Electronic Medical Records And Confidentiality Issues: Case Study
Electronic Medical Records and Confidentiality Issues
Abstract
Electronic Medical Records save health care facilities thousands of dollars every year, and this accounts for the cost of the electronic system itself! Major disasters such as Hurricane Katrina in New Orleans Louisiana, showcase the benefits of the electronic medical record system. Electronic medical records are stored throughout the country so that if a tragic/unplanned event occurred, it won’t destroy the health care structure. Benefits of such a system is the time it saves to provide treatment, lessen adverse prescription errors, creates better communication between multiple clinicians and provides screenings for preventive care.
The Federal government supports and now …show more content…
enforces the use of electronic medical records. With the government ensuring that every American will have an electronic medical record by the year 2014, patients have little say in their participation. Their concern comes from the privacy and security that their records are in. HIPAA, (Health Information Portability Accountability Act) sets the standards of how electronic records are to be shared. With this act, is it safe to believe that our records are private?
Previous health care records were handwritten by a clinician on paper forms in a folder and stored away in file cabinets. An electronic medical record (EMR) is the electronic version of this previous medical chart, and what is popularly used in today’s time of health care. “It includes all components of the patient’s medical records and enables any member of a patient’s treatment team to access the patient’s progress notes, treatment plans, medications, and other patient information from a variety of locations” (Richards, 2009).
The Institute of Medicine recommended the use of EMR’s since the year 2003. Since then, electronic medical records have been proven to provide effective treatment, reduce medical errors and improved accessibility to patient’s medical records.
The implantation of electronic medical records has been an advantage to the current U.S health care industry and its people. By using this system, drug interaction warnings, prescription refill notifications and annual screening reminders are what save our population today. In order for an organization to decide whether to implement this system or not, management must review the risks and benefits that come along with this.
The cost of applying EMR’s is considerably high and is categorized as being a risk for a company. Not only for the upgrade in technological machinery, but also in the training of health care professionals. Managers must set aside a budget specifically for the implementation of equipment as well as the hours it takes to educate proper staff on how to make use of it effectively. This is all without an assurance as to whether this new medical technology will be a success with its employees and patient’s. It could either benefit the company by successfully bringing in more patients’, which increases profit, or it could be a detrimental loss in both aspects.
With technology there’s also a risk of having a glitch happen to the system. Computers containing electronic records can easily crash due to power outages, natural and man-made disasters which may result in the loss of patient’s health information. This is a time consuming task and may cost the company even more money for recovery especially when this occurs at a larger bed facility.
Computer software’s are another risk factor that organizations consider before implementing electronic medical records. When software is downloaded from a vendor’s website and run on the clinician’s computer system, the stored data is often at an off-site location. This can cause a security breech if the information is available to unauthorized persons. Overall, with these faults of electronic medical records, they are worth the chance of integrating them into health care settings and have been proven a success towards the contribution to the increase of patient’s health.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to establish standards that protect the privacy rights of patient health information. “To meet this goal, the United States Department of Health and Human Services (HHS) created guidelines and boundaries regarding the sharing and access of patient records, enabling patients greater access and control over their medical records, while still protecting the privacy of individual identifiable health information” (Richards, 2009). Under the HIPAA act, a Privacy Rule category was established.
HIPAA’s Privacy Rule identifies four basic entities that have access to private medical information: health care providers, insurers, health claims clearing houses and business associates. Information in this rule could include the date and type of treatment that was performed, diagnosis of ailment and even individuals that were present during treatment. With this rule, the patient has the right to limit the shared access of their health information.
Additionally, a HIPAA Security rule was also established to protect electronic medical records. Its focus was on the security of electronic information, its storage and the exchanging of information. “The security rule consists of national standards for safeguarding the confidentiality, integrity and availability of electronic protected health information (PHI)” (Richards, 2009). HIPAA’s security rule requires all members to complete an assessment of their risks and vulnerabilities and to implement security measures to reduce any identified risks to an appropriate level.
In the time of HIPAA, are electronic medical records really confidential? Who actually has control over patient’s health records? There’s so much focus on preventing HIPAA security breaches and even consequences when an infraction occurs. Are these HIPAA rules protecting the patient’s privacy? It depends on how you view it.
