Saturday, December 16, 2017

OCMA Blog

Up in the Cloud: Is It Safe to Store Protected Health Information on Remote Servers?

What exactly is the cloud? Cloud storage is a network of remote servers that allow for centralized data storage and online access to these resources. Your files are stored on a server connected to the Internet instead of being stored on your own computer’s hard drive. The cloud is convenient and cost-effective, providing a way to automatically back up your files and folders. 

Despite these benefits, recent publicity around hacks of public cloud storage websites has raised concerns about whether it is appropriate for medical practices and facilities to store health records and information in the cloud. 

Is cloud storage a safe way to store protected health information (PHI)? As with many new technologies, the safety level of the cloud, and whether it’s appropriate for use, depends on the vendor. There are several issues you will have to keep in mind:

  • Are the vendor’s security standards appropriate? You will have to research each vendor you choose. Make sure the company has a good reputation and solid security policies. 
  • How much data will you be storing? Ensure the vendor can handle the amount of data you would like to move to the cloud.
  • Ensure your data is encrypted when being uploaded to or downloaded from the cloud. This is also your responsibility. Make sure your browser or app requires an encrypted connection before you upload or download your data. 
  • Make sure your data is encrypted when stored in the cloud. Data protected by law, such as medical information or personal identifiers, should never be stored in the cloud unless the storage solution is encrypted. Only selected members of your organization should be able to decrypt the data, and your organization should create policies detailing under what circumstances information can be decrypted. 
  • Understand how access is shared in your cloud folder. Many cloud storage providers allow you to share access to your online folders. Be familiar with the details on how that sharing works. Awareness of who has access and how is critical to monitoring activity within your stored data.
  • Understand your options if the cloud provider is hacked or your data is lost. Virtually all cloud service providers require a user to sign an agreement that the user has very little, if any, remedy if a hack or a loss of data occurs. 

Cloud storage can be a valuable asset to medical practices and facilities, but make sure you have absolute confidence in the service provider’s ability to keep the data safe and secure. 

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.


Rising Number of Measles Cases Creates Numerous Patient Safety Issues

As more measles cases are diagnosed, physicians should implement effective screening protocols, infection control techniques, and patient education to reduce liability risks and promote patient safety. Since initial presenting symptoms of measles are similar to those of upper respiratory infections, measles may be misdiagnosed before a patient presents with the familiar red rash.


Exposure to measles in a medical office or facility is a serious patient safety issue because of the potential for complications from the disease, including death. The disease is airborne and extremely contagious. An infected individual is considered contagious from four days before to four days after the rash appears. The rash usually appears 14 days after a person is exposed; however, the incubation period ranges from 7 to 21 days.

Your practice can reduce liability risks and promote patient safety by:

  • Developing screening protocol for patients calling in with symptoms of upper respiratory infections and measles. Staff should query the individual regarding exposure to known measles cases, travel abroad, and immunization status.
  • Documenting all discussions with patients and parents of minors regarding measles, including the risks and benefits of inoculation. When patients/parents decline measles immunization, consider using an informed refusal form: www.thedoctors.com/ecm/groups/public/@tdc/@web/@kc/@patientsafety/documents/form/con_id_001221.pdf. Patients who contract measles and claim that their physician never discussed inoculation represent a potentially significant liability.
  • Providing serologic testing for immunity, when necessary, and documenting all related discussions with patients who are unsure of their immunity status against measles.
  • Ensuring that immunization tracking is up to date and well documented in the medical record.
  • Complying with state laws for the provision of vaccines to healthcare workers. For more information, go to www2a.cdc.gov/nip/statevaccapp/statevaccsapp/default.asp.
  • Advising those who may have come in contact with an infected individual to contact their physician immediately.
  • Ensuring that office staff members are trained to use personal protective equipment and proper isolation techniques.

Follow these tips if you or your staff suspects a patient has measles symptoms:

  • Minimize the risk of exposure to others by admitting the patient through a separate entrance and isolating him or her in an exam room. If possible, schedule the patient at the end of the day. The exam room should not be used until the following day since the virus can live on surfaces for up to two hours. Keep the exam room door closed.
  • Place a surgical mask on the patient and ensure that all office staff members wear protective equipment.
  • Follow standard disinfection and sterilization procedures for exam rooms.
  • Report suspected cases to the local health department.
  • Consider making post-exposure prophylaxis available to those who have been exposed. Post-exposure vaccination can be effective in preventing measles in some individuals. As an alternative, Immunoglobulin, if administered within six days, can offer some protection.

