Shortly after medical testing labs across the country began using new recordkeeping and compliance checklist software, strange and frightening things began happening.

In Pittsburgh, two doctors discovered their names were electronically signed to a large number of cancer tests they never reviewed. They were to become the first whistleblowers.

That was in the 1990s. More than 20 years later, whistleblowers continue to come forward, as described in this recent story that includes videos of software workarounds in action. That’s two decades of a nationwide public safety risk left to fester and grow, contributing to the more than 250,000 Americans who die of medical malpractice each year.

It’s a three-pronged problem of questionable actions by some hospital officials, oversight that needs to be more objective and more than one software platform that is easily manipulated.

On its homepage, MediaLab Inc. boasts of more than two million policies and procedures managed by its software, making one of the widest used in the U.S. Therein lies the problem, and the horror.

Whistleblower “Jim” is one of many to step forward about serious flaws in the software that allow for heinous misuse. He is a verified industry insider and expert who has delved deep into the software and the issue as a whole.

“No other compliance software works like this, that allows for backdating, changing reports and logging in as someone else. There are so many loopholes in its bad coding,” “Jim” said.

It has less security than any software he’s seen and he challenges its compliance with the Code of Federal Regulations because, for instance, all users within a facility can see everyone else’s password in plain text. It also puts patient confidentiality at risk.

Poor engineering, or bad intent?

“I haven’t been able to find any bugs in it. These functions are the software’s main job. It’s not unintended functionality. This is the way it was designed.”

It is likely, “Jim” said, that given the otherwise stellar reputation of MediaLab founder Dr. Paul Fekete, the loopholes are the result of “growing pains.” The platform was designed for continuing education testing for medical workers. It is insufficient for the complex functions that have been added on since, including compliance checklists used by the College of American Pathologists (CAP) for lab accreditation and “live” procedural information. These include how to safely dispose of biohazards, such as items contaminated with Covid-19.

Meanwhile, medical malpractice is the third leading cause of death in the U.S. At the very least, “Jim” said, families of the victims should be able to see lawsuits decided on the truth.

“This is not big government minding someone else’s business. This is thousands of Americans dying.”

Flashback to the late 1990s

Not long after medical software was put into the field, doctors Susan Silver and Kenneth McCarty, both pathologists at the University of Pittsburgh Magee-Womens Hospital, discovered their signatures on Pap smears (cervical cancer tests) they had never reviewed. The hospital was using software of its own design, according to the doctors, who suspected nothing beyond an error and brought the issue to administrators for an internal fix. When that failed, they went to the state Department of Health and CAP. The lack of attention to a potentially deadly problem led both to file lawsuits.

Silver’s 2003 suit, and a similar suit filed by McCarty, a few months later in early 2004, alleged that cancer screenings for hundreds of thousands of patients were falsified by 19 doctors and administrators at the University of Pittsburgh Medical Center.

Many patients were subjected to unneeded testing, after system errors were allowed to occur. Some waited as long as four years to find out their test had revealed cancer, typically at a stage that was easily treatable.

The goals?

Increase profits with additional testing, and fabricate a reputation for top-quality diagnostics by making it appear a physician reviewed every test, as opposed to a cytotechnologist.

Dr. Silver’s lawsuit laid out more scenarios of padded testing for labs that one or more UPMC doctors had a financial stake in.

Silver was harassed and blacklisted from hospitals that would have previously welcomed the Johns Hopkins-trained pathologist, and alleged several incidents of physical threatening by the chief of pathology. She eventually settled, but has since looked for other ways to address the issue.

After alerting CAP, both doctors were fired, just before CAP inspectors arrived.

McCarty would spend the last decade of his life fighting for patient safety. Just before he died in 2010 at 62, of the rare and aggressive neuroendocrine cancer, he allowed the suit to be settled.

Prior to this, McCarty worked at Duke University Medical School, where he earned his PhD at age 21. He took a stand against a cancer test used there that was developed by a Duke researcher who failed to properly research his findings.

Donna Kovacs was the Magee-Womens pathology lab worker who supplied Silver and McCarty with the evidence in patient records, including her own Pap smear, signed by a doctor who never analyzed the results. Kovacs job was to process records and send them to treating physicians.

When she was fired, she filed a lawsuit for wrongful termination. Magee said Kovacs violated patient confidentiality by supplying records to the doctors. Ironically, Magee violated federal law when it filed papers that included diagnostic information on four patients, making the medical records available to anyone accessing the court records online.

More cases

There have been at least 10 other cases involving recordkeeping and delayed diagnoses, dating back to as early as 1996. In one, Magee-Womens paid $1.3 million to the estate of a woman who died of cervical cancer in 2004, after a years-long missed chance at treatment. It was never proven that it was a case of electronic signature falsification. It’s possible the software hid the evidence.

In 1999, a 47-year-old woman from Ohio underwent a mastectomy and began radiation treatments immediately after the Magee lab gave her an advanced cancer diagnosis. It was later discovered her biopsy specimen was switched with another woman’s, whose treatment was seriously-delayed. Both were given settlements by the hospital in cases sealed by the court.

In other hospitals around the country, doctors were raising alarms, including in Yakima, Washington, where ER doctors walked out in protest of recurring lab mistakes, despite continued stamps of approval by CAP inspectors.

At Maryland General Hospital, while its lab equipment reliability was under scrutiny, hundreds of HIV and hepatitis test results were processed. CAP initially refused to provide the state health secretary with its inspection reports, but gave in under the threat of certifications being pulled for all Maryland labs certified by CAP.

