Holland & Hart Healthcare Law Blog

        Two recent and unrelated cases this month involved the unlawful access to private medical records and the posting of them on the internet on MySpace in order to inflict pain in the prosecution of family feuds. Both feuds involved Asian families. In Hawaii, Rhonda Wong-Fernandez, a 22 year old mother of three small children, plead guilty to a felony charge of unauthorized use of a computer to access confidential records. Ms. Wong Fernandez was a friend of the victim’s sister in law who was feuding with the victim.  She obtained access to the medical records of the victim who was suffering from HIV at the Straub clinic and published them three times on MySpace. At one time she stated that “I hope she dies.” The victim did die in April.  Although the prosecutor requested a one month jail sentence, the judge disagreed and sentenced her to one year in jail, five years probation and 200 hours of community service. The judge ordered her taken into custody immediately and refused a request to defer the start of her sentence until she could provide for her 5 month old child.

 In the 1980s the Commercial Aviation Safety Team (“CAST”) determined that eighty five percent of aviation accidents and fifty two percent  of all fatal aviation accidents were the result of cognitive error by pilots. CAST pushed for the use of systems, checklists and foolproof communication systems to reduce the human element in aviation. The result was a fifty percent decrease in aviation accidents. The success of the systems method in aviation led healthcare safety advocates to campaign for the application of the systems model to tamp down the impact of human frailty on adverse healthcare outcomes. The systems model is now a fact of life in high risk medical procedure, pharmaceutical administration and other healthcare delivery modalities.

 You can see it in the operating room when a nurse paints a sign “the other leg” on your healthy limb or where two nurses must sign off on a prescribed medication. The interest in the systems application to quality improvement continues unabated. See Kahn, et al. , “To Err Is Human: Building A Safer Healthcare System.” National Academy  Press. Washington, D.C. (2000); Stripe, et al. “Aviation Model Cognitive Risk Factors applied To Medical Malpractice Cases.” (JABFM.org.);Inglehart & Fleming, “New Patient Safety Uses Aviation System Model.” Health Affairs Blog, April 13, 2009.

 Since the 1980s and the onset of the digital age the aviation model morphed into a much more pervasive systems intervention through the surge in computer driven maintenance and operational applications, not unlike parallel developments in healthcare. The crash of Air France Flight 447 A330 Airbus over the Atlantic Ocean on May 31, 2009 thrust to the fore two separate, but related computer systems driving  both airplanes and healthcare, albeit to differing degrees. The Airbus utilized the Aircraft Communication Addressing and Reporting System (“ACARS”). The onboard computers sent ten automatic maintenance messages to Paris indicating failures in the plane’s electrical systems and decompression of air in the plane’s fuselage.

 The current proliferation of medical devices with direct internet monitoring and reporting capacity provide the potential and fact of real time reporting of human body systemic failure to medical record repositories. The healthcare mimicry of aircraft maintenance information technology is upon us and we will likely embrace the use of “wearable” computers with growing fervor in the future.

Despite the apparent differences between healthcare and aviation, the information exchange paradigm used to insure quality in the aviation industry can be implemented to reduce the impact of the aforementioned system errors in health care delivery system (sic).

Martin, Lance, “Reducing Medical Errors Using an Aircraft Maintenance Information Technology (IT) System Model,” Dartmouth undergraduate Journal of Science. Dujs.dartmouth.edu/2004s/healthcareit.pdf.

 Despite Mr. Martin’s optimism and enthusiasm there appears to two principal kinks in both the aviation and healthcare systems that need to be addressed. The first relates to the information systems. There is no question that computer monitoring systems can generate a great deal of useful data. The critical question is how to sort and present the data in a format and application that can realistically serve the needs of pilots and practitioners. There needs to be assurance that the data is correct and not affected by defective “pitot tubes” or other malfunctions and a means to sift and prioritize mountains of data so as to provide real time, meaningful input to those sitting at the controls.

 The second concern relates to the ultimate control of the mission. The Airbus A330 contains the latest in fly-by-wire technology that substantially limits the operational control of the aircraft by the pilots. This is an exclusively electric system, without manual or hydraulic features. There is a debate ensuing in the blogosphere as to the degree of control, if any can be wrested from the computers by Airbus pilots in the event of an emergency. (Think of HAL in 2010:A Space Odyssey. That would be next year.)  The issue is at what point should human beings be able to reassert control from computer systems, particularly where onboard computers are juggling conflicting information from various sensors?

 Did the computers aboard Flight 447 malfunction causing a crash or did a last ditch effort by the pilots to regain control interfere with the failsafe functioning the planes systems? Was it a combination of both or an unremediable "act of God?" We may never know the answer.

Remember, more often than not, an airliner goes down at the end of a long chain of unrelated, seemingly innocuous decisions, malfunctions, mistakes and external factors. Remove any single link (or even change their sequence) and you have an on time arrival. Miles O’Brien Uplinks, June 19, 2009. trueslant.com/milesobrien/2009/06/10the-paradox-of-simplicity/.

