Who is responsible if a power surge destroys all patient records?
I would hold the health-care provider responsible. Use of surge protectors would eliminate destruction of computer records.
Btw -- I was in a hospital when it lost power. However, immediately the generator kicked in to power the most important machines and enough light to see.
I suspect it would be for a court to decide. Was a backup copy legally required? If so, who didn't make or keep it. Was power surge protection on the computer?
There are a myriad of issues here, but the basic will boil down to what backup and other protective devices were legally required, and who was responsible for keeping them current and working.
If none were legally required, then the next issue is the reasonable man issue, and I wouldn't want to get into that type of negligence argument.
In addition to surge protectors and generators, there are "uninterrupted power supply" (UPS) devices that any thinking administrator would have on all servers and computers.
http://www.google.com/search?q=data+backup+business&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
But most important, there are companies whose sole business is to provide data back-up services for other companies and agencies. Any large or small company who doesn't contract with one of these is not doing right by their clients/customers or themselves, IMO!!
If a power surge destroys all patient records, the responsibility would typically lie with the organization or entity that was in charge of maintaining and safeguarding the records. This could vary depending on the specific circumstances and the contractual agreements in place.
In a healthcare setting, it is usually the responsibility of the healthcare provider, such as a hospital or clinic, to securely store and protect patient records. If the power surge and subsequent destruction of records are due to the provider's negligence, such as inadequate backup systems or failure to implement surge protection measures, the responsibility would likely fall on them.
However, if the organization outsources its record-keeping to a third-party service provider, the responsibility may shift to the service provider, depending on the terms of the agreement. It is important for healthcare organizations to have legal contracts outlining the responsibilities for data protection and liability in case of such incidents.
In any case, if such an incident occurs, the affected organization would be expected to take appropriate remedial measures, such as notifying the affected patients, working to recover any possible data, and implementing measures to prevent similar incidents from happening in the future.
It is worth noting that the specific legal and regulatory requirements regarding data protection and liability can vary by country and jurisdiction. So, it is essential to consult with local laws and seek legal advice for accurate and comprehensive information in a specific situation.