Let’s begin with the clinician’s who are providing treatment to their patient’s. Practicing clinician’s are licensed and certified to offer health services to the public. Before they begin this process, all clinician’s must take the Hippocratic Oath which swears that each of them will practice their field ethically and morally. It is assumed that privacy and confidentiality are necessary in providing ethical services. Whether the information of a patient is documented on paper, communicated verbally or electronically, the Hippocratic Oath states the clinician is to keep these matters confidential for the safety of the patient. Breeches of this could cause damage to the patient (Nayer, 2010). If a patient feels that their privacy is at risk, they wouldn’t tell the doctor all that is needed to provide optimum care. This withheld information might be exactly what the clinician needs in order to treat the patient effectively. The exposure of electronic medical records and the lack of HIPAA regulations to protect the privacy of those records, make it difficult to comply with the Hippocratic Oath and the Oath’s code of ethics.
Another component of the Hippocratic Oath states that the clinician will prevent disease whenever possible, for prevention is preferable to cure (Nayer, 2010). In one example, a French man in the United States knowingly spread HIV/AIDS to many of his girlfriends. His physician had forbid him of unprotected sex to prevent this disease from spreading around. Now one of his ladies then received a call from the health department explaining her status. At the request of the health department, she was to name all of her partners so they could be notified and tested. Now how did her results reach the health department? Was this a breach of HIPAA’s privacy laws or was the physician at fault for exposing one’s status?
Once physicians receive lab results indicating a positive for any type of illness (infectious or not), they are obligated to report the findings to the health department so they can add to their statistical findings and research. Shouldn’t this be considered as a breach of confidentiality? Certainly her identity was in jeopardy of coming out. This proves that individual privacy may sometimes need to be compromised for the greater good of the community. “Absolute privacy (complete confidentiality) of all information that the patient reveals to the physician, is neither possible nor desirable in the practice of medicine. Effective responsible medical treatment requires that we achieve a balance between disseminating patient information and keeping it private” (Nayer, 2010). While his identity was revealed, so were a handful of the women he infected. In this case, complete privacy was unsuccessful due to the seriousness of the illness. There were also some women that have been notified by the health department and haven’t had their identities revealed. HIPAA protected against the good of the community in this case even though the health information status of some patient’s were exposed by the health department. It is when these confidential records become in the hands of unauthorized users, will the privacy of patient’s health records become a concern.
From the patient’s point of view, electronic medical records are safe and secure. The ease of visiting doctor to doctor without having to fill out redundant forms has freed the minds of American’s patient’s today. In today’s time where communication between patient and provider are high, patient’s feel they’re a part of their own health care treatment. Patient’s knowledge of privacy protections and attitudes toward HIPAA are positive (Williams, 2008).
Two groups of health care stakeholders that are almost uniformly in favor of electronic medical records are the purchasers and the policy makers (Wynia, 2010). Employers (Health care purchasers) can match electronic medical records to health risk assessment results, which then serve as a guide into disease prevention programs. This will increase the health of the employees which will decrease the amount of health premiums that the employer shells out annually.
Employers hope that investments in electronic medical records will be returned in health care savings and improved workforce productivity, even though data to substantiate these hopes are limited. Some employers see an increase of employee health awareness and participation in wellness programs as an early measure of success. Policy makers (Government, state organizations) generally share purchasers’ optimism about electronic medical records. Namely, is the expectation that they can bring about radical improvements in efficiency and quality of care. After all, patient privacy and safety are at the top of the list of all health care organizations.
With electronic medical records and HIPAA, I feel that patient’s privacy rights in regard to their electronic medical records are protected. Electronic medical records that are transferred from accredited health care facilities in the United States are done so in a confidential manner. It is when electronic medical records are transferred to outside agencies (overseas hospitals, unaccredited institutions...) is when confidential information is compromised. This transferring of medical records to outside agencies might not necessarily be a negative act though. These electronic medical records could notify the state and health department of what illness is spreading at a fast rate and elimination of this disease can occur immediately.
But with this comes the risk of exploiting a patient and their illness. Remember the French man in the example earlier; his name is “Philippe Padieu”. This is the risk of having your name and medical records sent to an agency whose responsibility is to control and treat the illness, not to protect the privacy. If his records were kept confidential, I couldn’t be able to state his name in this paper. With accredited health institutions, the privacy of the patient is always considered first. Not just for security reasons due to health treatment, but also to prevent the hospitals/centers from getting a malpractice lawsuit. The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is an example of an accrediting organization that sets standards on how patient’s treatment should be governed. JCAHO’s goal is to advocate the use of patient safety measure, privacy, the transmission of information, outcome performance and to introduce new policy measures to health care organizations. This type of organization accredits an organization as being fit to provide health care services, and it also has the power to revoke this status from an organization and shut it down accordingly.
