HCS 335: Patient Privacy Issues
Administrative Ethics Paper
HCS 335
James Thomas
Patient Privacy
Patient privacy has been a major issue within the healthcare field for many years. With the increasing use of medical information technology more and more people are being authorized to view patient health information. Not only do physicians and nurses have access; but this has broadened to include allied health professionals, billing specialists, quality assurance employees, social workers, medical records technicians etc... (Pendrak & Ericon, 1998). All of these healthcare professionals have a duty to take any steps necessary to protect the patient 's right to privacy when it comes to their health information.
Population Affected
Patient privacy issues …show more content…
affect all healthcare professionals as well as anyone who seeks medical care. Patient confidentiality is the right of an individual to have personal, identifiable information kept private (E-notes, 2011). The protected health information should be only available to the physician of record unless an informed consent is signed by the patient giving permission for the medical professional to release the information. The informed consent consists of whom to release the information to and specifically what information is to be released. The increasing desire of healthcare organizations to attain medical information systems has broadened the amount of access to patient records. This opens up the risk of inappropriate use of patient records and may violate state or federal privacy laws. There are numerous examples of people affected by abuses of their rights to privacy. According to Pendrak & Ericson (1998), “In Maryland, for example, 16 state employees sold confidential information from the state 's medical database to HMOs. According to a University of Illinois study, a startling 35 percent of Fortune 500 companies admit to having used medical information to make employment decisions” (para. 3). These examples show that there are different reasons for the violations and anyone can be affected by them and this leads to wrongful discrimination of the patient.
Legal and Ethical Issues
Most states currently have laws that require healthcare organizations to maintain the confidentiality of their medical records as well as provide legal protection of computerized or electronically transferred patient information (Pendrak & Ericson, 1998). An ongoing concern regarding protection of patients privacy is the varying of the state laws and the lack of clarity regarding federal requirements. Healthcare facilities often do not have strict guidelines for their staff members to follow when handling private patient information because the government guidelines are not easily followed. In addition, the rapid advancement of medical information technology is bypassing the pace at which the laws designed to protect patient privacy.
The government attempted to address the issue of patient confidentiality by introducing the Health Insurance Portability and Accountability Act (HIPAA) in 1996. This act specifies that monetary penalties as well as prison terms can be assessed for wrongful disclosure of individual health information. However, it did not set uniform national medical records privacy standards at that time. Currently, HIPAA does have some standards set forth that all healthcare organizations must follow. Standards for electronic health transactions state that all healthcare organizations should implement a national standard intended to result in the use of one uniform format to improve the transactions efficiency. HIPAA also states that all healthcare organizations adopt and use a unique identifier such as a tax id number or NPI number to identify themselves when performing any electronic health transactions (Training-HIPAA.net, 2011).
The main purpose of a physician’s ethical duty to protect patient privacy is so that the patient will feel comfortable disclosing their entire medical information without fear of the physician passing that information along. The patient 's ability to trust the physician not to disclose their information will allow the physician to treat the patient fully. It allows the physician to properly diagnose and treat the entire condition properly. These guidelines are not binding by law, but many courts have used them as the basis for imposing legal obligations (AMA, 2011).
Managerial Responsibilities
Managers within a healthcare organization are responsible for ensuring all of the employees are trained in the proper handling of all protected health information (PHI) that they come into contact with. The employees should be aware of all guidelines and restrictions that are set forth when handling PHI as well as the penalties for not following them. All staff members should be trained on how to identify appropriate requests for information, and how to handle them appropriately and consistently. As healthcare technology is advancing healthcare managers should be very proficient with all systems that are currently being used within his or her organization. Through electronic health record systems healthcare providers and his or her staff members now have access to many different systems and it is the managers responsibility to make sure they all have the proper training to act responsibly with that access. While having the broader access allows the patient to be treated in more thorough and timely manner, it is important that the healthcare professional keep in mind their responsibility to respect and honor the patient 's right to privacy (AMA, 2011). Staff education and training programs should be routinely administered and be a part of every employee orientation and training.
Proposed Solutions
The article proposes several solutions for ensuring computerized medical records are protected and allowing penalties for noncompliance with state and federal privacy standards are avoided (Pendrak & Ericson, 1998). First, it is suggested that safeguards are implemented within the computerized medical record system. This includes encryption applications and firewalls. This will help prevent unauthorized access by individuals that do not have permission to view the patient information such as computer hackers.
