February 22, 2016

New Threat to Clinical Documentation

By

On Feb. 5, Hollywood Presbyterian Medical Center experienced an electronic health record (EHR) outage that began due to ransomware. This type of malware had shut down the hospital’s internal computer system and communication devices, with only a software “key” capable of reopening the internal data files. The hospital has reported that patient care was not compromised at any time or in any way.  

Hollywood Presbyterian returned to paper registrations and documenting on paper forms throughout the incident. The emergency department and fax machines were some areas that were affected by the hacking, however.  

The hospital released a statement on Feb. 17 noting that it had paid the ransom of 40 bitcoins, or approximately $17,000, in order to obtain the decryption key and return the operations to normal as soon as possible. Bitcoin is a type of digital currency that is difficult to trace. Operations were restored on Feb. 15. 

Hollywood Presbyterian Medical Center notified law enforcement immediately, and the Federal Bureau of Investigation (FBI) is now involved with the case. Computer experts assisted the facility in getting their health information systems back online and in understanding the event. According to a memo released by the hospital’s president, Allen Stefanek, “we have no evidence at this time that any patient or employee information was subject to unauthorized access.”

This incident raises the importance of backup systems, redundancy, security, and information governance. Could a hacker invade an electronic health record and impact patient care? Could a hospital be shut down permanently? How do security measures need to change in order to keep our health information safe?      

February is Information Governance Month. You may wonder, “what is information governance?”   This American Health Information Management Association (AHIMA) initiative is focused on protecting and maintaining high quality of data and integrity of all types of data. As we have learned in recent years, data is very important in the healthcare industry to providing high quality of care, a safe environment, and cost-effective treatment. Information is an asset to any organization that must be kept safe and secure. We need information governance so that we can extract clinical and business information and optimize its usefulness.   

Health information management (HIM) professionals have always understood the importance of data security and consistent data. As healthcare delivery becomes more electronic in nature, the need for security and management will become heightened.

This cyberattack highlights the need to remain diligent in our security practices to protect the most personal of information – our health records.

Laurie Johnson, MS, RHIA, CPC-H, FAHIMA, AHIMA-Approved ICD-10-CM/PCS Trainer

Laurie M. Johnson, MS, RHIA, FAHIMA is currently a senior healthcare consultant for Revenue Cycle Solutions based in Pittsburgh, Pa. Laurie is an AHIMA approved ICD-10-CM/PCS Trainer. She has more than 35 years of experience in health information management and specializes in coding and related functions. She has been a featured speaker in over 40 conferences and will be speaking at 2017 AHIMA Coding Community Meeting in Los Angeles, Ca. Laurie has been a frequent guest on Talk Ten Tuesdays.

Related Stories

  • Great Future Ahead, Says New AHIMA President
    Smith preaches collaboration, outreach, advancement on TTT broadcast. EDITOR’S NOTE: The following are remarks made by American Health Information Management Association (AHIMA) President and Board Chair Diann Smith during the live Talk-Ten-Tuesdays broadcast on Feb. 13. The American Health Information…
  • ICD-11 is Coming – Take Time to Adjust
    The new classification is designed as a database and has up to 13 dimensions. The World Health Organization (WHO) will be releasing the 11th Revision to the International Classification of Diseases, or ICD-11, this May. The WHO and many of…
  • “Assumptive” Coding for Heart Disease – A Coder’s Perspective
    Official guidance on ICD-10-CM coding raises questions regarding how to document cardiac care. The first step in choosing the proper ICD-10-CM code is reading the medical documentation to identify the diagnosis the provider has documented and confirmed. If there is…