August 30, 2017 Articles

Ransomware in Health Care: An Insurance-Based Analysis

This type of phishing loss is complex and unsettled, frequently leaving room for coverage gaps under many policies

by Kristen Psaty and Christina Terplan

The medical field recognizes a standard pre-procedure verification process called a “time-out” that occurs prior to any invasive procedure requiring patient consent. This is an element of the Universal Protocol and includes a deliberate pause in activity among all members of the treatment team and a checklist review of patient demographic information, medical history, and medical procedure details. The Universal Protocol has been a mandated practice in all hospitals accredited by the Joint Commission since 2004.[1] It is formally endorsed as an industry best practice, with National Time-Out Day recognized annually at the behest of the Association of Perioperative Registered Nurses[2] with support from the World Health Organization.[3] The standard procedure is mandated as a way to prevent egregious medical errors, including wrong person or wrong procedure surgery.

Compliance with the time-out procedure is dependent on the health team’s access to patient medical records. Increasingly, patient medical records are created, stored, and accessed by medical professionals in electronic form. In fact, in 2015, 87 percent of all U.S.-based physicians reported use of electronic medical records (EMRs).[4] An EMR is a digital version of a patient medical chart containing a patient’s medical history, including information on patient allergies, current medications, lab results, and diagnosis, as well as basic demographic information, including home address, personal phone number, and personal point of contact information.[5] A patient EMR might also include details such as medical diagnoses, date of birth, and Social Security number.

Premium Content For:
  • Litigation Section
Join - Now