Theft at Healthcare Facilities Puts Patient Data at Risk

By ThinkReliability Staff

There have been many reported cases of thefts at healthcare facilities that resulted in patient data being at risk.  Loss of medical equipment or patient safety data is a big issue for the involved healthcare facility, and it’s all too common.  More than half of healthcare facilities have reported at least one health data breach since 2009.  It is   estimated that 66% of reported breaches are due to theft.  (For an example of a patient privacy breach not related to theft, read our previous blog.)

Some notable thefts: more than $1 million worth of equipment (including some that contained patient information) was stolen over a two-year period from a VA Hospital in Florida.  A health insurance provider lost nine server drives, including patient and provider information  for 1.9 million people.  The theft was not reported until two months later and followed a theft two years prior of a portable disk drive which contained personal data for 1.5 million members.  We can look at the issue of theft of equipment in a proactive root cause analysis performed as a Cause Map, which allows us to visually map causes that could results in impacts to the goals.

In this case, there is the risk of impact to the patient safety goal if patient medical records are impacted.  The loss of property can be considered an impact to employees, the organization, and the property goal.  The loss of patient data can be considered an impact to the patient services and compliance goal (as compliance with privacy regulations may be affected).  In this case, we look specifically at loss of equipment and data due to theft.

Beginning with the impacted goals, we can ask “Why” questions to add detail to the Cause Map.  Loss of property can result from theft, and insufficient inventory records can contribute.  (This was noted in the case of the VA loss.)  Theft can occur within or outside a healthcare facility.   Within a facility, property can be stolen by either employees, or non-employees.  If it is determined that property was only accessed by employees, more intense background checks may be in order.  In either case, security needs to be considered.  The levels of security depend on the type of facility, type of property and data contained in various spaces, and various other factors, and should be considered for each facility individually.

Property that is stolen outside the facility is generally stolen from an employee who works off-site or has taken data off-site, and insufficiently protects the data.  If employees are allowed to have sensitive information or expensive equipment off-site, sufficient precautions must be taken, which are also dependent on the sensitivity of data, value of property, and needs of the facility.

To view the Outline and Cause Map, please click “Download PDF” above.

New Research on the Impact of Hospital-Acquired Infections

By ThinkReliability Staff

Recent research has shown that in-hospital mortality for patients who acquire an infection in the hospital increases from 4.5% to 18.5%.  Hospital-acquired infections are infections obtained while a patient is hospitalized.  The three main hospital-acquired infections (or HAIs) are bloodstream infections (28% of HAIs), pneumonia (21%) and urinary tract infections (15%).

Not only does an HAI increase the mortality rate, it has other impacts as well.  We can look at these impacts, and their causes, in a root cause analysis demonstrated visually as a Cause Map.  For the purpose of this root cause analysis, we will limit our investigation to HAIs that occur during hospitalization in an intensive care unit (ICU).  We begin with determining the other impacts to the goals.  The patient safety goal is impacted due to the increase in mortality.  The organization goal is impacted because many insurers (including Medicare and Medicaid) will not reimburse for some infections obtained during hospitalization.   Additional treatment is required to treat the infection, resulting in an impact to the patient services goal.  The treatment for these infections normally results in an increased stay in the ICU (from an average of 8.1 days to 15.8 days), at a cost of $16,000.  It is estimated that 26.7% of all ICU stays result in at least one HAI.

Beginning with the impacted patient safety goal, we can ask “Why” questions to demonstrate the cause-and-effect relationships leading to the increase in mortality.  Increased mortality is due to the acquiring of an HAI.  HAIs result from the exposure to a pathogen and frequently occur in the ICU partially due to the increased risk of infection due to the underlying condition for which the patient is in the ICU.  There are two types of pathogens to which patients can be exposed: endogenous (essentially, from the patient’s own body) and exogenous (from visitors, healthcare providers, equipment, the environment, etc).  HAIs are highly related to the use of invasive support measures, which provide a path for either kind of pathogen directly into the patient’s body.  Specifically, the use of a central intravenous line is cited in 91% of bloodstream infections, mechanical ventilation is cited in 95% of hospital-acquired pneumonias, and urinary catheters are cited in 77% of urinary tract infection.

Because these invasive support measures are generally required for patient care, it’s difficult to see how these infections can be reduced.  However, some programs have been shown to substantially reduce HAIs – and the cost associated with them – by improving the culture of safety and compliance with preventive methods.  One such program in Michigan has reduced the rate of bloodstream infections associated with central lines from 7.7 to 1.3 per 1,000 catheter days.  Even without a dedicated safety program, insisting on hand washing and proper cleanliness procedures during the insertion, checking, and removal of invasive support measures can reduce the risk of HAIs.  Additionally, because the use of invasive support measures is so strongly correlated to HAIs, removal of these measures as soon as possible can also reduce the risk.

To view the Outline and Cause Map, please click “Download PDF” above.  Click here to read more about hospital-acquired conditions.  Or click here to read more about the latest research.

Living Donor Dies During Liver Transplant

by ThinkReliability Staff

In May 2010, a living liver donor died on the operating table.  Investigation showed that there were multiple issues related to the patient’s death.  The clinic was cleared of any wrongdoing in the death – and the surgeons there don’t believe that the surgical issues contributed to the death – but the clinic was cited for  violating rules designed to inform and protect donors.

We can look at all the related issues and see the cause-and-effect relationships in a Cause Map, or visual root cause analysis.  We begin with the impacts to the goals.  The patient death is an impact to the patient safety goal.  Patient deaths also cause impacts to related employees, which is an impact to the goals.  The citation for the violation of donor protection rules can be considered an impact to the compliance goals.  As a result of this incident, the clinic voluntarily stopped operations on living donors for 4 months, which can be considered impacts to the schedule and customer service goals.  Once the impacts to the goals are determined, we can begin with an impact and ask “why” questions to add detail to the Cause Map.

The patient death was determined to be due to a combination of cardiac arrest and excessive bleeding.  The cardiac arrest occurred because the patient’s heart was too weak to withstand surgery, and the patient was undergoing surgery.  The patient was donating a portion of his liver as a “living donor”.  Because the patient was not properly informed prior to his surgery, it’s unclear whether he would have continued if proper processes had been followed.  Donors are required to be given outcomes from both the site performing the surgery and national results.  The information the donor received was not up-to-date, as the paperwork had not been updated.   Additionally, because the donor’s needs may be opposite of the recipient’s needs, the donor’s advocate is required to be involved only in the donor’s care.  In this case, the advocate was also involved in the recipient’s care. Lastly, the patient received an abnormal EKG (which indicated that he may have had a prior heart attack) during his operation prep.  Although later testing showed that there was no reduction in blood flow to the heart, it’s unclear whether the patient was aware of these results or in a cardiologist was consulted.  The patient did not request a second opinion to determine whether or not he was healthy enough to handle the surgery.

Excessive bleeding occurred during the surgery and was thought to also have contributed to the patient’s death.  Bleeding occurred because the patient was in surgery.  Because the type of surgery the patient was doing is relatively new, it’s also possible that the surgeon’s lack of familiarity with the surgery may have contributed to the bleeding.  The bleeding wasn’t able to be stopped because it was difficult to find the multiple sources.  The patient was having laparasopically assisted surgery, which results in a quicker recovery time for the patient but also means that the bleeding source needs to be found through small holes, rather than one large incision.  Although the surgeons say it was not related to the patient death, a high speed blood pump was not used, though it was available, and the procedure for massive bleeding was not followed.

Whether or not these issues contributed directly to the patient’s death, they should still be reviewed as sources of improvement for the facility.  Other facilities as well can use this incident to examiner their own procedures and look for opportunities to increase patient safety.

To view the Outline and Cause Map, please click “Download PDF” above.

Patient Deaths Caused by Defective Defibrillator Wires

By Kim Smiley

A recent study determined that at least 20 patients have died as a result of defective defibrillator wires.  The wires, also called leads, connect the defibrillator to the heart to both monitor heart rhythms and deliver electric shock if needed.  Defective defibrillator wires have the potential to affect many people since more than 79,000 in the United States and 49,000 abroad have the implants.

This issue can be explored by building a Cause Map, an intuitive, visual root cause analysis method.  To begin a Cause Map, the first step is to determine what the impacts have been on the overall organizational goals.  In this example, the safety goal will be focused on since the study determined at least 20 patients have died as a result of this issue.  Once the impact to goals is found, the Cause Map is built by asking “why” questions and adding the information.

In this case, the patients died because their heart stopped.  The heart stopped because the patients were at risk of heart issues, had defibrillators implanted and the defibrillators malfunctioned.  Implanting defibrillators is a common treatment for certain heart conditions and many people have them.

The defibrillators malfunctioned because the wires used to connect the defibrillator to the hearts weren’t properly insulated and a short circuit developed, preventing the defibrillator from shocking the heart when it was needed.  The wires aren’t properly insulated because the silicone coating on the wires is breaking down over time.  The defibrillators are also malfunctioning because the issue with the wires isn’t one that can be found by routine monitoring so the problem isn’t identified until it’s too late.

The company that makes the wires is questioning the findings of the study and says that the information used was incomplete.

It’s also not clear at this time what the best course of action is at this time beyond continuing to monitor patients.  Removing the wires is considered to be a risky operation.

To view a high level Cause Map of this issue, click “Download PDF”.