Breaches of security do occur with electronic medical records, whether it is from human error or an electronic glitch. It is the primary duty of health care workers to limit such happenings from occurring. Proper training of staff and continuous seminars of HIPAA’s security acts can update the clinicians on what changes are occurring and keep the information fresh in their minds. Also, the communication between the treatment facility and its patient’s can inform the patient on any changes of HIPAA’s privacy rule. This will include the patient in their own health treatment and will grant them autonomy in making treatment decisions.
President George W. Bush has set a goal of establishing an electronic medical records for all patients by 2014 and has established a new coordinator position in HHS (Health and Human Services) to develop technical specifications for standardization of EMR( Badger, 2011). “The stimulus bill passed in 2009 set aside $27 billion to encourage doctors to migrate their illegible handwriting and paper charts into the electronic medical records that policymakers and politicians have for years been saying could revolutionize medical care (and the amount of money it costs us)” (Badger, 2011). Since this is our future, how can we believe that our medical records are at risk?
HIPAA requires that health care providers and health plans allow the patient access to their medical records. Notices you receive from providers and plans must include information about how you can obtain copies of your medical records. If such security exists for one to request personal records, only imagine the security measure it takes for the transferring of records in accredited institutions. Various makers of encryption systems and vendors such as “Zixit Corporation”, a company that sells security and privacy software to users of electronic communications, support the use of electronic medical records systems. These types of software’s are what secure the information in the database at health care facilities. When such systems are properly installed throughout a facility, the transmission of records will be done confidentially. There are differences in privacy software installed at various locations, but the main goal of each is preventing hackers by encrypting the data so that it cannot be read at all.
Legislation also contributes to the privacy of medical electronic records. In 2003, Stop Taking Our Health Privacy (STOHP) Act was established to protect privacy. This act would: restore standards to protect the privacy of individually identifiable health information; permit a health care provider to use or disclose an individual’s protected health information without prior consent only under specified circumstance; ensure that consent forms meet specified criteria; and forbid disclosures for public health activities (Dudley, 2004). Another act enacted by legislation “The Medical Independence, Privacy and Innovation Act (2003) forbid the use of social security numbers in electronic medical records to identify patients. This is especially important when a breach occurs in the system since our social security number is what uniquely identifies us apart.
The HHS Office of the Assistant Secretary for Planning and Evaluation stated in 2000, "We learned that stakeholders in the system have different ideas about the extent and nature of the privacy protections that exist today, and very different ideas about appropriate uses of health information (Federal Register, 2000). Stakeholders feel a possible risk associated with personal medical information that gets in the hands of unauthorized persons who then use them for unintended purposes. It is up to the legislation and the government to develop a standard where all institutions carrying electronic records are to have secure computer systems and strict access to files.
“There’s no absolute, 100-percent guarantee that a person 's information is secure right now,” (Conger, 2010). To have a balance between the patient’s privacy laws and the electronic health care system involves a large task of bringing together the patient’s privacy laws with the federal laws that are outlines in the Health Insurance Portability and Accountability Act (HIPAA).
While public policy experts work to safely merge those patient privacy standards, state and federal governments are also drafting new laws and standards regarding access to and sharing of these records (Conger, 2010). As an example being that people could now go to prison for hacking into electronic medical record systems and even hacking into e-mail accounts. Also, medical professionals are now being sued if they are at fault for patient health information being leaked and any other breach of patient health security can be litigated against the professional and/or the entire institution.
Electronic medical records must continue to have complete protection from the federal level (HIPAA). There will always be a need for transferring medical records, especially in this time of fast paced care. But there must be a uniform standard placed at every health institution that protects the patient’s information from outside sources. HIPAA must eliminate the ability of outside sources and the government from accessing the patient’s information. HIPAA is still failing to protect data from these sources which runs against their policies. There should be an adjustment to HIPAA which eliminates access to records from all other unauthorized/unaccredited health agencies. Also, patients should be given the option to place a restriction against the government and any other type of entities from access to their records. Patients should become in full control over their health records and have full say as to who can have access to them.
