Ensuring integrity of forensic data in a shared practice environment

Abstract

Many forensic pathology practices utilize practice space and data storage facilities and staff that are exclusive to the service. However there are many others that operate in tandem with hospital services particularly in smaller communities that cannot afford to invest in and maintain a free standing service. In this scenario, the autopsies are performed in the same facilities by the same staff and the histology and toxicology services are also often shared. The reports may be transcribed by staff members who also transcribe other hospital reports. Consequently these hybrid systems potentially increase the risk of unauthorized forensic data disclosures with far reaching negative consequences. Although access to hospital records is protected by government privacy laws [1] and hospital policies, the needs of a forensic service are probably more strident. Not only must the data be protected from unauthorized access for privacy reasons, there is also a need to limit data access for legal reasons. The unauthorized disclosure of a forensic autopsy report compromises the report integrity and therefore interferes with the administration of justice. With these considerations in mind, what steps must be taken? A. Minimize the number of structural weaknesses. The first and most important step is that the staff are properly vetted, including information services staff. Criminal background checks must be performed on all potential employees and at a minimum those with convictions for fraud must be excluded from data access. In addition to signing confidentiality agreements, there should be no more than a small nucleus of staff that are designated to handle reports for the forensic service. B. Monitor the weaknesses and increase the risk of violators being caught. Even though every system has its weak points the challenge is to minimize the number and monitor them for leaks. It is important that there is a high probability of violators being caught. The hospital and laboratory information system should be designed to limit access to a small pool of employees and create and maintain logs which capture employee queries within the database. This fact must also be widely and repeatedly disseminated to all staff. Routine audits should also be conducted so that users are held accountable for their actions on the network [2]. C. Make sure penalties are appropriately severe for violators. It is also important that penalties are sufficiently severe to be a deterrent. Employees must be advised and reminded of the consequences. The unauthorized disclosure of a forensic autopsy report should not only lead to termination of employment but should also expose the ‘‘leaker’’ to potential obstruction of justice charges which in some jurisdictions carries a jail sentence. D. Limit access and store reports in secure areas. Only a small number of office staff should have access to the hard and electronic copies of these reports and accompanying evidence. Physical and electronic data should be stored separately and securely. E. Have the data protection protocols externally validated. The integrity and quality control of a facilities data protection protocols should be assessed by whatever K. Obenson (&) Department of Laboratory Medicine, Saint John Regional Hospital, Saint John, NB E2L 4L2, Canada e-mail: autopsies4all@yahoo.ca; fineneedle@hotmail.com