At the renowned Mayo Clinic in Minnesota, CAP cited its lab for unacceptable practices because test samples were handled in a manner that prevented them from being saved for the legally required 10 years. During the years this issue went unresolved, CAP continued to renew Mayo’s accreditation.

In 2004, two Pennsylvania women whose Pap smears were processed in the Magee lab filed a class action suit against the hospital. Christine Walter and Sharon King alleged doctors’ auto-signatures were intentionally used to mislead patients into further testing (increasing hospital revenue). Those physicians had never reviewed test results. Based on the shockingly high number of patients allegedly involved, it was not the doctors who were adding these digital signatures. The software should not have allowed this to happen

A year later, Common Pleas Judge Robert Horgos threw the case out on the grounds the women had not been harmed. Superior Court Judge Patrick R. Tamilia upheld the decision, stating, “Although the presence of reproduced signatures on cytotechnologist-reviewed Pap smear reports were slightly misleading, we cannot conclude appellants’ reliance on the reports was the proximate cause of their alleged injury - - the cost of medical retesting.”

The courts acknowledged the falsified signatures but reduced the matter to the cost of a medical test.

CAP has since revised its inspection checklist to state what should not have to be stated at all; a doctor's signature should only be affixed to pathology reports the doctor has reviewed.

Two decades of unheeded alarms

Whistleblowers now opt for anonymity, some due to lawsuit settlement conditions, most for fear of the retribution those before them have endured. But they continue to come forward, explaining that the risk to patient safety is too great to ignore, and that CAP’s peer review for oversight is ripe with corruption.

“Jim” said he believes many CAP members, and even administrators don’t know about the problem. He’s not making excuses for them. But they’re not talking, either.

When contacted again in mid-August, nearly three months after an initial and repeated request for an interview, Media Relations Senior Manager Catherine Dolf gave what was clearly her final response, “I believe the written information I provided to you back in June was our answer.”

This, despite that June email beginning with, “Before proceeding with an interview or an on-the-record reaction…”

Dolf went on to write in June, “I wanted to let you know for your background only, some information I have gathered. It seems the CAP has a very limited partnership with MediaLab and all financial agreements with any CAP vendor are confidential.”

This leads to questions about why CAP would not reveal all its financial dealings, and why Dolf would feel she should (although she did not specifically request) go off-the-record with such vague information.

Conflict of interest?

“Money is changing hands, with the company that helping people get around the mandated rules of CAP,” “Jim” said. “How can it not be a conflict of interest? Do they not see the incredible irony in endorsing a company that is helping people break their own rules?”

After years of court cases that exposed the software issues, what is being done about it?

Nothing, or so it appears.

Fekete and MediaLab did not respond to requests for comment, and there are no reports of upgrades being provided to software users.

The compliance software data is used most often in malpractice cases. So, there’s another motive for altering data, such as timestamps. That’s where potentially lifesaving case law becomes illusive. Changes made with MediaLab software leave no trace of the proof that a court requires.

“If I asked you for proof and you print a report, everything appears legit. None of the changes can be digitally traced,” “Jim” said. “It’s a potentially huge risk. About 70-percent of medical decisions made are based on lab work. Imagine what can happen when the results are changed.”

Making the necessary software changes would be very expensive, “Jim” said, offering a plausible reason software providers and CAP look the other way.

Giving it up for the cause

Whistleblowers, concerned with potentially serious and widespread consequences of flawed software put their careers on the line to in the effort toward reform, saying it’s just too serious for them to ignore. Even when discreetly trying to fix problems from within, they are up against the power of a closed system of oversight, and the ease with which they are fired for fabricated cause, or blatantly, for no reason at all.

Reportedly, pathologist friends were inspecting each other’s labs as a way to further exploit the leniency of CAP’s peer review process.

CAP does not hire inspectors and send them out to scrutinize and score how labs conduct business. Instead, peer review is the sole method used to assure standards are adhered to. It doesn’t take more than a handful of pathologists willing to look the other way, or not look at all, to create major problems.

In the end, though, that hardly matters in light of MediaLab software’s cheats. Even the most thorough and honest inspector may unwittingly be handing out passing grades based on falsified information they have no way of detecting.

Why do hospital and independent labs continue to use it?

It comes back in large part to the continuing education requirements, which is what the majority of users access. The demands of their jobs put them between a rock and a hard place. Workdays are already very demanding, and after so much skills application, people know their jobs. Continuing education testing is simply not taken seriously, “Jim” said.

“MediaLab is one of the more expensive compliance software platforms, but so many use it because it makes life easier for them. And when its easier for people, they post great reviews, and more hospitals buy it,” “Jim” said. “But it’s not supposed to be easier. This is about patient safety. If you cover your mistakes, you can’t learn from them. And it’s been shown that the software, in other applications, can kill people.”

Who Cares?

Outreach to various state and federal legislators resulted in no responses, as did an attempt to determine what is happening with New York State Senate Bill 9060. It was stalled in the Rules Committee when the 2021 session ended in June. It was proposed in late-2020 by Sen. David Carlucci, who lost his seat to re-election. Will anyone champion that bill now?

“Jim” said legislation will absolutely help. While it initially sounds silly to suggest making software errors illegal, it allows for legal action to be taken against those who refuse to fix the errors, and that could be the impetus for change.

Attacking it from the state level is not going to fix anything fast. Carlucci sponsored the bill when the MediaLab programming deficiencies were revealed to him by whistleblowers. No one is championing the cause at the legislative level. Federal regulations might be the better answer, “Jim” said.