Patients may begin to avoid medical treatment if they feel their privacy is compromised. There should be a stricter law to HIPAA and the legislations that protects the confidential relationship between the patient and the doctor. This will improve the quality of care the patient receives. Eliminating access by unauthorized users is another improvement that electronic medical records can do. This will avoid the exploitation of patient health status and identity and can prevent any upcoming grievances. In addition to tightening regulations, physicians must optimize the use of encryption technology and security and ensure the integrity of healthcare data by preventing modification of information (Conger, 2010).
HIPAA was established to protect the patient’s privacy. In still it is allowing access to numerous entities that don’t have the responsibility to protect the private relationship that is between the doctor and the patient. HIPAA’s regulations must be tightened to prevent breaches of privacy; otherwise this infraction could call for a penalty. The expenditure of federal funds for the implementation of electronic medical records should solely be allowed for secure and confidential companies that utilize secure software databases at their health care facilities. Those who do not participate in operating a secure computer system will not be allowed to enter or transfer any medical data records until management enforces the secure system at their facility.
So depending on how you view it, electronic medical records are keeping patient’s information safe. Beginning with the Hippocratic Oath that every clinician must take before providing service, clinicians obey by this oath first and foremost. It is the clinician’s swear to prevent and protect the patient’s privacy by all means. Then with all of the federal and state laws that are now enforced to protect the patient’s information, electronic medical records are as safe as they could be. To work in an industry that contains a diary of someone’s health, is a serious business. For health care professionals, they are now trained to work with machines (fax, printers...), and encrypted computer software’s that prevent the leak of private information.
Electronic medical records are here to stay. Like previously stated, we are to expect that every person in the United States will have an EMR by the year 2014. Future goals for electronic medical records are “to design system tools that are specific for the patient and can be updated quickly as the literature and guidelines change” (Dove, 2010).
At this point, the rate of documentation from the bedside takes too long and with system specifications catered to every patient, time spent on documenting will be reduced. Another change will be for institutions to move away from vendor computer software’s, favoring a web based subscription that an institution can subscribe to individually. These web based subscriptions can be specifically chosen to meet the hospitals needs. The vendor’s role would be to create electronic software that can easily be read and transferred by web based software’s. With Federal and State legislations continually updating and altering patient’s privacy rights, the future of patient’s privacy is looking good. While there are some leaks in HIPAA’s system, every year there are updates to patient’s privacy concerns that are disclosed to both institutions and patients. When clinicians and patient’s are aware of the new regulations, it creates an open communication between patients and their physicians. At the end of this, it will produce a better health care treatment for all patients’s which is what electronic medical records were meant to
do.
References
Badger, E. (2011). Can Privacy, Electronic Medical Records Coexist? Retrieved from http://www.miller-mccune.com/health/can-health-privacy-electronic-medical-records-coexist-32350/
Brown, B. (2010). Protecting the Confidentiality of Medical Records in an Interconnected Environment. Managed Care Outlook, Vol, 23(22(, p1-10, 5p.
Conger, C. (2010). Are Electronic Medical Records Safe? Retrieved from http://news.discovery.com/tech/are-electronic-medical-records-safe.html
Dove, J. (2010). Clinically Useful Electronic Health Records: A Vision for the Future. Methodist DeBarkey Cardiovascular Journal, Vol 6(2), p33-37, 5p.
Druckerman, S., Welsh, S. (2009). How Women United to Stop HIV-Positive Man. Retrieved from http://abcnews.go.com/2020/hiv-criminal-busted-women-lied/story?id=8579258
Dudley, G. (2004). Electronic Records, Patient Confidentiality, and the Impact of HIPAA. Retrieved from http://www.psqh.com/octdec04/dudley.html
Richards, M. (2009). Electronic Medical Records: Confidentiality Issues in the Time of HIPAA. Professional Psychology: Research and Practice, Vol 40(6), pp. 550-556
Williams, A.R. (2008). HIPAA Costs and Patient’s Perceptions Privacy Safeguards Mayo Clinic. Joint Commission Journal on Quality and Patient Safety, Vol 34(11), pp27-35.
Wynia, M. Dunn, K. (2010). Dreams and Nightmares: Practical and Ethical Issues for patients and Physicians using Personal Health Records. Journal of Law, Medicine and Ethics, Vol 38(1), p.64-73.
