Canberra Hospital embroiled in data scandal

Several insiders suspected to have manipulated emergency records.

A Canberra Hospital executive has admitted to manipulating Emergency Department records to make wait times and stays appear shorter than they were.

The executive told the Director-General of the Health Directorate they had made "approximately 20 to 30 changes to hospital records" a day from "late 2010" onwards.

ABC News reported that the matter has been referred to police, while the executive has been suspended without pay.

Though the data manipulation was initially said to be motivated by concerns over job security, changes in 2011 and early 2012 were said to have been made due to "managerial pressure" to improve publicly-reported performance statistics.

"The only thing that worked to achieve benchmark targets was to alter the data," the executive later told investigators at PricewaterhouseCoopers (PwC), which was engaged by Health to perform a forensics analysis. The analysis is detailed in a new Auditor-General report (pdf).

In total, PwC found 11,700 performance records - about six percent of all records stored in the hospital's iSOFT emergency department information solution (EDIS) - had been altered.

It is believed more staff at Canberra Hospital altered records than the executive that has so far admitted responsibility.

"While an executive has admitted to changing EDIS records, it is probable that EDIS records have also been manipulated by other persons with access to the system," the federal auditor-general noted overnight. 

"The executive’s admission to Audit does not appear to account for all of the changes to EDIS records that have been made to improve timeliness performance."

For example, changes to EDIS records, albeit a much smaller number, appear to have been made on days when the executive was on leave (seven days in total in 2010-11 and early 2011-12). 

User access control, IT security failures

Poor controls such as generic logins and inadequate user and password security made it easy for insiders to game the data.

While EDIS was on approximately 259 workstations across the hospital and 253 users had permission to run the software, there were only 23 user accounts.

Of these user accounts, only eight were in regular use, including four named administrator accounts (specific to administrative staff) and four generic user accounts: CLERK, NURSE, DOCTOR and BEDMAN.

The generic accounts could be used by personnel across the hospital, not just within the Emergency Department.

Passwords for the four generic user accounts were "very poor" and had "never been changed". Password expiry was set at a default 999 days.

Audit logs were equally poor, not proactively checked and unreliable.

"A feature of the logging record is that it logs the changed field in EDIS and a number of other fields simultaneously, while not identifying which field was changed and what its original value was," auditors noted.

"Audit also notes that the logging record is also ineffective, because every entry in EDIS is logged from “Workstation 14”.  

"Although EDIS has been disseminated widely throughout the Canberra Hospital each of these users logs into EDIS using the common “Workstation 14”.  

"This practice, combined with the use of generic user accounts, makes the EDIS logging information useless for investigations of unauthorised activity."

Furthermore, it was possible to edit EDIS records up to 72 hours after a patient’s treatment, providing a generous window for later unauthorised changes to the records.

Noticing anomalies

It was only in April this year that a full inquiry was commissioned after "anomalies" in performance figures were spotted by the Australian Institute of Health and Welfare (AIHW).

The AIHW found an unusually high number of emergency patients that were reported to have been seen at exactly within the required time for their illness category. 

For example, there was an unusually high number of patients who were reported to have been seen at exactly 30 minutes or 60 minutes. 

In addition, an unusually high number of people checked out of the Emergency Department precisely 240 minutes after their recorded arrival.

The records that were manipulated mean that publicly reported information relating to the timeliness of access to the Emergency Department and overall length of stay in the Emergency Department have been inaccurately reported.

The report could not ascertain the level of over‐estimation due to the lack of a clear audit trail identifying what were legitimate and what were fabricated entries in patients’ records.  

Nevertheless, Audit estimates that in the latest 12 months for which records have been examined (April 2011 to April 2012), the Canberra Hospital’s ATS Category 3 results (i.e. achievements against the target of being seen with 30 minutes) were overstated by at least 19 percent, and ATS Category 4 results (being see within 60 minutes) were overstated by at least 10 percent.