Kalispell Regional Healthcare in Montana was hit with another patient lawsuit recently as the apparently patient protected health information was impacted by a data breach. And just a couple months ago, the health system notified patients that 130,000 patients had their personal information exposed due to a phishing attack. As it turns out, fewer than 250 patients may have experienced impacted social security numbers. But with two lawsuits and jittered nerves, health providers need to take data protection seriously.
Now once the attack occurred, patients have come forward with specific complaints of misuse. For example, in this latest lawsuit, the patients certify a class of affected patients. During the last data breach—where 130,000 patients were affected—it is now alleged in the lawsuit that the health provider failed to take appropriate steps to safeguard protected health information.
Are these Data Breaches Relevant to Clinical Trials?
Probably not directly, as most often clinical research management data is maintained in a separate information technology silo—typically cordoned off in case of FDA inspection. However, many providers will use their electronic health record system as a source to find patients for clinical trials.
So, in fact, they could be! Although we have no reason to believe that this isn’t anything but a fine provider—most certainly they operate in a beautiful part of the country—they conduct clinical research there. Does their patient data derive from their electronic health record that was recently alleged to be breached?
Their research division includes the dedication to examining new ways to prevent, treat and detect disease by offering clinical trials to their patients. The Montana-based provider lists dozens of available clinical trials in Oncology, Cardiology, Endocrinology and Rheumatology. Their Glacier View Research Institute offers the support for clinical trials that provide access to new treatment options for patients in northwest Montana.
Troubles with the Dept. of Justice
Just in 2018, the health provider had to deal with the Department of Justice for a total of $24 million to settle False Claims Act allegations. This is unfortunately more common than anyone in the healthcare sector would like to admit, and it was alleged that the provider improperly compensated physicians, above market value, who made referrals to their system. The allegation was the KRH entities had established arrangements with referring physicians that were in violation of Medicare physician self-referral prohibition—known as the Stark Law, and other arrangements that violated the Anti-Kickback Statute.
Quality, Value and Integrity
TrialSite News focuses on clinical trials, and many regional providers offer critically important clinical trials access—effectively making them clinical research sites as well as standard health care providers. This particular provider undoubtedly has many fine doctors, staff, and dedicated professionals as well as plenty of satisfied patients/customers. On the other hand, upon reading a number of review sources, there could be room for improvements. We didn’t find any evidence of any run-ins with the FDA in regard to their clinical research operation—we suspect that it is a well-run center. However, when there are two successive data breaches given today’s protective information technology climate, it does bring this provider onto our radar. Quality is just as much a cultural element as it is a risk mitigation checklist based on a series of measurable data-driven KPIs. True quality permeates an organization from top down and bottom back to the top—its in the culture and starts at the leadership and management.