The Joint Commission on Accreditation of Healthcare Organizations website: http://www.jointcommission.org/
Zixcorp website: http://www.zixcorp.com/
Abstract
Electronic Medical Records save health care facilities thousands of dollars every year, and this accounts for the cost of the electronic system itself! Major disasters such as Hurricane Katrina in New Orleans Louisiana, showcase the benefits of the electronic medical record system. Electronic medical records are stored throughout the country so that if a tragic/unplanned event occurred, it won’t destroy the health care structure. Benefits of such a system is the time it saves to provide treatment, lessen adverse prescription errors, creates better communication between multiple clinicians and provides screenings for preventive care.
The Federal government supports and now …show more content…
enforces the use of electronic medical records. With the government ensuring that every American will have an electronic medical record by the year 2014, patients have little say in their participation. Their concern comes from the privacy and security that their records are in. HIPAA, (Health Information Portability Accountability Act) sets the standards of how electronic records are to be shared. With this act, is it safe to believe that our records are private?
Previous health care records were handwritten by a clinician on paper forms in a folder and stored away in file cabinets. An electronic medical record (EMR) is the electronic version of this previous medical chart, and what is popularly used in today’s time of health care. “It includes all components of the patient’s medical records and enables any member of a patient’s treatment team to access the patient’s progress notes, treatment plans, medications, and other patient information from a variety of locations” (Richards, 2009).
The Institute of Medicine recommended the use of EMR’s since the year 2003. Since then, electronic medical records have been proven to provide effective treatment, reduce medical errors and improved accessibility to patient’s medical records.
The implantation of electronic medical records has been an advantage to the current U.S health care industry and its people. By using this system, drug interaction warnings, prescription refill notifications and annual screening reminders are what save our population today. In order for an organization to decide whether to implement this system or not, management must review the risks and benefits that come along with this.
The cost of applying EMR’s is considerably high and is categorized as being a risk for a company. Not only for the upgrade in technological machinery, but also in the training of health care professionals. Managers must set aside a budget specifically for the implementation of equipment as well as the hours it takes to educate proper staff on how to make use of it effectively. This is all without an assurance as to whether this new medical technology will be a success with its employees and patient’s. It could either benefit the company by successfully bringing in more patients’, which increases profit, or it could be a detrimental loss in both aspects.
With technology there’s also a risk of having a glitch happen to the system. Computers containing electronic records can easily crash due to power outages, natural and man-made disasters which may result in the loss of patient’s health information. This is a time consuming task and may cost the company even more money for recovery especially when this occurs at a larger bed facility.
Computer software’s are another risk factor that organizations consider before implementing electronic medical records. When software is downloaded from a vendor’s website and run on the clinician’s computer system, the stored data is often at an off-site location. This can cause a security breech if the information is available to unauthorized persons. Overall, with these faults of electronic medical records, they are worth the chance of integrating them into health care settings and have been proven a success towards the contribution to the increase of patient’s health.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to establish standards that protect the privacy rights of patient health information. “To meet this goal, the United States Department of Health and Human Services (HHS) created guidelines and boundaries regarding the sharing and access of patient records, enabling patients greater access and control over their medical records, while still protecting the privacy of individual identifiable health information” (Richards, 2009). Under the HIPAA act, a Privacy Rule category was established.
HIPAA’s Privacy Rule identifies four basic entities that have access to private medical information: health care providers, insurers, health claims clearing houses and business associates. Information in this rule could include the date and type of treatment that was performed, diagnosis of ailment and even individuals that were present during treatment. With this rule, the patient has the right to limit the shared access of their health information.
Additionally, a HIPAA Security rule was also established to protect electronic medical records. Its focus was on the security of electronic information, its storage and the exchanging of information. “The security rule consists of national standards for safeguarding the confidentiality, integrity and availability of electronic protected health information (PHI)” (Richards, 2009). HIPAA’s security rule requires all members to complete an assessment of their risks and vulnerabilities and to implement security measures to reduce any identified risks to an appropriate level.
In the time of HIPAA, are electronic medical records really confidential? Who actually has control over patient’s health records? There’s so much focus on preventing HIPAA security breaches and even consequences when an infraction occurs. Are these HIPAA rules protecting the patient’s privacy? It depends on how you view it.