 In the future computer systems will have an ever increasing role in healthcare decision making and treatment as the incorporation of artificial intelligence applications into electronic medical records provides a whole new platform and paradigm for healthcare delivery. The healthcare industry will eventually face the conundrum of when and under what circumstances a physician will need to regain control over the treatment process. The crash landing of U.S. Airways Flight 1549 in the Hudson River earlier this year underscores some legitimate concerns to keep in mind. That crash also involved an Airbus with a similar air flight control system, which may have unnecessarily shut down the plane’s engines after the bird strike, causing the plane to lose all thrust. There may come a time when we need a doctor with the nerve, experience and professionalism of a Chesley B. “Sully” Sullenberger, III to seize the controls and manage a life threatening emergency.

Recovery Audit Contractors (RACs) are in the process of saddling up for the nationwide roll out of their Medicare payment recoupment mission. Here are twenty-five recommended proactive steps to circle the wagons and defend the RAC threat.

1. Develop and implement a written audit defense plan- the government bounty hunters are coming your way and they will be looking for the  low lying fruit.

2. Select an audit team or responsible persons depending upon the size of your organization. Including if appropriate internal audit, billing and coding, medical records, risk management and the CFO.

3. Assign specific team member responsibilities in dealing with anticipated audit issues.

4. Consider running an internal pre-audit to identify vulnerabilities such as “medical necessity” and “duplication of services.”

The federal squeeze of health care providers is underway. Federal Medicare recovery “bounty hunters,” the Recovery Audit Contractors (“RAC”), are marshalling resources for the anticipated, algorithm primed, data mining hunt for Medicare overpayments from hospitals, physicians, DME companies, hospices and other providers, which is likely to bloom in the second half of this year. Those that attempt to mislead the government or its computer toting agents in order to limit the harvest are facing additional potential exposure under the Federal False Claims Act, 31 U.S.C. §3729-3733 (“FCA”).

The front page of the New York Times today carried a story by Pam Belluck on a hospital’s promotional webcast of Shila Renee Mullins’s brain surgery to extract a malignant tumor, which raised conflicting opinion is about the wisdom, benefit and ethics of the public dissemination of personal medical information, even if consensual, and the public access to dramatic interventional medical procedures. Some hospitals are featuring twittering during operations in order to apprise relatives and others of the progress of thee procedure in real time.

The growing interoperability between medical devices and electronic medical records gives rise to new opportunities in the transmittal and collection of vital medical data. New vulnerabilities arise as well. Last month, the Internet Storm Center sponsored by SANS (SysAdmin, Audit, Network, Security Institute) warned that the Conflicker worm had infected approximately ten million internet devices including MRIs. SANS is a cooperative research and education organization that since 1989 has specialized in information security technology training and awareness.

The Conflicker worm attacks holes in Windows OS with advanced malware techniques. It is the largest worm infection since the SQL Slammer worm. Many of the infected devices were not designed for internet connectivity. The efficacy of the infection repair is complicated by a FDA regulation which limits the ability to issue an internet “patch” for 90 days, and apparent triumph of law over common sense in crisis with a unique and unanticipated need.

“Health 2.0” or “Medicare 2.0” relates to a new paradigm in the relationship between patients and physicians, in particular the application of Web 2.0 interconnectivity tools or social media technology to the provision of health care.  One of the ironies of this movement is the emphasis on sharing rather than protecting or hiding health care information.  The www.patientslikeme.com  website sponsors  patients as partners with their physicians in assembling and sharing information related to specific diseases.  Patientslikeme assembles and aggregates patient information related to 5 chronic illness categories: Amyotrophic Lateral Sclerosis (ALS); Parkinson’s Disease, HIV/AIDS, Multiple Sclerosis and Mood Disorders.  Participants share treatment experiences, drug side effects, new treatment regimens and even organize and participate in their own clinical trials. 

There is a growing proliferation of on-line personal health records companies who undertake to warehouse and store personal health records for  consumers on line. Four of the most  prominent of these companies are Google Health, Microsoft Health Vault, RevolutionHealth Health Records and WebMD Personal Health Records. On April 20, 2009, the FTC took a first step in providing notice of breach standards for these companies by offering a proposed rule for public comment. The Rule will be available for public comment until June 1, 2009, with the intent to make the final rule effective in September, 2009. The Proposed Rule can be found at 74 Fed. Reg. 17914. and is slated to be included in the Code of Federal Regulations at 16 CFR § 318. The FTC's action is a mandate under the American Recovery and Reinvestment Act of 2009

The convergence of four new technologies promises to evolve into the Medical Record of the Future creating the potential of a "Borg-like" "Collective" of human experience and data linking those living now with the human experience of the past and future. A tall order? Think of what is happening today with the first baby steps of conversion of medical records into standard electronic format. The recent development of standardized electronic billing formats mandated by the Healthcare Insurance Portability and Accountability Act of 1996 ("HIPAA") was a precursor to the larger government of objective of the complete transfer of all medical records into electronic format and the elimination of paper records.

The diet industry in the U.S. is a billion dollar industry where diet trends can make or break entire sectors of agribusiness. Last fall there was joy in Kansas City as are result of the ascendancy of the Adkins Diet first introduced in 1972. See "Atkins diet fires up the beef industry" ("[t]he hotter-than hot Atkins diet is subtly reshaping the consumer food chain -putting sizzle in the U.S. Beef market, while slimming demand for pasta and bread") by Jennifer Mann in the Kansas City Star on October 1, 2003.