Medical Ethics: Privacy and confidentiality

Healthcare and Confidentiality

Healthcare is among the most personal services offered in our communities. However, offering these services, a lot of people must have access to personal information of the patient’s information. In order to get quality healthcare services, patients must be willing to give out their intimate personal information. In return, the healthcare providers must be willing to treat the offered information with a lot of confidentiality and offer protection against any breach (Greiner, 2015). In a nutshell, effective healthcare requires instant access to the provided information. In order to offer safe, appropriate and effective patient care, the patient must be willing to offer their most personal information. In return, the medical ethics requires that the healthcare provider must be ever-vigilant to balance the need for confidentiality and privacy (Rothstein, 2015). Basically, there are four major ethical milestones for medical records; security breaches, privacy and confidentiality, data inaccuracy, and system implementation.

Privacy and Confidentiality

According to medical ethics, Privacy is defined as basically as the right to be let alone. On the other hand, it has been defined as the right of a person not to reveal the information about them and not to disclose the same to another person. Therefore, patient information should only be released to the third person only when allowed by law or patient’s permission and this must be done via the use of a signed confidential consent form. In case of when the patient is unable to give permission due to mental incapacitation or age, the decision, whether to reveal the information or not, should be made by someone legally permitted by medical ethics and this can be a legal guardian or legal representative of the patient. Personal information shared between the patient and the clinician is private and must be kept confidential. However, as per the medical ethics act, records not containing the real identity of the patient can be revealed and hence not covered in this section. For example, the total number of female patients with Cancer in any government hospital can be revealed and shared in order to raise awareness (McBride et al., 2015).

The Medical ethics, however, grant permission to other relevant authorities to gain access to given health records to function as designed. Some of these institutions include insurance companies and other healthcare institutions. The main aim of maintaining confidentiality is only to allow authorized personnel to have access and modification of the provided records.

With increasing technology, maintenance of confidentiality is becoming even more difficult. The use of Information Technology in the healthcare system has made it easy to access health records while jeopardizing the confidentiality of the information. The use of mobile devices and other rapid exchange methods within the hospital health records by a greater number of people who claim to have major contributions to the treatment of the patient has increased the risk at which there are unauthorized access, use, and disclosure of private health records. Within, the healthcare system, patient’s information contained within the medical records is currently accessed and reviewed not only by nurses and clinicians but also other professionals in the administration, public health, and government positions.

Every state has its own laws regarding the obligation to protect the privacy and confidentiality of healthcare records. The Omnibus Rule (2013), which is an expansion of the Health Information Technology for Economics and Clinical Health Act (HITECH Act), forms a joint umbrella for the standards of accreditation and other issues relating to patient healthcare records (Mennemeyer et al., 2016). In as much it is believed that having controlled access to health information is significant, it is not sufficient enough to offer the required amount of confidentiality. Therefore, there is need to install additional strong security and privacy policies to secure the healthcare records.

Security Breaches

The security breach is the main issue threatening the privacy and confidentiality of the health records. Research studies carried out at Howard University Hospital revealed that failure to put across adequate data security could affect a number of patient healthcare records. In 2013, the federal HITECH officials prosecuted one of Howard University Hospital medical technicians for violating the Omnibus Act (2013). The medic was accused of over repeatedly using his position to access the patient’s personal data like names, address and medical attention numbers and sell them. Six months later, the hospital also announced that more than 34,000 patient’s medical records were in danger. The hospital cited that a contractor contracted to work on the data had downloaded the data into his personal laptop, and the laptop had been stolen from his house. In as much as the data was password protected, the data was not encrypted meaning anyone could comfortably guess the password and gain access to the data. This alone violated the key milestone principles of medical ethics. First, the hospital had permitted vital health information to a third party. And secondly, despite the significance of the information, the hospital had failed to offer maximum protection by encrypting it.

Keeping the hospital records secure is a challenge that most healthcare facilities are struggling with. The medical ethics has enlisted a variety of security measures that can be taken to ensure that portable Electronic healthcare records are secured from any form of breach (De Moor et al., 2015). Ethics disapproves the use of mobile phones to obtain the patient’s information, and for the portable devices, it calls for password protection, cloud storage, and data encryption. in addition to that, in order to protect data from intrusion and unauthorized access, security measures like antivirus software, firewalls, and intrusion detection software need to be included to ensure that there is data integrity.

Medical Ethics Position

By following all the laid down procedures, one could have adhered to the ethical policies of medical ethics regarding the use and protection of the medical records. All healthcare profession has a legal and moral obligation to protect the security and confidentiality of the medical records. However, at the same time, they must also allow the flow of information from one department to the other and other relevant authorities for the treatment of the patient. Medical ethics mandates the healthcare executives to ensure that their healthcare staff obtains proper acknowledgement concerning the Notice of Privacy Practices that can assist in the free flow of relevant information between the healthcare providers and the patient while being sure that they are meeting the requirements of higher levels of protection as enshrined under the protection clause of HIPAA.

In as much each healthcare organization possesses the healthcare records, unauthorized access must be kept out of bounce. And access to the information must be in compliance with the HIPAA and other state healthcare rules and regulations that define the kind of disclosures that fall outside the permissive category. In addition to that, all healthcare organizations must evaluate the authenticity of all requests seeking for patient information. To make sure that the hospital’s health records are safe, the healthcare executives must seek to;

• Ensure that the medical policies and practices are adhered to by ensuring that all healthcare records are treated with respect, security, and confidence and release patient information is consistent with the medical ethics rules and regulations
• Limit the number of healthcare providers accessing the patient’s information
• On a cases-by-case basis evaluate the disclosure beyond the treatment team. However, this must be done in relation to the laws of the Notice of Privacy Practices.
• Educate healthcare personnel on data security requirements and confidentiality. In addition to that, steps should be taken to ensure that all personnel are aware of the penalties associated with disclosing patient’s information without consent
• Carry out periodic health data risk assessments and audits to ascertain the vulnerability level and potential risks

Conclusion

In summary, having an effective, updated and policy adherent health record requires the expertise of Information technologists, clinicians, medical ethicists, patients and the administrative personnel. Effective health records call for an appropriate balance between maintaining the patient’s privacy and confidentiality rights and giving access to health records in order to improve general health, discover new therapies, significantly reduce the cost, and adhere to the general rules of medical ethics as outlined by HIPAA and other legal authorities. Although it can be argued that healthcare organizations possess health records, it is not their right to disseminate the same information to whoever they wish. It has to be done under the consent of the patient and other legal authorities.

References

De Moor, G., Sundgren, M., Kalra, D., Schmidt, A., Dugas, M., Claerhout, B., ... & Kush, R. (2015). Using electronic health records for clinical research: the case of the EHR4CR project. Journal of biomedical informatics, 5(3), 162-173.

Greiner, T. E. (2015). How the use of integrated health information technology effects the patient-provider relationship, 4(3), 261-268.

McBride, S., Sobel, A., & Caton-Peters, H. (2015). Privacy and Security in a Ubiquitous Health Information Technology World. Nursing Informatics for the Advanced Practice Nurse: Patient Safety, Quality, Outcomes, and Interprofessionalism, 23(2), 917-934.

Mennemeyer, S. T., Menachemi, N., Rahurkar, S., & Ford, E. W. (2016). Impact of the HITECH act on physicians’ adoption of electronic health records. Journal of the American Medical Informatics Association, 23(2), 375-379.

Rothstein, M. A. (2015). Ethical issues in big data health research: currents in contemporary bioethics. The Journal of Law, Medicine & Ethics, 43(2), 425-429.