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety


2015 Young Physicians Patient Safety Award

The Doctors Company Foundation is now accepting essays for the 2015 Young Physicians Patient Safety Award. The annual award recognizes six third- and fourth-year students attending U.S. medical schools who write winning essays about the most instructional patient safety event they have experienced in a clinical rotation. Winners each receive a $5,000 award from The Doctors Company Foundation,which co-sponsors the contest with the Lucian Leape Institute of the National Patient Safety Foundation.
 

For more information on the award and how to apply, please visit www.tdcfoundation.com/2015ypawards. Essays are due by Monday, February 2, 2015 (5:00 PM PST).


Get insights on patient safety delivered to your inbox

The Orange County Medical Association invites you to sign up for The Doctor’s Practice, a complimentary monthly newsletter brought to you by our preferred business partner, The Doctors Company.

Each issue of The Doctor’s Practice features a new article or video in a simple, one-click e-mail. These articles feature expert tips to help you reduce malpractice risk, avoid claims, and make the practice of medicine more rewarding.

Sign up for this valuable publication at www.thedoctors.com/TheDoctorsPractice

The insightful content in The Doctor’s Practice is part of The Doctors Company’s commitment to defending, protecting, and rewarding the practice of good medicine.


Communication Is Key to Improving Diabetic Patient Outcomes and Reducing Liability


Because diabetes has the potential for serious complications and requires immense involvement by patients and physicians for successful outcomes, healthcare professionals who treat diabetic patients may be at risk for malpractice lawsuits.

In a study of claims closed from 2007 to 2013, The Doctors Company identified four common allegations made by patients with diabetes: improper management of treatment (37 percent), failure or delay in diagnosis (31 percent), failure to treat (9 percent), and improper management of medication regimens (6 percent).  

Diabetic patients’ treatment is often managed by a multidisciplinary care team, which may include a primary care physician, endocrinologist, dietician, ophthalmologist, podiatrist, and dentist. When patients file claims, it’s not uncommon for them to name the entire care team in the complaint, alleging failure to properly diagnose, supervise, monitor, and/or treat their disease.  

To promote patient safety, the healthcare team should engage the patient in collaborative care planning and problem solving to produce an individualized care plan as well as team support when problems are encountered. Other ways to promote patient safety and mitigate the risk of malpractice claims related to diabetes care are: 

  • Communicate. Talking openly with diabetic patients about their condition and encouraging them to take an active role in decision making enhances patient safety. 

- Overcome patients’ fears about their disease by taking time to answer questions.
- Discuss all associated risk factors, including weight gain. The American Medical 
  Association and American Diabetes Association have resources available to help physicians
  talk to their patients 
about weight and diabetes.
- Provide written instructions and information about adverse effects for prescription drugs
  and 
complex prescription drug regimens.
- Communicate with the patient and prepare written information in the language and at the 
  literacy level that the patient understands.
- Ask patients to repeat the information shared, not just whether they understand what 
  they have been told.

  • Educate. Educate patients about the importance of self-management to help increase their compliance and to reduce the risk of patients attributing their injuries to substandard care. Diabetic patients should be able to articulate the importance of lab tests, medication management, diet, and exercise. Barriers to self-management such as financial issues or lack of social support, healthcare literacy, and patient-caregiver relationships should be assessed.
  • Document. Document any and all patient interactions and discussions regarding the patient’s condition, including diagnosis, specialist referrals, and treatment options.
  • Manage care. Implement a program that ensures timely follow-up when a patient fails to schedule an appointment, misses an appointment, or cancels an appointment and does not reschedule. Failure to follow up and provide intensive patient management can lead to missed or delayed diagnoses, accelerated disease symptoms, morbidity, and/or mortality. 

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.


The Doctors Company Risk Tip: Including Risk Management in Your Vacation Planning Allows You to Relax

Because liability never takes a holiday, your vacation plans should include medical coverage arrangements for your practice, particularly when you use locum tenens. The following tips will help reduce risks in your practice and promote the safety of your patients as you plan your vacation:

