]() If any patient data exists on such a system, be it readily available or recoverable in some way, the healthcare institution would have no control as to where that data would go, where it would reside and who could access it. Although there may be an approved arrangement to cover offsite repairs of a device or replacement of a data storage component, there will be no such mechanism to cover the return of a system to a lease company or transfer of ownership to any third party. This approval will be on the basis of clinical need to know and patient benefit. 1, 2 Healthcare institutions should have allowed pathways for any sharing of patient data that will have been approved by the local Caldicott guardian. The loss of a hard disk from a US system containing patient identifiable data would represent a clear breach of patient confidentiality and would contravene local information governance policies, the Caldicott principles and the Data Protection Act. Just as with a PC, tablet or phone, the act of deleting a file may not be sufficient to prevent it being recovered and read again. ![]() Beyond any bespoke hardware, there is almost certain to be a hard disk running a recognisable operating system using files that can be read easily, including files containing patient data. ![]() Most modern ultrasound (US) systems are PC and software driven.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |