Investigators have been unable to trace a doctor
involved a medical blunder that ended in a patient's death because
staff in a Devon hospital had beensharing computer
passwords.
The case shows the incompatibility between the way doctors work
in practice and the high security needed to protect large databases
of confidential patient information under the £12.7bn
National Programme for IT (NPfIT).
Password sharing in the NHS is said to be endemic in the NHS
partly because space for computer screens in wards is limited, as
is time for clinicians to log in and out.
The case centres around the death of Muriel Elliott, who was
admitted to Derriford Hospital in Plymouth last year after
suffering a stroke following heart by-pass surgery. She died
thirteen days after medical staff wrongly inserted feeding tube
into her lung instead of her stomach.
A hospital investigation has been unable to identify the doctor
responsible for viewing an electronic x-ray image. The doctor
allegedly told nursing staff that the nasal gastric tube was in the
correct position before Muriel Elliott was transferred to the Acute
Stroke Unit.
The doctor who checked the position of the tube had not made a
record of it in the patient's notes. And the doctor whose password
was used to view the stored x-ray image was not working at the
hospital at the time, it has emerged.
The hospital uses a
picture archiving and communication system (Pacs) and "Cris"
Radiology Information System which were installed in 2006 under the
NPfIT. The Pacs system is linked by the N3 broadband network to a
remote data store, with access to images through workstations and
web-based PCs
The local police's "Major Crime Investigation Team" is now
investigating.
Brian Gerrish, Mrs Elliott's son-in-law, told the BBC, "This is
absolutely incredible Derriford does not know who the doctor was
that made a clinical decision that resulted in a death and it's
possible it could have been somebody who just walked in off the
street, because they have no idea."
A statement issued by Plymouth Hospitals NHS Trust said, "The
trust has stringent policies and guidelines concerning patient
confidentiality and the use of its IT systems. We expect all staff
to work according to these policies and any breach of security is
investigated and appropriate disciplinary action taken whenever
necessary.
"This case has been subject to a full investigation within the
trust and the results and recommendations of that investigation
have been shared with the coroner. The case has recently been
referred to Devon and Cornwall police and enquiries are at an early
stage. At this time it is not appropriate for the trust to comment
further."
NHS Connecting for Health said, "Individual users set their own
passcode which may not be shared with anyone else. Password sharing
represents a misuse of a system and the Department of Health
published a joint statement along with the GMC and the Information
Commissioner, which made it clear that from policy, professional
and legal perspectives there is zero tolerance on such
behaviour."
Officials at NHS Connecting for Health who help run the NPfIT
have said many times that national systems are more secure than
paper records, in part because audit trials show who has viewed
what patient records.
For more detail on this story see
Password-sharing hinders probe into serious blunder on Tony
Collins' IT Projects blog >>