Workarounds in Healthcare Facilities

Workarounds in Healthcare Facilities Workarounds refer to the alternative methods "of accomplishing an activity when the usual system / process is not working well" (Pennsylvania Patient Safety Advisory, 2013). In as much as workarounds may temporarily solve existing problems, they also indicate inefficiencies and deficiencies in the current system. Workarounds may at times be effective and more convenient, compared to the system in existence, but a regular use of the same could endanger both the safety of patients and the facility's reputation.

A workaround can, therefore, be termed as an at-risk behavior that does not yield concrete long-term solutions to existing problems. Therefore, "workarounds perceived as necessary by the user for patient care, efficiency or safety, may be beneficial, neutral, or dangerous for patients' safety" (Koppel, Wetterneck, Telles & Karsh, 2008, p. 1). A description of Workarounds in a Selected Facility Workarounds can take a variety of forms. For instance, I know of a situation where practitioners bring to work their personal mobile devices and facilitate workarounds using the same.

These devices include personal smart phones, tablets, laptops, etc. A range of workarounds is involved in this case. One of the more common ones, for instance, involves storing or transferring patient data, to other workers, using the up-to-date applications available on such devices. In some cases, this data exchange takes the form of text, e-mail messages, or social media platforms. One possible scenario is; a nurse sends a doctor a picture of, say, a patient's wound, via her personal device.

The doctor views the sent picture, on his device as well, and then gives instructions to the nurse. The logic is obvious; there is faster communication, and the nurse could efficiently serve multiple clients. However, this kind of workaround has a number of implications. First, the photograph, and the instructions given, bypasses the facility's electronic database. Secondly, there is the possibility of data breach should the mobile devices fall into the wrong hands.

Thirdly, the existing system may never get updated, as the facility's IT unit may never be made aware of these kinds of exchanges. Workarounds; Trends and Statistics Workarounds have been a common phenomenon within the influential health sector; but again, so have the number of breaches. The federal government stepped in, in an attempt to curb the spread of the same, through the HITECH Act of 2009. The Act requires health facilities to report to the U.S.

Department of Health and Human Services (HHS) any data breaches in their units, which involve at least 500 individuals. As at the 21st of February this year, a massive 543 such breaches had been reported. It is estimated that "these breaches of health information have affected more than 21 million individuals" (Intel, 2013). Most of these data breaches are as a result of stolen devices. Why Practitioners Opt for Workarounds Despite the worrying trend in data breaches and the dangers involved, most health practitioners still engage in workarounds.

A survey carried out by HIMSS Media at the beginning of this year sought to find out the reasons for this. 674 health workers were interviewed (Intel, 2013). A majority of them cited the inefficient and out-of-date nature of the current health systems as the core reason for preferring workarounds. A significant number felt that their facilities' IT units were either not aggressive enough in embracing advanced technologies, or designed applications that were rigid and restrictive (Intel, 2013).

Due to these reasons, most practitioners disregard the organizational systems, and make use of their more efficient mobile devices. The HHH recognized the popularity of such mobile devices and put in place measures aimed at increasing their use, while minimizing the possibility of data breaches (Intel, 2013). The Meaning Use Stage 2 final rule required all mobile devices used within a facility to be linked to the main system through a coding (encryption) mechanism (Intel, 2013).

This way, a person would have to input the necessary code in order to access the information stored in the devices. However, this did not help much; health workers felt that it infringed on their privacy (Intel, 2013). The Legal, Ethical Issues Surrounding Workarounds, and the Associated Risks Health facilities have a duty to protect and maintain the confidentiality of their patients' health records. Workarounds endanger the safety of patients and their privacy. This is so because they often involve error in some cases, and may, consequently, cause injuries.

Additionally, data breaches could be harmful to the individuals involved; as unscrupulous individuals may want to use this kind of health information for their own selfish gains. Besides, the failure to enter all the information pertaining to a patient into the organizational database could have serious health implications (Pennsylvania Patient Safety Advisory, 2013). Practitioners need to review their patients' health history before making any decisions. In cases such as this, the existing records would not be a conclusive and reliable source.

Workarounds may be efficient, and even convenient, but the safety of patients should not be compromised (Pennsylvania Patient Safety Advisory, 2013). Data breaches resulting from workarounds are costly to the organization. Organizations are required to pay heavy fines in cases of such breach. The newest attempt to curb workarounds was the release of the HHH final omnibus rule which seeks to tighten the regulations governing workarounds and patient breaches.

Organizations will be required to pay additional fines "for non-compliance based on the level of negligence - with a maximum penalty of $1.5 million per violation" (Intel, 2013). Possible Ways of Addressing Workarounds Workarounds can be managed through; efficient employee training, acceleration of coding technology, "hardware-based remote lock and wipe, and 2-factor authentication" (Intel, 2013). It is possible that most employees are unaware of their organizations' security and privacy policies. Employee training is needed to enforce these policies, and instill a sense of obligation.

The training should educate the employees on the risks associated with breach of these organizational policies. Employees need to learn how to make use of the available security technology in the best possible way. Additionally, this kind of interaction should provide a platform.