Canberra Hospital embroiled in data scandal

Powered by SC Magazine
 

Several insiders suspected to have manipulated emergency records.

A Canberra Hospital executive has admitted to manipulating Emergency Department records to make wait times and stays appear shorter than they were.

The executive told the Director-General of the Health Directorate they had made "approximately 20 to 30 changes to hospital records" a day from "late 2010" onwards.

ABC News reported that the matter has been referred to police, while the executive has been suspended without pay.

Though the data manipulation was initially said to be motivated by concerns over job security, changes in 2011 and early 2012 were said to have been made due to "managerial pressure" to improve publicly-reported performance statistics.

"The only thing that worked to achieve benchmark targets was to alter the data," the executive later told investigators at PricewaterhouseCoopers (PwC), which was engaged by Health to perform a forensics analysis. The analysis is detailed in a new Auditor-General report (pdf).

In total, PwC found 11,700 performance records - about six percent of all records stored in the hospital's iSOFT emergency department information solution (EDIS) - had been altered.

It is believed more staff at Canberra Hospital altered records than the executive that has so far admitted responsibility.

"While an executive has admitted to changing EDIS records, it is probable that EDIS records have also been manipulated by other persons with access to the system," the federal auditor-general noted overnight. 

"The executive’s admission to Audit does not appear to account for all of the changes to EDIS records that have been made to improve timeliness performance."

For example, changes to EDIS records, albeit a much smaller number, appear to have been made on days when the executive was on leave (seven days in total in 2010-11 and early 2011-12). 

User access control, IT security failures

Poor controls such as generic logins and inadequate user and password security made it easy for insiders to game the data.

While EDIS was on approximately 259 workstations across the hospital and 253 users had permission to run the software, there were only 23 user accounts.

Of these user accounts, only eight were in regular use, including four named administrator accounts (specific to administrative staff) and four generic user accounts: CLERK, NURSE, DOCTOR and BEDMAN.

The generic accounts could be used by personnel across the hospital, not just within the Emergency Department.

Passwords for the four generic user accounts were "very poor" and had "never been changed". Password expiry was set at a default 999 days.

Audit logs were equally poor, not proactively checked and unreliable.

"A feature of the logging record is that it logs the changed field in EDIS and a number of other fields simultaneously, while not identifying which field was changed and what its original value was," auditors noted.

"Audit also notes that the logging record is also ineffective, because every entry in EDIS is logged from “Workstation 14”.  

"Although EDIS has been disseminated widely throughout the Canberra Hospital each of these users logs into EDIS using the common “Workstation 14”.  

"This practice, combined with the use of generic user accounts, makes the EDIS logging information useless for investigations of unauthorised activity."

Furthermore, it was possible to edit EDIS records up to 72 hours after a patient’s treatment, providing a generous window for later unauthorised changes to the records.

Noticing anomalies

It was only in April this year that a full inquiry was commissioned after "anomalies" in performance figures were spotted by the Australian Institute of Health and Welfare (AIHW).

The AIHW found an unusually high number of emergency patients that were reported to have been seen at exactly within the required time for their illness category. 

For example, there was an unusually high number of patients who were reported to have been seen at exactly 30 minutes or 60 minutes. 

In addition, an unusually high number of people checked out of the Emergency Department precisely 240 minutes after their recorded arrival.

The records that were manipulated mean that publicly reported information relating to the timeliness of access to the Emergency Department and overall length of stay in the Emergency Department have been inaccurately reported.

The report could not ascertain the level of over‐estimation due to the lack of a clear audit trail identifying what were legitimate and what were fabricated entries in patients’ records.  

Nevertheless, Audit estimates that in the latest 12 months for which records have been examined (April 2011 to April 2012), the Canberra Hospital’s ATS Category 3 results (i.e. achievements against the target of being seen with 30 minutes) were overstated by at least 19 percent, and ATS Category 4 results (being see within 60 minutes) were overstated by at least 10 percent.

Copyright © iTnews.com.au . All rights reserved.


Canberra Hospital embroiled in data scandal
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1440

Vote