Most violations, however; are made by people that have access to use the medical systems. For this issue the article suggests that organizations implement a formal information management plan that addresses internal security and patient privacy issues as well as access and system capabilities. This plan should include a written policy for information security, staff education and training programs, risk assessments, audit processes, and backup and recovery procedures (Pendrak & Ericson, 1998). It is felt that having this type of plan in place will demonstrate the organizations concern and dedication to protecting patient privacy and this will reduce the risk of being found negligent or reckless in the area of protecting patient privacy should a lawsuit occur.
Finally, according to Pendrak and Ericson (1998), “All healthcare organizations should have a comprehensive written policy that limits access to and retrieval of patient information (para.
11). This policy should limit access to and retrieval of patient information, define levels of access by matching data availability to data required to perform each specific job. Basically, this would give each staff member only the required amount of access and therefore control the amount of abuse that occurs. For example, an organization would give the physician complete access to the patient 's chart while limiting the amount of clinical information available to the administrative …show more content…
staff.
In conclusion, it is imperative that healthcare organizations take strong measures in protecting the patient 's privacy.
Medical records consist of private health information that should remain private unless direct written consent is given by the patient. Information technological advances are coming at a rapid pace and the laws designated to protecting the patient 's right to privacy are being surpassed. It is then the responsibility of the healthcare provider to ensure that he or she is doing whatever necessary to protect the patient. It is the responsibility of the healthcare manager to ensure that all staff members are properly trained to handle the PHI that they have access to. All healthcare organizations should take steps to ensure that their organization is doing all that they can to be compliant with guidelines that are stated within federal and state laws, including using safeguards and implementing a formal information management plan. After all, the patient should be comfortable and able to trust those providing healthcare services to him or her enough to provide all pertinent information to be properly diagnosed and treated.
References:
1. AMA-assn.com (2011). Patient Physician Relationship Topics. Patient Confidentiality. Retrieved June 11, 2011, from http://www.ama-assn.com
2. E-Notes.com (2011). Encyclopedia of Nursing and Allied Health. Patient Confidentiality. Retrieved June 10, 2011, from http://www.e-notes.com
3. Pendrak, R. & Ericson, R. (1998, October).
Healthcare Financial Management. Information Technologies Need to Protect Patient Confidentiality. Retrieved June 10, 2011, from http://www.findarticles.com
4. Training-HIPAA.net (2011). HIPAA Laws, HIPAA Privacy Regulations, HIPAA Security Rule Guidelines. Retrieved June 11, 2011, from http://www.training-HIPAA.net
HCS 335
James Thomas
Patient Privacy
Patient privacy has been a major issue within the healthcare field for many years. With the increasing use of medical information technology more and more people are being authorized to view patient health information. Not only do physicians and nurses have access; but this has broadened to include allied health professionals, billing specialists, quality assurance employees, social workers, medical records technicians etc... (Pendrak & Ericon, 1998). All of these healthcare professionals have a duty to take any steps necessary to protect the patient 's right to privacy when it comes to their health information.
Population Affected
Patient privacy issues …show more content…
affect all healthcare professionals as well as anyone who seeks medical care. Patient confidentiality is the right of an individual to have personal, identifiable information kept private (E-notes, 2011). The protected health information should be only available to the physician of record unless an informed consent is signed by the patient giving permission for the medical professional to release the information. The informed consent consists of whom to release the information to and specifically what information is to be released. The increasing desire of healthcare organizations to attain medical information systems has broadened the amount of access to patient records. This opens up the risk of inappropriate use of patient records and may violate state or federal privacy laws. There are numerous examples of people affected by abuses of their rights to privacy. According to Pendrak & Ericson (1998), “In Maryland, for example, 16 state employees sold confidential information from the state 's medical database to HMOs. According to a University of Illinois study, a startling 35 percent of Fortune 500 companies admit to having used medical information to make employment decisions” (para. 3). These examples show that there are different reasons for the violations and anyone can be affected by them and this leads to wrongful discrimination of the patient.
Legal and Ethical Issues
Most states currently have laws that require healthcare organizations to maintain the confidentiality of their medical records as well as provide legal protection of computerized or electronically transferred patient information (Pendrak & Ericson, 1998). An ongoing concern regarding protection of patients privacy is the varying of the state laws and the lack of clarity regarding federal requirements. Healthcare facilities often do not have strict guidelines for their staff members to follow when handling private patient information because the government guidelines are not easily followed. In addition, the rapid advancement of medical information technology is bypassing the pace at which the laws designed to protect patient privacy.