Let’s begin with the clinician’s who are providing treatment to their patient’s. Practicing clinician’s are licensed and certified to offer health services to the public. Before they begin this process, all clinician’s must take the Hippocratic Oath which swears that each of them will practice their field ethically and morally. It is assumed that privacy and confidentiality are necessary in providing ethical services. Whether the information of a patient is documented on paper, communicated verbally or electronically, the Hippocratic Oath states the clinician is to keep these matters confidential for the safety of the patient. Breeches of this could cause damage to the patient (Nayer, 2010). If a patient feels that their privacy is at risk, they wouldn’t tell the doctor all that is needed to provide optimum care. This withheld information might be exactly what the clinician needs in order to treat the patient effectively. The exposure of electronic medical records and the lack of HIPAA regulations to protect the privacy of those records, make it difficult to comply with the Hippocratic Oath and the Oath’s code of ethics.
Another component of the Hippocratic Oath states that the clinician will prevent disease whenever possible, for prevention is preferable to cure (Nayer, 2010). In one example, a French man in the United States knowingly spread HIV/AIDS to many of his girlfriends. His physician had forbid him of unprotected sex to prevent this disease from spreading around. Now one of his ladies then received a call from the health department explaining her status. At the request of the health department, she was to name all of her partners so they could be notified and tested. Now how did her results reach the health department? Was this a breach of HIPAA’s privacy laws or was the physician at fault for exposing one’s status?
Once physicians receive lab results indicating a positive for any type of illness (infectious or not), they are obligated to report the findings to the health department so they can add to their statistical findings and research. Shouldn’t this be considered as a breach of confidentiality? Certainly her identity was in jeopardy of coming out. This proves that individual privacy may sometimes need to be compromised for the greater good of the community. “Absolute privacy (complete confidentiality) of all information that the patient reveals to the physician, is neither possible nor desirable in the practice of medicine. Effective responsible medical treatment requires that we achieve a balance between disseminating patient information and keeping it private” (Nayer, 2010). While his identity was revealed, so were a handful of the women he infected. In this case, complete privacy was unsuccessful due to the seriousness of the illness. There were also some women that have been notified by the health department and haven’t had their identities revealed. HIPAA protected against the good of the community in this case even though the health information status of some patient’s were exposed by the health department. It is when these confidential records become in the hands of unauthorized users, will the privacy of patient’s health records become a concern.
From the patient’s point of view, electronic medical records are safe and secure. The ease of visiting doctor to doctor without having to fill out redundant forms has freed the minds of American’s patient’s today. In today’s time where communication between patient and provider are high, patient’s feel they’re a part of their own health care treatment. Patient’s knowledge of privacy protections and attitudes toward HIPAA are positive (Williams, 2008).
Two groups of health care stakeholders that are almost uniformly in favor of electronic medical records are the purchasers and the policy makers (Wynia, 2010). Employers (Health care purchasers) can match electronic medical records to health risk assessment results, which then serve as a guide into disease prevention programs. This will increase the health of the employees which will decrease the amount of health premiums that the employer shells out annually.
Employers hope that investments in electronic medical records will be returned in health care savings and improved workforce productivity, even though data to substantiate these hopes are limited. Some employers see an increase of employee health awareness and participation in wellness programs as an early measure of success. Policy makers (Government, state organizations) generally share purchasers’ optimism about electronic medical records. Namely, is the expectation that they can bring about radical improvements in efficiency and quality of care. After all, patient privacy and safety are at the top of the list of all health care organizations.
With electronic medical records and HIPAA, I feel that patient’s privacy rights in regard to their electronic medical records are protected. Electronic medical records that are transferred from accredited health care facilities in the United States are done so in a confidential manner. It is when electronic medical records are transferred to outside agencies (overseas hospitals, unaccredited institutions...) is when confidential information is compromised. This transferring of medical records to outside agencies might not necessarily be a negative act though. These electronic medical records could notify the state and health department of what illness is spreading at a fast rate and elimination of this disease can occur immediately.
But with this comes the risk of exploiting a patient and their illness. Remember the French man in the example earlier; his name is “Philippe Padieu”. This is the risk of having your name and medical records sent to an agency whose responsibility is to control and treat the illness, not to protect the privacy. If his records were kept confidential, I couldn’t be able to state his name in this paper. With accredited health institutions, the privacy of the patient is always considered first. Not just for security reasons due to health treatment, but also to prevent the hospitals/centers from getting a malpractice lawsuit. The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is an example of an accrediting organization that sets standards on how patient’s treatment should be governed. JCAHO’s goal is to advocate the use of patient safety measure, privacy, the transmission of information, outcome performance and to introduce new policy measures to health care organizations. This type of organization accredits an organization as being fit to provide health care services, and it also has the power to revoke this status from an organization and shut it down accordingly.