  • Review managed care contracts for relevant coverage requirements. Some managed care contracts contain very specific language on this topic and many contain indemnification clauses that could expose you to the liability of the covering physician (as well as breach of contract). 
  • Whenever possible, make secondary coverage arrangements. Confirm coverage arrangements via e-mail or fax with the locum tenens who are covering your practice in order to avoid misunderstandings, possible uncertainty of dates or time frame, and exposure to abandonment.
  • Ensure that the practice coverage arrangements include an understanding about patient billing practices in conjunction with any managed care contracts or plans. 
  • Choose covering physicians who share your medical specialty and have privileges at the same hospitals that you do. 
  • Determine if covering physicians carry professional liability coverage and the limits of such coverage. While asking these questions could be awkward, you may be required to ask under certain managed care plans, provider agreements, and hospital bylaws.
  • Before leaving on vacation, prepare a list of patients who are hospitalized or are in the midst of diagnostic work-up, or who have special medical problems or needs. Give this information to the covering physicians and document any specific advice you provide. 
  • Inform the attending physicians or hospitalists of any hospitalized patients you are following about your coverage arrangements, and document the hospital chart to reflect these conversations. 
  • Advise your patients of the coverage arrangements and give them the covering physicians’ names.
  • Make each hospital where you have on-call responsibilities aware of the dates of your unavailability and the identity and phone numbers of the covering physicians. Give similar notice to your answering service and office staff.
Upon returning from vacation, promptly confer with all covering physicians. Document what you were told by the covering physicians about any significant developments in patients’ clinical course or treatment while you were away. 

Consider implementing these fundamental loss prevention measures for even brief periods when you are unavailable, such as observance of religious holidays, attending medical conferences, personal illness, or a long weekend. Unfortunately, vulnerability to claims is not diminished on these occasions. 

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.

The Doctors Company Alert: Windows XP Use May Trigger HIPAA Non-Compliance

Alert from The Doctors Company:

Now that Microsoft has stopped supporting the Windows XP operating system, physician practices using Windows XP face threats from viruses, Trojans, and other potential security breaches. All PC workstations and laptops using Windows XP that contain Protected Health Information (PHI) are no longer compliant with HIPAA and the HITECH Act. This includes devices used to access PHI via the Internet. HIPAA Security Rule section 164.308(a)(5)(ii)(B) states that practices must implement “procedures for guarding against, detecting, and reporting malicious software.” This is no longer possible with Windows XP.

If your practice system currently runs on Windows XP, follow these tips immediately to bring your practice into HIPAA compliance:

  • Identify all at-risk workstations and laptops.
  • Analyze the hardware in all at-risk computers to determine if they are capable of running a new operating system, such as Windows 7 or 8.
  • Upgrade all at-risk computers identified as capable of running a new operating system.
  • For computers that cannot be upgraded, either replace the hardware or purchase new computers.
  • Create a transition plan for upgrading or replacing computers.
Internet Explorer 8 is also no longer supported—if your practice is running Windows XP and using Internet Explorer 8, you may be exposed to additional threats.


The Doctors Company Risk Tip: Undiagnosed Heart Disease in Women

Differences in the early symptoms and signs of an impending heart attack in women may make diagnosis more difficult compared to men. 

In a study of closed medical malpractice claims involving undiagnosed heart disease in women, The Doctors Company found that in 61 percent of claims the patient died when her heart condition was not correctly diagnosed and 33 percent had heart muscle damage from myocardial infarction. 

In the following case, failure to diagnose acute myocardial infarction resulted in death:

A 47-year-old obese woman presented to her PCP complaining of a burning sensation in her chest after eating. The patient reported a similar episode the prior day after eating lunch as well as increased heartburn over the last few weeks.

A review of the medical record reflected elevated blood pressures over the past six months and an elevated cholesterol level of 237 (mg/dl). On the day of the exam, her blood pressure was 160/90. She smoked, drank alcohol socially, and was unaware of a family history of coronary artery disease. A heart exam revealed normal rate and rhythm. The physician noted that the patient appeared diaphoretic; however, she wasn’t in acute distress and was pain-free throughout the examination. An ECG revealed a left bundle branch block. Prior ECGs were not available for comparison. Suspecting reflux esophagitis (heartburn), the PCP advised the patient to take an antacid and to return if the symptoms continued.

Two days later, the patient called her PCP’s office stating that her chest burning sensation continued. The nurse advised her to continue taking the antacid and scheduled an office appointment for the following day. The nurse advised the patient to go to the ED if she developed chest pain. 

That night, the woman awoke with chest pain, nausea, and vomiting. She was taken to the ED for emergeny coronary angiography, but died shortly after arrival. 