The government attempted to address the issue of patient confidentiality by introducing the Health Insurance Portability and Accountability Act (HIPAA) in 1996. This act specifies that monetary penalties as well as prison terms can be assessed for wrongful disclosure of individual health information. However, it did not set uniform national medical records privacy standards at that time. Currently, HIPAA does have some standards set forth that all healthcare organizations must follow. Standards for electronic health transactions state that all healthcare organizations should implement a national standard intended to result in the use of one uniform format to improve the transactions efficiency. HIPAA also states that all healthcare organizations adopt and use a unique identifier such as a tax id number or NPI number to identify themselves when performing any electronic health transactions (Training-HIPAA.net, 2011).
The main purpose of a physician’s ethical duty to protect patient privacy is so that the patient will feel comfortable disclosing their entire medical information without fear of the physician passing that information along. The patient 's ability to trust the physician not to disclose their information will allow the physician to treat the patient fully. It allows the physician to properly diagnose and treat the entire condition properly. These guidelines are not binding by law, but many courts have used them as the basis for imposing legal obligations (AMA, 2011).
Managerial Responsibilities
Managers within a healthcare organization are responsible for ensuring all of the employees are trained in the proper handling of all protected health information (PHI) that they come into contact with. The employees should be aware of all guidelines and restrictions that are set forth when handling PHI as well as the penalties for not following them. All staff members should be trained on how to identify appropriate requests for information, and how to handle them appropriately and consistently. As healthcare technology is advancing healthcare managers should be very proficient with all systems that are currently being used within his or her organization. Through electronic health record systems healthcare providers and his or her staff members now have access to many different systems and it is the managers responsibility to make sure they all have the proper training to act responsibly with that access. While having the broader access allows the patient to be treated in more thorough and timely manner, it is important that the healthcare professional keep in mind their responsibility to respect and honor the patient 's right to privacy (AMA, 2011). Staff education and training programs should be routinely administered and be a part of every employee orientation and training.
Proposed Solutions
The article proposes several solutions for ensuring computerized medical records are protected and allowing penalties for noncompliance with state and federal privacy standards are avoided (Pendrak & Ericson, 1998). First, it is suggested that safeguards are implemented within the computerized medical record system. This includes encryption applications and firewalls. This will help prevent unauthorized access by individuals that do not have permission to view the patient information such as computer hackers.
Most violations, however; are made by people that have access to use the medical systems. For this issue the article suggests that organizations implement a formal information management plan that addresses internal security and patient privacy issues as well as access and system capabilities. This plan should include a written policy for information security, staff education and training programs, risk assessments, audit processes, and backup and recovery procedures (Pendrak & Ericson, 1998). It is felt that having this type of plan in place will demonstrate the organizations concern and dedication to protecting patient privacy and this will reduce the risk of being found negligent or reckless in the area of protecting patient privacy should a lawsuit occur.
Finally, according to Pendrak and Ericson (1998), “All healthcare organizations should have a comprehensive written policy that limits access to and retrieval of patient information (para.
11). This policy should limit access to and retrieval of patient information, define levels of access by matching data availability to data required to perform each specific job. Basically, this would give each staff member only the required amount of access and therefore control the amount of abuse that occurs. For example, an organization would give the physician complete access to the patient 's chart while limiting the amount of clinical information available to the administrative …show more content…
staff.
In conclusion, it is imperative that healthcare organizations take strong measures in protecting the patient 's privacy.
Medical records consist of private health information that should remain private unless direct written consent is given by the patient. Information technological advances are coming at a rapid pace and the laws designated to protecting the patient 's right to privacy are being surpassed. It is then the responsibility of the healthcare provider to ensure that he or she is doing whatever necessary to protect the patient. It is the responsibility of the healthcare manager to ensure that all staff members are properly trained to handle the PHI that they have access to. All healthcare organizations should take steps to ensure that their organization is doing all that they can to be compliant with guidelines that are stated within federal and state laws, including using safeguards and implementing a formal information management plan. After all, the patient should be comfortable and able to trust those providing healthcare services to him or her enough to provide all pertinent information to be properly diagnosed and treated.
References:
1. AMA-assn.com (2011). Patient Physician Relationship Topics. Patient Confidentiality. Retrieved June 11, 2011, from http://www.ama-assn.com
2. E-Notes.com (2011). Encyclopedia of Nursing and Allied Health. Patient Confidentiality. Retrieved June 10, 2011, from http://www.e-notes.com
3. Pendrak, R. & Ericson, R. (1998, October).
Healthcare Financial Management. Information Technologies Need to Protect Patient Confidentiality. Retrieved June 10, 2011, from http://www.findarticles.com
4. Training-HIPAA.net (2011). HIPAA Laws, HIPAA Privacy Regulations, HIPAA Security Rule Guidelines. Retrieved June 11, 2011, from http://www.training-HIPAA.net