Cybersecurity. Another federal regulatory agency with a role in the privacy and security of health care data is the Food and Drug Administration (FDA). The FDA oversees the safety of medical devices, which includes addressing the management of cybersecurity risks and hospital network security. Recent guidelines issued (FDA, 2013) recommend that medical device manufacturers and health care facilities take steps to ensure that appropriate safeguards are in place to reduce the risk of failure caused by cyberattack. This could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks. The consequences of not adequately addressing these risks could be dire. As medical devices are increasingly integrated within health care environments, there will be a need for vigilance toward cybersecurity practices to ensure all systems are adequately protected and patients remain safe from harm. Nurse Informaticists are frequently called on to evaluate safety and effectiveness of new devices and software. Considerations of cybersecurity must be included in any evaluation process.
Legislation aims to change the healthcare delivery system with the incentives, new requirements, new technology, new healthcare delivery models, and provider-patient dynamics. Significant in-roads have been made towards creating a national HIT infrastructure. We need an infrastructure that will support a birth-to-death EHR for every American that can be accessed from anywhere in the country to accommodate the needs of a mobile population. We are closer but have not yet achieved the level of health information exchange required for this to occur.
Legislation established the Office of the National Coordinator for Health Information Technology and provided incentives for the adoption of technology capable of collecting and reporting Meaningful Use criteria and of improving safety and quality of care. All healthcare professionals need to be informed of the potential that technology offers and advocate for applications that can improve the quality of care provided. Healthcare professionals need to stay informed through involvement in professional organizations and professional-education opportunities, not only as to what might be, but also of legislation and compliance issues that directly impact the way that they practice. As patient advocates, it is also important to inform patients of their rights, whether that might be the ability to restrict who has access to their PHI or that they have the right to receive an electronic form of their record. And as advocates, we also need to be aware of proposed legislation and its potential impact, and to let our elected representatives know why they should or should not support pending legislation. As healthcare providers, we have an obligation to apprise healthcare consumers of new developments, such as health information exchanges (HIEs), ACOs, and PCMHs, and what it means for them.
As nurse leaders, the APN is often in an authoritative position or perceived as a role model. For these reasons, he or she needs to determine if appropriate safeguards to protect PHI are in place, and if HIPAA requirements and other legal mandates are met. APNs also need to realize the potential that currently lies just beyond our reach as we compile huge data sets that now remain largely untapped within many separate silos. Consider how HIT legislation has positioned us to make good use of the foundation of knowledge model to acquire new knowledge, to improve our knowledge-processing capabilities, and to enable us to generate more knowledge.
Liability Concerns with Technology in Healthcare management of cybersecurity risks
Schaffer et al. (2017) revealed that liability claims in which EHRs were found to be a contributing factor grew from just two from 2007 through 2010 to 161 from 2011 through December 2016. One concern is that despite the potential of EHRs to advance the quality of healthcare and patient safety, there are unanticipated consequences from this rapidly adopted new technology. Review of claims revealed the following trends:
- System factors that contributed to claims—such as technology and design issues, lack of integration of hospital EHR systems, and failure or lack of alerts and alarms—increased eight percent.
- User factors—such as copy-and-paste errors, data entry errors, and alert fatigue—decreased six percent.
- More EHR-related claim events occurred in in-patient hospital rooms. However, errors also occur in private practice offices, ambulatory/day surgery centers, labor and delivery, and emergency rooms. Hospital clinics/doctors’ offices remain the top location for these events.
- Internal medicine, hospital medicine, and cardiology showed marked decreases among specialties involved in claims.
- Family medicine and nursing also showed decreases.
- Orthopedics, emergency medicine, and obstetrics/gynecology showed increases.