To avoid such risks:

 

  • Rule out myocardial infarction before arriving at a GI-related diagnosis such as gastric reflux as the cause of chest pain or discomfort. 
  • Consider cardiac risk factors such as obesity, smoking, hypertension, and hyperlipidemia. 
  • Offer patients same-day appointments when they complain of continued symptoms for which they were recently seen. If this is not possible, send them to the ED and document this in the medical record.
  • Develop a written chest pain protocol. 

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.


The Doctors Company Risk Tip: Medical Clearance Does Not Clear the Patient or Physician of Risks

“Medical clearance” is when a surgeon requests clearance from an assessing physician before performing surgery on a patient. Cardiac risk is the number one reason to request medical clearance, but other risks that call for medical clearance include congestive heart failure, pulmonary embolism, anticoagulation, obesity, and high blood pressure. 

Anticoagulants, for example, are often an issue in surgical claims. If the patient is taking anticoagulants, the surgeon and the physician should agree on the best approach for that specific patient. They may discuss changes in medical management that should be made to decrease risk. If they believe the patient is at risk from a respiratory perspective, the focus may be on early mobilization, incentive spirometry, and respiratory treatment.

To avoid malpractice risks, consider the following tips when dealing with medical clearance:

  • Determine which patients need medical clearance. The surgeon should assess the type of surgery and its associated risks and the health of the patient. Healthy patients with no underlying conditions who are undergoing fairly low-risk procedures don’t routinely need medical clearance. 
  • Provide appropriate information. Problems can arise when the surgeon does not provide enough information to the assessing physician about the surgery being proposed. The surgeon should provide information to the assessing physician about the type of surgery, how long it will take, what kind of anesthesia is anticipated, how long the patient will be immobile, what is involved in rehabilitation, and what the recovery period looks like. The assessing physician should take that information into consideration, along with exam results and knowledge of the patient, to determine if the patient is at increased risk.
  • Develop a plan to mitigate risks. The surgeon and the assessing physician should work together to determine the steps to take to mitigate risk preoperatively, intraoperatively, and postoperatively. For example, they should agree about which medications to stop preoperatively and which to continue. 

There is no standard medical clearance process. Physicians should be aware of when a medical clearance would be indicated and have a good process to ensure it’s done.

Medical clearance is a misnomer because it implies that the patient is cleared and there are no risks. No patient is free of risk when undergoing a procedure. The goals of the assessment are to determine the level of risk and to identify opportunities to mitigate risk—with the surgeon and the assessing physician working in concert. The decision about whether to proceed with the operation belongs to the surgeon and the patient.

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.


Competition Opens for Young Physicians Patient Safety Award

Medical Students and Residents Encouraged to Submit Essays for $5,000 Awards


Napa, California—November 18, 2013
—Entries are now being accepted for the 2014 Young Physicians Patient Safety Award, The Doctors Company Foundation announced today. Medical students and residents are eligible to compete for six $5,000 awards. Winners will also receive travel to the Association of American Medical College’s Integrating Quality meeting in Chicago June 12–13, 2014, where the awards will be presented.

Entrants must be third- or fourth-year medical students or first-year residents who were in a hospital setting as of June 2013. Entrants must submit a 500- to 1,000-word essay describing an instructional patient safety event they experienced during a clinical rotation that resulted in a personal transformation. Essays are due by 5:00 PM (ET) on Monday, February 3, 2014. Online entry forms are available at http://bit.ly/PtSafetyAward.

The contest is sponsored by The Doctors Company Foundation in partnership with the Lucian Leape Institute at the National Patient Safety Foundation (NPSF). Entries will be judged by a panel selected by the NPSF.

“One of the missions of our Foundation is to support patient safety education for healthcare professionals,” said Leona Egeland Siadek, the Foundation’s executive director. “The Young Physicians Patient Safety Award is a key to this mission. These essays bring to the forefront the importance of making the culture of safety an integral part of the culture of medicine.” 

Past winning essays can be read at http://npsfcongress.org/young-physicians-essays/2013-winners-one/.

About The Doctors Company Foundation
The Doctors Company Foundation was created in 2008 by The Doctors Company, the nation’s largest physician-owned medical malpractice insurer. The purpose of the Foundation is to support patient safety education for healthcare professionals, patient safety research with clinically useful applications, and medical professional liability research. In this context, patient safety is defined as a healthcare discipline that minimizes the incidence and impact of adverse events by redesigning systems and processes using human factors principles to reduce errors.

### 
Contact: Alina Gomez, agomez@the doctors.com

Home   |   About Us   |   Membership   |   For Physicians   |   News   |   For Patients   |   Advocacy   |   Events
Copyright (c) 2017 Orange County Medical Association