Breaches of security do occur with electronic medical records, whether it is from human error or an electronic glitch. It is the primary duty of health care workers to limit such happenings from occurring. Proper training of staff and continuous seminars of HIPAA’s security acts can update the clinicians on what changes are occurring and keep the information fresh in their minds. Also, the communication between the treatment facility and its patient’s can inform the patient on any changes of HIPAA’s privacy rule. This will include the patient in their own health treatment and will grant them autonomy in making treatment decisions.
President George W. Bush has set a goal of establishing an electronic medical records for all patients by 2014 and has established a new coordinator position in HHS (Health and Human Services) to develop technical specifications for standardization of EMR( Badger, 2011). “The stimulus bill passed in 2009 set aside $27 billion to encourage doctors to migrate their illegible handwriting and paper charts into the electronic medical records that policymakers and politicians have for years been saying could revolutionize medical care (and the amount of money it costs us)” (Badger, 2011). Since this is our future, how can we believe that our medical records are at risk?
HIPAA requires that health care providers and health plans allow the patient access to their medical records. Notices you receive from providers and plans must include information about how you can obtain copies of your medical records. If such security exists for one to request personal records, only imagine the security measure it takes for the transferring of records in accredited institutions. Various makers of encryption systems and vendors such as “Zixit Corporation”, a company that sells security and privacy software to users of electronic communications, support the use of electronic medical records systems. These types of software’s are what secure the information in the database at health care facilities. When such systems are properly installed throughout a facility, the transmission of records will be done confidentially. There are differences in privacy software installed at various locations, but the main goal of each is preventing hackers by encrypting the data so that it cannot be read at all.
Legislation also contributes to the privacy of medical electronic records. In 2003, Stop Taking Our Health Privacy (STOHP) Act was established to protect privacy. This act would: restore standards to protect the privacy of individually identifiable health information; permit a health care provider to use or disclose an individual’s protected health information without prior consent only under specified circumstance; ensure that consent forms meet specified criteria; and forbid disclosures for public health activities (Dudley, 2004). Another act enacted by legislation “The Medical Independence, Privacy and Innovation Act (2003) forbid the use of social security numbers in electronic medical records to identify patients. This is especially important when a breach occurs in the system since our social security number is what uniquely identifies us apart.
The HHS Office of the Assistant Secretary for Planning and Evaluation stated in 2000, "We learned that stakeholders in the system have different ideas about the extent and nature of the privacy protections that exist today, and very different ideas about appropriate uses of health information (Federal Register, 2000). Stakeholders feel a possible risk associated with personal medical information that gets in the hands of unauthorized persons who then use them for unintended purposes. It is up to the legislation and the government to develop a standard where all institutions carrying electronic records are to have secure computer systems and strict access to files.
“There’s no absolute, 100-percent guarantee that a person 's information is secure right now,” (Conger, 2010). To have a balance between the patient’s privacy laws and the electronic health care system involves a large task of bringing together the patient’s privacy laws with the federal laws that are outlines in the Health Insurance Portability and Accountability Act (HIPAA).
While public policy experts work to safely merge those patient privacy standards, state and federal governments are also drafting new laws and standards regarding access to and sharing of these records (Conger, 2010). As an example being that people could now go to prison for hacking into electronic medical record systems and even hacking into e-mail accounts. Also, medical professionals are now being sued if they are at fault for patient health information being leaked and any other breach of patient health security can be litigated against the professional and/or the entire institution.
Electronic medical records must continue to have complete protection from the federal level (HIPAA). There will always be a need for transferring medical records, especially in this time of fast paced care. But there must be a uniform standard placed at every health institution that protects the patient’s information from outside sources. HIPAA must eliminate the ability of outside sources and the government from accessing the patient’s information. HIPAA is still failing to protect data from these sources which runs against their policies. There should be an adjustment to HIPAA which eliminates access to records from all other unauthorized/unaccredited health agencies. Also, patients should be given the option to place a restriction against the government and any other type of entities from access to their records. Patients should become in full control over their health records and have full say as to who can have access to them.
