Liability

[nihil]

Even in this case the doctor didn't go to jail.

Over here the doctor would not even be reprimanded or criticised in the media.............he would most certainly win a libel suit if they did.

i know that I sure they hell wouldn't touch a patient if I thought there was even the slightest possibilty that I might not have comprehensive information on the patient and even following best practices might land me in prison.

I was wondering if that was the reasoning behind those thumb drive medical records shown on the site I linked to? For people who are actually worried that they won't get prompt attention?

[Maestr0]

This is totally different...
The hospital had access to the allergy information, but didn't provide this information to the patient (via the print out) and this error wasn't caught as the result of neglect.
Even in this case the doctor didn't go to jail.

Actually, this is exactly the same. I haved no idea what you are talking about as far as the patient not seeing something. What the article says since you must not have read it, is that a drug was prescribed that the patient was allergic to. This allergy was recorded on the written record, but not in the computer. So your scenario of "its not in the computer, must not exist" is exactly what happened. As WolfRune pointed out, people in the real world do still keep hard copies for just this sort of thing (or should). and as Neg pointed out, the data was "inaccessable" this is VERY diffrent from non-existent. Perhaps the doctor should just throw all his written records away, or lock them up making them "non-existent". I think dosing patients with drugs that may, or may not, cause an ADR because you didnt feel like looking for them, is quite negligent. And yes, you're right he didn't go to jail, but at no time did I see anyone mention criminal charges. The thread title is "Liability" we have civil courts here too.

-Maestr0

PS. If you drop the patient database, you are not removing a row, you dropped the whole database. This is definitely NOT going to return a NULL, its going **** its pants because something is very wrong, theres not even a table to run a query on, or in the case of corruption, I'm not sure what makes you think its likely that the patient record will return correctly except for the allergy row, which is nice and NULL. I have NEVER seen a databse that is corrupted do that.

[catch]

Actually, this is exactly the same.

No, they are clearly different.

I haved no idea what you are talking about as far as the patient not seeing something. What the article says since you must not have read it, is that a drug was prescribed that the patient was allergic to.

"<i>She was allergic to sulfa drugs, however, a fact noted in her written record but not on the computer-generated record the resident reviewed before prescribing the drug.</i>"

"<i>At the trial, the family’s expert witness testified that the discharge nurse should have compared the doctor’s prescription with the patient’s written record before sending the patient to the clinic’s pharmacy to have the co-trimoxazole prescription filled.</i>"

Clearly the patient was not provided with the information (on their checkout information).

The rest of your post is irrelevant.

For example:

at no time did I see anyone mention criminal charges.

Are we reaing the same thread?

"Assuming that there are no allergies because there are no records (which is exactly the case here) is a one-way ticket to jail - you bet the DA will attempt to hold the doctor accountable."

Is but one of many mentions of criminal charges.

Another example:

If you drop the patient database, you are not removing a row, you dropped the whole database. This is definitely NOT going to return a NULL, its going **** its pants because something is very wrong, theres not even a table to run a query on, or in the case of corruption, I'm not sure what makes you think its likely that the patient record will return correctly except for the allergy row, which is nice and NULL. I have NEVER seen a databse that is corrupted do that.

You have no idea what kind of error handling the front end has (though being a potentially life or death installation it was most likely done in Ada, which has excellent error handling abilities and pretty much never "****(s) its pants")... and to even assume is beond the scope of the example.

All it says is:

"Patient dies from allergic reaction to meds after Doctor can't access patient records."

Does it say that the doctor received an error from the database that something was wrong?
Does it say that the doctor ignored a hard copy of the patient's file?
Does it say the doctor perscribed something exotic that a significant percentage of the population has a reaction to?
Does it say the case was or wasn't a life or death tramua issue?

All we know is that the doctor couldn't access the records, accordingly the doctor did not violate the information availible to them.
Why is this so hard to understand?

cheers,

catch

[rcgreen]

Look at it this way. If you were the patient's lawyer, who would you sue?
I can't imagine suing anyone but the hospital, along with the doctor.
They are the ones with the money. Your client was in their care.
A mistake was made, they are liable. If they argue mitigating circumstances
in their defense, "a hacker hacked our database", the judge would likely say,
"I sympathize with you, but surely the patient shouldn't be the one
to accept the risk. You are responsible for your database, now pay the man"

If you were the D. A., you would charge the hacker who damaged the system,
assuming she got caught, but you might use the opportunity to plug for
some new draconian laws that would give you all sorts of new powers.
Nothing like a good horror story to grease the skids for sweeping new laws.

[!mitationRust]

I swear........ there would be NO ER's .... How do you check a homeless mans records if they just brought him in from under an overpass because his leg needs to be amputated from neglected diabetes? They go ahead and follow through with medicine to the best of their abilities before he dies. The general public understands this.

[jinxy]

The professor (1a... Discovered the exploit, did not report it)

Prof does not have to report the bug. Whether he should have expected his tool to be made public would depend on how he presented the tool to the class. But I would expect him not to be at fault.

The student (1a... Let the tool into the public unknowingly)

He posted onto the internet. The tool is now puplic. This should have been expected. However I suspect the student to have been acting ethicaly and not at fault.

The script kiddie (1b... Pumped the tool out to the blackhats)

Kiddies actions are unethical and the insuing exploitation should be predictable. At fault and responsible.

Johnny (2a... wrote the worm that mindlessly exploited the system)

Outcome predictable. At fault and responsible.

Mallory (2a... Knowingly exploited the system)

As above.

Alice (3... Neglected to secure machine)

Alice is not apart of the equation.

First National Hospital Sysadmins(3... Neglected to secure machine)

In the given scenario the compromisation of the system is predictable also unethical. At fault and responsible.

ISP (Because Bruce Schneier said so)

I read that crap aswell. Although I do believe ISP's having the technology to clean their networks should do so.

See the attached for guidance.

[Negative]

Catch > Malpractice laws are extremely complicated. If you can guarantee that an MD, under the circumstances described, would get off the hook, you need to get into a law career - you would be filthy rich in no time. That's the difference here: I'm saying that it is very likely that the doctor will get sued (probably in a criminal trial, definitely in a tort trial) and that it is pretty likely that the doctor won't "just get away with it." You on the other hand are absolutely convinced that the doctor will get away with it, aren't you?

Lawyer: "So, doctor, you're telling me that you tried to look at the patient's record?"
Doctor: "Yes, I did."
Lawyer: "But the system wouldn't let you?"
Doctor: "Correct."
Lawyer: "So you just assumed that there weren't any allergies?"
...

And you are convinced that the doctor could get away with that?

[steve.milner]

No one has actually considered that the patient might be responsible.

Any doctor worth their salt will ask a patient if they know of any allergies.
If I had a severe life threatening allery to a drug then I would wear a medicalert bracelet so that even if I was unconsious the info would be there.

Steve

[Negative]

Doesn't the "Patient dies from allergic reaction to meds after Doctor can't access patient records" part of the question imply that there were allergy records (meaning that the patient provided allergies to the hospital)? How in the world are you going to hold the patient responsible?

That sentence tells me that:
- the hospital had patient records, including patient allergies
- the hospital lost the records
- the doctor tried to check the records because that's what a doctor is supposed to do
- the doctor could not get access to the records
- the doctor went ahead and administered drugs
- those drugs happen to kill the patient because (s)he was allergic to them

[Egaladeist]

Very good point steve...

You must spread your AntiPoints around before giving it to steve.milner again.

Eg