Reader Milan Vydareny of Chicago writes:
I was watching CNN the other day while on a treadmill at the gym at 5:00 AM. There was a commercial from a legal firm seeking to promote litigation over some medical device that had been recalled. The announcer intoned “If you or a loved one have died because of using….”
The thought that came to my mind was: “Just how many dead people are listening to CNN at this hour?”
On October 1 a new law went into effect in Nevada requiring businesses to encrypt all “personal identifying information” (things like Social Security and drivers’ license numbers and credit card numbers) of customers in email and “electronic transmissions” more generally. The law has raised concern among, e.g., law offices and medical providers which often work with client documents containing such numbers; it will now be unlawful (say) to email such documents from a professional’s workplace to his or her home office absent encryption. Howard Marks at Information Week (Oct. 13):
Electronic transmission isn’t defined, so one interpretation would include the telephone — so if you forget the password to your online banking account, your bank will have to snail mail or fax you a new one. It does say “to a person outside of the secure system of the business,” so you don’t have to run out and encrypt all your disks like the vendor that brought this to my attention would like.
Don Sears at Baseline (Sept. 19) cites a Las Vegas lawyer on such problems with the law as “the lack of coordination with industry standards and the unclear nature of penalties both criminal and civil” and concludes “once again, the legal system and the IT industry are faced with potentially bigger compliance and liability issues than they probably intended.” At Davis Wright Tremaine’s Privacy and Security Law Blog (Feb. 27), Randy Gainer cites similar (but not identical) mandates moving forward in other states and also notes, “the overwhelming majority of reports of stolen and lost consumer data relate to stored data, not data in transit…. The limited, data-in-transit, encryption mandate in the Nevada statute will therefore do little to stem the tide of stolen and lost consumer data.” Marian Waldmann at Morrison & Foerster (Oct. 2007) notes California’s more sweeping but less specific mandate for businesses to implement and maintain “reasonable security procedures and practices”, and also points out that the determination of whether an out-of-state entity dealing with Nevada residents is “doing business” in the state, and therefore subject to legal mandates of this sort, has been described by the Nevada Supreme Court itself as “often a laborious, fact-intensive inquiry resolved on a case-by-case basis” in litigation. Other commentary: Sidley Austin, Lori MacVittie/DevCentral.
And now here comes the lawsuit against the hospital, blaming it for the baby’s deficits. Attorney Harold “Tripp” Sebring III has couched the suit against University Community Hospital in Tampa as one on behalf of the child, Brianna Rose Lumley, rather than the mother, Robin Lumley. Per Chicago psychiatric trauma specialist Alexander E. Obolsky, the suit represents “chutzpah”: “This is America. You’ve got to love this country. This woman doesn’t know she is pregnant, but somebody else should.” (Colleen Jenkins, “St. Petersburg Times, Oct. 7).
Reacting to a case from Connecticut, Scott Greenfield deplores the apparent decline of standards among double-dealing criminal defense attorneys: “For God’s sake, man, if you are going to engage in flagrantly unethical behavior, at least avoid being a moron while doing so.” (Oct. 13; Hilda Munoz, “Attorney Found Guilty Of Bribing, Tampering With Witness”, Hartford Courant, Oct. 10).
Can we make “nonexistent” one of the options?
P.S. Relatedly, or not, Democratic candidate Obama has called for making women register for the draft.
The other day we relayed an account of a Ralph Nader rally at Dartmouth whose attendance was said to be eight persons. Other coverage now indicates that the number eight is the approximate number of Dartmouth students in attendance, and that other attendees brought the crowd count up to forty. Sorry.
We’ve often touched on the subject of lab testing and defensive medicine, but as Happy Hospitalist points out [Oct. 11], ordering needless testing is by no means the only way the various parties endeavor to avoid liability. Another is the superfluous communication of not-really-urgent abnormal test results, sometimes on a doctor’s pager at 4 a.m.:
Unfortunately, patient safety is rarely an issue. It’s a giant game of shifting liability. The lab documents they notified the nurse–>lab off the hook if something bad happens. The nurse notifies the doctor —> nurse off the hook if something bad happens. Doctor is left with a critical value called 10 or 20 times a day, interrupting the entire flow of patient evaluations and discharges. Every time, I must stop what I’m doing and answer a page for a critical lab value, I lose valuable face time with patients. And it all adds up over the course of a day. I wouldn’t have a problem with the system, except that critical thinking has been removed from the equation. The nurse is not allowed to make judgments as to whether a phone call is warranted or not.
As a default protocol of calling all critical lab values, the liability is shifted up the educational food chain, landing ultimately on the physician’s lap. Often times a nurse is not allowed to not call a critical lab value. The problem is, what the hospital has defined as critical, does not apply to the vast majority of critical lab values reported. What’s considered critical by hospital standards, is a normal or chronic value for [that particular] patient.
Whole thing here.