Shadow records are patient records in systems separate from the main patient record systems in healthcare organizations. These systems are often seen in a negative light due to the potential negatives they hold for patient information and medical continuity.
Shadow records or ghost charts refer to unofficial or undocumented records created and maintained outside the formal electronic health record (EHR) systems. The records stem from gaps and inefficiencies in the official record keeping systems. These records include handwritten notes, untracked electronic documents, or data stored on the personal devices of healthcare staff. According to a Chapter from Studies in Health Technology and Informatics states that “Ghost charts are considered substandard practice in that they are presumed to compromise patient safety.”
Shadow records are at risk for unauthorized access when the system is unsecured. Because these systems often contain protected health information (PHI), patients are then left in vulnerable positions due to inadequate protection.
The information in these shadow records oftentimes also contains information related to the organization itself which can be used by threat actors to further blackmail the organization. In more concerning cases they may use this information to launch secondary attacks aimed at larger-scale information mining.
Access to secured systems like HIPAA compliant email systems then results in the breakdown of internal systems necessary to provide patient care.
Related: HIPAA Compliant Email: The Definitive Guide
Any personal information about a person's health or medical history is protected by HIPAA.
An individual or group that intentionally causes harm or disruption to a computer system or network.
Phishing, spear phishing, ransomware, and email spoofing.