Ebola Misdiagnosis Raises Liability Concerns

According to the Centers for Disease Control (CDC), on Sept. 30, the first case of Ebola was confirmed in the United States. A man who had been living in West Africa traveled to Dallas. "The person sought medical care at Texas Health Presbyterian Hospital of Dallas after developing symptoms consistent with Ebola. Based on the person's travel history and symptoms, CDC recommended testing for Ebola. The medical facility isolated the patient and sent specimens for testing at CDC and at a Texas lab participating in CDC's Laboratory Response Network. CDC and the Texas Health Department reported the laboratory test results to the medical center to inform the patient. Local public health officials have begun identifying close contacts of the person for further daily monitoring for 21 days after exposure."

That is not where this story ends. The nurse had entered the symptoms and travel information into the EHR at the time the patient presented at the hospital. Initially, it was thought this was not the case. "After this article was published, Texas Health Presbyterian Hospital in Dallas said its earlier statements regarding its electronic health records were wrong. Physicians and nurses had access to the same information. The Dallas hospital that sent a patient home even though he fit the profile of a potential Ebola patient is blaming a now-corrected glitch in its electronic records system." Needless to say, this scenario raises three interesting issues: (1) is there medical negligence by the physician; (2) would an ICD-10 code have enabled an earlier diagnosis; and (3) would a cyber-insurance policy cover this type of error?

First, it is incumbent upon physicians to read an entire medical record and history. This presumably was not the first time the physician used this system and it is the regular course of business for physicians to review intake and nurses notes, because the physician is usually not the first medical professional the patient encounters. The fundamental elements of the tort law of negligence are duty, breach, causation (actual and proximate), and damage. A physician has a duty to read all relevant information when assessing a patient. Here, the physician breached this fundamental duty. Causation and damages cannot be ascertained by the facts provided in the above mentioned articles; however, if the other 48 potential contacts become infected, there are a greater number of people harmed. By containing this patient earlier, a public health event may have been averted.

Second, ICD-10-CM coding is more specific than ICD-9 coding for Ebola. When looking at the coding classification today, we find several hemorrhagic fevers listed. Ebola hemorrhagic fever is indexed under "Fever" in ICD-9-CM, then to "hemorrhagic" and then "Ebola" to code O65.8. In looking at the three-digit category in the tabular index it is "Arthropod-borne hemorrhagic fever" = 065, then to code 065.8 Other specified arthropod-borne hemorrhagic fever.

In ICD-9-CM the specific Ebola description is not listed, however there is another inclusion under O65.8 "Mite-borne hemorrhagic fever." ICD-10-CM has the ability to list "Ebola virus disease" in the alphabetic index and directs one to look at code A98.4, note this is not under a fever (symptom) term. In the ICD-10-CM tabular you find the three-character category as A98 Other viral hemorrhagic fevers, not elsewhere classified. Then you'll find the specific entry for code A98.4 with the actual title (description) of Ebola virus disease that does appear to be more specific than ICD-9.

Hence, if ICD-10 had been implemented on October 1, 2013, would the patient have been diagnosed sooner because the code would have raised a different result based on the data? One of the benefits of ICD-10 is the greater factual specificity that is required by providers.

Lastly, all organizations should look at their cyber policies to determine if this type of error is covered. And, if the EHR malfunctioned, is there a provision in the vendor contract that allows for recovery? In sum, this one scenario raises a multitude of issues that other providers should be proactive in addressing. ICD-10 is delayed until October 1, 2015, but the benefits of greater specificity in the medical record and training on how to use the EHR need not wait.

*In light of escalating security breaches like the latest data breach at JP Morgan, we are interested in finding out how practices are securing their patient data. Click this link to take a brief survey on medical practice cyber security measures.