Patients may begin to avoid medical treatment if they feel their privacy is compromised. There should be a stricter law to HIPAA and the legislations that protects the confidential relationship between the patient and the doctor. This will improve the quality of care the patient receives. Eliminating access by unauthorized users is another improvement that electronic medical records can do. This will avoid the exploitation of patient health status and identity and can prevent any upcoming grievances. In addition to tightening regulations, physicians must optimize the use of encryption technology and security and ensure the integrity of healthcare data by preventing modification of information (Conger, 2010).
HIPAA was established to protect the patient’s privacy. In still it is allowing access to numerous entities that don’t have the responsibility to protect the private relationship that is between the doctor and the patient. HIPAA’s regulations must be tightened to prevent breaches of privacy; otherwise this infraction could call for a penalty. The expenditure of federal funds for the implementation of electronic medical records should solely be allowed for secure and confidential companies that utilize secure software databases at their health care facilities. Those who do not participate in operating a secure computer system will not be allowed to enter or transfer any medical data records until management enforces the secure system at their facility.
So depending on how you view it, electronic medical records are keeping patient’s information safe. Beginning with the Hippocratic Oath that every clinician must take before providing service, clinicians obey by this oath first and foremost. It is the clinician’s swear to prevent and protect the patient’s privacy by all means. Then with all of the federal and state laws that are now enforced to protect the patient’s information, electronic medical records are as safe as they could be. To work in an industry that contains a diary of someone’s health, is a serious business. For health care professionals, they are now trained to work with machines (fax, printers...), and encrypted computer software’s that prevent the leak of private information.
Electronic medical records are here to stay. Like previously stated, we are to expect that every person in the United States will have an EMR by the year 2014. Future goals for electronic medical records are “to design system tools that are specific for the patient and can be updated quickly as the literature and guidelines change” (Dove, 2010).
At this point, the rate of documentation from the bedside takes too long and with system specifications catered to every patient, time spent on documenting will be reduced. Another change will be for institutions to move away from vendor computer software’s, favoring a web based subscription that an institution can subscribe to individually. These web based subscriptions can be specifically chosen to meet the hospitals needs. The vendor’s role would be to create electronic software that can easily be read and transferred by web based software’s. With Federal and State legislations continually updating and altering patient’s privacy rights, the future of patient’s privacy is looking good. While there are some leaks in HIPAA’s system, every year there are updates to patient’s privacy concerns that are disclosed to both institutions and patients. When clinicians and patient’s are aware of the new regulations, it creates an open communication between patients and their physicians. At the end of this, it will produce a better health care treatment for all patients’s which is what electronic medical records were meant to
do.
References
Badger, E. (2011). Can Privacy, Electronic Medical Records Coexist? Retrieved from http://www.miller-mccune.com/health/can-health-privacy-electronic-medical-records-coexist-32350/
Brown, B. (2010). Protecting the Confidentiality of Medical Records in an Interconnected Environment. Managed Care Outlook, Vol, 23(22(, p1-10, 5p.
Conger, C. (2010). Are Electronic Medical Records Safe? Retrieved from http://news.discovery.com/tech/are-electronic-medical-records-safe.html
Dove, J. (2010). Clinically Useful Electronic Health Records: A Vision for the Future. Methodist DeBarkey Cardiovascular Journal, Vol 6(2), p33-37, 5p.
Druckerman, S., Welsh, S. (2009). How Women United to Stop HIV-Positive Man. Retrieved from http://abcnews.go.com/2020/hiv-criminal-busted-women-lied/story?id=8579258
Dudley, G. (2004). Electronic Records, Patient Confidentiality, and the Impact of HIPAA. Retrieved from http://www.psqh.com/octdec04/dudley.html
Richards, M. (2009). Electronic Medical Records: Confidentiality Issues in the Time of HIPAA. Professional Psychology: Research and Practice, Vol 40(6), pp. 550-556
Williams, A.R. (2008). HIPAA Costs and Patient’s Perceptions Privacy Safeguards Mayo Clinic. Joint Commission Journal on Quality and Patient Safety, Vol 34(11), pp27-35.
Wynia, M. Dunn, K. (2010). Dreams and Nightmares: Practical and Ethical Issues for patients and Physicians using Personal Health Records. Journal of Law, Medicine and Ethics, Vol 38(1), p.64-73.
The Joint Commission on Accreditation of Healthcare Organizations website: http://www.jointcommission.org/
Zixcorp website: http://www.zixcorp.com/