The faulty software used by family doctors has resulted in erroneous documents in the health information system.

Tervis ja infoturve

Description of the situation

Help Desk of Health and Welfare Information Systems Centre (TEHIK) first became aware of the error associated with the Perearst3 (PA3) software developed by Medisoft AS on the evening of September 14th through Raatuse Family Health Centre (PAK). TEHIK immediately began investigating the problem and involved AS Medisoft to assess the situation and its impact.

  • TEHIK restricted access to erroneous documents in Health Information System (TIS) for all parties. TEHIK is obliged to ensure the protection of data in Health Information System and, in case of suspicion that data is incorrect or visible to wrong individuals, TEHIK must protect the data, e.g., temporarily halt the exchange and use of the data. However, this must be a well-considered decision and approved by the responsible processor.
  • Medisoft identified the root cause of the error and confirmed that no new erroneous medical case summaries will be created after the software update.
  • As of now, according to AS Medisoft data, there are 672 faulty medical case summary documents, involving 44 family health centres. The exact scope will be clarified upon receiving further information and after additional verification.
  • TEHIK has informed both the Data Protection Inspectorate (AKI) and the Cyber Incident Response Department of the State Information System Authority (CERT-EE) about the situation.

Parties and Responsibilities

  • The responsible processor of Health Information System (TIS) is Ministry of Social Affairs, and the authorized processor is TEHIK. This is not an error on the part of TIS, nor did it cause this error.

 

  • Perearst3 is a software created for family doctors by Medisoft. TEHIK does not have a contractual relationship with AS Medisoft for system development; for TEHIK, Medisoft is a partner through healthcare providers (TTO).

The Health Information System (TIS) is a central national database through which healthcare providers, such as doctors and nurses, can exchange data and see health data sent by other doctors about a patient. The healthcare provider is obliged to send data to Health Information System. TTO is a healthcare specialist or a legal entity providing healthcare services, which has applied for a license from the Health Board to provide healthcare services. The Patient Portal, or digilugu.ee, is citizens' gateway to Health Information System. In Patient Portal, a person can see their health data, including medical case summaries. Perearst3 (PA3) software is used in 55 family health centres (PAK), we do not know the exact number of family doctors lists involved.

TEHIK praises the doctor of Raatuse Family Health Center, who was extremely responsible, took the patient's request seriously, and also informed TEHIK about the critical error in the Perearst3 software developed by Medisoft.

Possible Impact

The mix-up of medical records due to software error can affect both patients and healthcare system as a whole. Therefore, it's extremely important to respond quickly and resolve the problem to ensure the safety of patients and the confidentiality of data, and maintain trust in the healthcare system.

  • If a doctor lacks access to correct health data, it can affect diagnosis and treatment.
  • Incorrect determination of benefits and allowances. Health data is often the basis for determining benefits and allowances, such as sick leaves or assessing the degree of disability. If a patient's data is mixed up, it can result in incorrect benefit allocation, leading to unequal financial support or even the loss of social benefits.
  • Breach of confidentiality.