Liability

You will note that earlier in this conversation I said it wasn't the sysadmins but people higher up in the Administration Dept.

Quote:

---

Which brings me to the real culprits... First National Hospital Administration. Their failure to either provide or enforce proper security guidelines over the IT department would be a pile of HIPAA violations at best, and some kind of homocide by gross neglect/deranged indifference at worst. Administration may argue that the cost cutting orders came from executive management... and well if this could be proven the guilt would then of course fall there.

---

Sysadmins would be in the IT dept. which I stated administration failed to enforce proper security guidelines over. Clearly the issue falls initially on the data owner, but it is rare that it stays there without the data owner just being evil... most likely it falls downhill a bit to some point of previously unknown non-compliance.

Please read my responses before replying, it will save time and space.

However... if it is deemed that SOMEHOW the sys admin managed to violate the Adminisrations best practice compliant security and enforcement policy WITHOUT anyone knowing... then perhaps the sysadmin could be accountable for homocide by depraved indifference. This however takes a good number of very unlikely assumptions and is silly to worry about.

cheers,

catch

Quote:

---

Sysadmins would be in the IT dept. which I stated administration failed to enforce proper security guidelines over. Clearly the issue falls initially on the data owner, but it is rare that it stays there without the data owner just being evil... most likely it falls downhill a bit to some point of previously unknown non-compliance.
Please read my responses before replying, it will save time and space.

---

Why, in every discussion you're in, do you doubt that people read your responses before replying?

It doesn't matter who in the end you think is responsible for the HIPAA violations (although it's going to be 1 single person, and not "people" like you keep saying) - a sys admin, someone higher up in management, whomever it is... charging him/her with homicide is absolutely ridiculous.

Quote:

---

No DA in the country would pursue a criminal charges against an individual who acted within the best practices of their profession. You have no case, there was no action through malice, indifference, or neglect.

---

There was definitely an action through indifference and/or neglect. If "assuming that there are no allergies when a patient record that should be there is not there" is "acting within the best practices of their profession", then I have little hope for the future of such a profession.

Quote:

---

Why, in every discussion you're in, do you doubt that people read your responses before replying?

---

When people respond to things that I didn't say, I call them on it. As you have done, and I have done. Unfortunately it is a common "tactic" when people can't win a debate, they just fabricate one the can win. Even more unfortunate to see some at your level here taking part in such tactics.

Quote:

---

It doesn't matter who in the end you think is responsible for the HIPAA violations (although it's going to be 1 single person, and not "people" like you keep saying) - a sys admin, someone higher up in management, whomever it is... charging him/her with homicide is absolutely ridiculous.

---

You are mistaken about the HIPAA violations and really all of this is black letter law, it's not like I'm skirting anything. Each data owner is accountable, are we to assume that the whole of the data lost has a single owner? Possible, but very unlikely. beyond that you have the potential for violations (in a case so drastic as this, likely multiple violations) that may have been unknown to the data owners, even within a system of best practice policy enforcement.

Charging that individual with homicide by reason of depraved indifference is possible and probable in an instance where the violations of bet practice was so substantial. the entier database network segment was public and unsecured? Someone will be held accountable for the resulting death.

Quote:

---

There was definitely an action through indifference and/or neglect. If "assuming that there are no allergies when a patient record that should be there is not there" is "acting within the best practices of their profession", then I have little hope for the future of such a profession.

---

See... there you go making assumptions again...

You assume the case wasn't an emergency
You assume it was a common allergy
You assume the allergy was even listed in the database
...

You are extending the example beyond its original scope.

All it says is:
"Patient dies from allergic reaction to meds after Doctor can't access patient records."

And from this you assume wrong doing beyond a reasonable doubt no less (I believe a "one-way ticket to jail" was the expression), on the doctor's part.

cheers,

catch

"Patient dies from allergic reaction to meds after Doctor can't access patient records."

The key point to me here is "can't access patient records". To me, that means that he tried to access patient records - if not, it would say something along the lines of "[...] after Doctor fails to consult patient records". He tries to access the records, but fails. And yes, I assume that allergies are listed in that database - what makes you think that something as important as allergies would not be listed in those records... wouldn't that be the only hospital in the country that doesn't list them? I don't assume it's a "common allergy' - I do assume that if the doctor would have consulted the records (if they would be there), that the patient wouldn't have died.
And yes, it could be an emergency, and that would change things. In all other cases: bad decision on the doctor's part.

Quote:

---

And yes, I assume that allergies are listed in that database - what makes you think that something as important as allergies would not be listed in those records... wouldn't that be the only hospital in the country that doesn't list them?

---

When was the last time you were injected with, oh say synthetic epiniepherine? (a very common ER drug) Are you allergic? Could be... how would you know?

When was the last time you checked into a hospital? What if you've never been there before and check in unconscious... where will they get your meical records? The doctor would have no way of knowning if you'd even been there before or the records were just dropped as in the example. Considering the system is a life and death one it was prolly written in Ada which has remarkable error handing capabilities and an empty record would likely look the same either way (since the doctor doesn't have a need to know that the DB was dropped). Does the doctor have time to really research the issue?

Once when I was a kid, I chased a baseball into a cluster of poison ivy plants without realizing until I was in them. Not even so much as the slightest itch. For the rest of that summer I was dedicated poison ivy ball fetch. The next year, I made very slight contact with the same poison ivy plants and I had to go to the ER because apparently I rubbed my eyes and they became so puffy, along with the rest of my body that I couldn't see and they thought my through might close.

There is no reason to assume that they would be listed in the database.

cheers,

catch

Key Phrases:

Criminal Intent(must prove).

Malice aforethought (must prove).

What would a reasonably prudent similar person do under the same circumstances?

cheers

Catch > I don't say that the allergy would/should be listed in the database, I say that allergies are always listed in patient databases. That one sentence implies that because of the not-being-able-to-access the records, the patient was administered a drug he was allergic to. If you do not take that applied meaning into account, then what's the point of this entire discussion?

Why don't you tell me what that one sentence means to you? Does it simply mean that "the doctor tried to access the records, didn't see any mention of an allergy, and administered a common drug"? Or what?
I am assuming because of implied meanings. You are assuming the opposite, and maybe it's time we start looking at what exactly is more likely...

First. implied is never beyond a reasonable doubt.

Second, it doesn't matter what we see as outsiders, the fact is the doctor didn't have access to the information. It doesn't matter if an allergy as present or not as for as the doctor's liability is concerned.

cheers,

catch

A wise doctor would weigh the risk and benefits of the drug before deciding to give it,
and a lot of that really depends on the patient's condition too...

For example if it's life threatning, and there's no other drug which has less serious side effects in general that could still save his or her life, then the Doctor has no other choice but to give the drug otherwise the patient is going to end up dead anyway.

Am I right or am I right? :D

Catch > The simple fact is that your interpretation of that one single sentence is different than mine. I've shared my interpretation numerous times, and I base my conclusion on that interpretation. You don't agree with my interpretation (although I'm pretty sure you agree with the conclusion I draw from that interpretation), but you can't tell me what your interpretation of that one sentence is?