February 22, 2016

New Threat to Clinical Documentation

By

On Feb. 5, Hollywood Presbyterian Medical Center experienced an electronic health record (EHR) outage that began due to ransomware. This type of malware had shut down the hospital’s internal computer system and communication devices, with only a software “key” capable of reopening the internal data files. The hospital has reported that patient care was not compromised at any time or in any way.  

Hollywood Presbyterian returned to paper registrations and documenting on paper forms throughout the incident. The emergency department and fax machines were some areas that were affected by the hacking, however.  

The hospital released a statement on Feb. 17 noting that it had paid the ransom of 40 bitcoins, or approximately $17,000, in order to obtain the decryption key and return the operations to normal as soon as possible. Bitcoin is a type of digital currency that is difficult to trace. Operations were restored on Feb. 15. 

Hollywood Presbyterian Medical Center notified law enforcement immediately, and the Federal Bureau of Investigation (FBI) is now involved with the case. Computer experts assisted the facility in getting their health information systems back online and in understanding the event. According to a memo released by the hospital’s president, Allen Stefanek, “we have no evidence at this time that any patient or employee information was subject to unauthorized access.”

This incident raises the importance of backup systems, redundancy, security, and information governance. Could a hacker invade an electronic health record and impact patient care? Could a hospital be shut down permanently? How do security measures need to change in order to keep our health information safe?      

February is Information Governance Month. You may wonder, “what is information governance?”   This American Health Information Management Association (AHIMA) initiative is focused on protecting and maintaining high quality of data and integrity of all types of data. As we have learned in recent years, data is very important in the healthcare industry to providing high quality of care, a safe environment, and cost-effective treatment. Information is an asset to any organization that must be kept safe and secure. We need information governance so that we can extract clinical and business information and optimize its usefulness.   

Health information management (HIM) professionals have always understood the importance of data security and consistent data. As healthcare delivery becomes more electronic in nature, the need for security and management will become heightened.

This cyberattack highlights the need to remain diligent in our security practices to protect the most personal of information – our health records.

Disclaimer: Every reasonable effort was made to ensure the accuracy of this information at the time it was published. However, due to the nature of industry changes over time we cannot guarantee its validity after the year it was published.
Laurie Johnson, MS, RHIA, CPC-H, FAHIMA, AHIMA-Approved ICD-10-CM/PCS Trainer

Laurie M. Johnson, MS, RHIA, FAHIMA is currently a senior healthcare consultant for Revenue Cycle Solutions, based in Pittsburgh, Pa. Laurie is an American Health Information Management Association (AHIMA) approved ICD-10-CM/PCS trainer. She has more than 35 years of experience in health information management and specializes in coding and related functions. She has been a featured speaker in over 40 conferences. Laurie is a member of the ICD10monitor editorial board and makes frequent appearances on Talk Ten Tuesdays.

Related Stories

  • Healthcare and Hurricane Preparedness
    The aftermath of Florence prompts a review of emergency preparedness We know the 2018 hurricane season is upon us, but we are always unsure of where the individual storms will appear, what their track will be, and how they will…
  • Facilities Urged to Strengthen Coding Compliance Program
    Recent FCA activity focuses on coding compliance issues Recently in healthcare news were articles about two legal actions that cause one to reflect on the need for a strong (or stronger) coding and clinical documentation improvement (CDI) compliance programs.  The…
  • AMA Releases 2019 CPT® Code Set
    New code changes number 335. The new current procedural terminology (CPT®) codes have been released with 335 code changes in 2019.  There were many code revisions with guideline, description and instructional note changes.   Let’s look at the highlights of many new…