Administrative Ethical Issues in Healthcare - Research Paper Example

Administrative Ethical Issues in Healthcare This paper analyzes a health administrative issue posted at the U.S. Department of Health & Human Services (HHS.gov) and titled, “Stolen Laptops Lead to Important HIPAA Settlements.” The case reports an April 2014 incidence where two organizations paid the HHS office for Civil Rights (OCR) a sum of $1,975,220 to settle identified violations of the Human Insurance Portability and Accountability Act (HIPAA). In effect, the enforcement steps accentuate the potential risk to the security of private information in the unencrypted laptops that were stolen. Put simply, two organizations are forced to pay OCR a sum of $1,975,220 for losing two laptops that have patients’ private information (HHS, 2014). Undeniably, such information are at a risk of misuse hence the need for reinforcement. OCR’s deputy director asserts that, “Covered organizations must understand that mobile devices and computer security is the entity’s responsibility.” Consequently, the sum required of the entities sends a simple message that encryption is the best protection against such incidences. The two entities in this case are Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas. Correspondingly, the issue in the case affects many people in different measures. First, the most affected are patients whose information is stored in the stolen laptops. Jessica et al. (2011) assert that one of the core responsibilities of medical practitioners is confidentiality. As such, it is required that healthcare professionals keep patients’ information secret and private unless there is a consent to disclose health information. It is the underlying reason why patients share a lot of confidential information with medical practitioners. In essence, failure to keep the information private harms patients. Besides, patients often share private information with professionals. It is without doubt that the patient-physician trust is broken when the clinic does not maintain privacy of information. The situation affects patients in many ways. One, there are patients with personally sensitive health information that they sought to keep secret. Even so, that the laptops are stolen means such information is no longer private (Barrett et al. 2010). It is very likely that the information is in the hands of people who want to misuse it. Moreover, patients are affected in that they will hardly seek medical assistance from the hospital. Undoubtedly, people learn from experience, and the availability of other people’s experience teaches the rest. Moreover, the situation also affects healthcare professionals and the entire entity. It is sound to argue that patients lose trust in the entity’s ability to keep information private (Barrett et al. 2010). It is a requirement that every healthcare organization maintain privacy and protect patients’ information at all costs. Patients willingly share private information with physicians because they believe the information is safe. Essentially, turn out in the hospital will reduce. Further, it is difficult for other patients to be open and free with the physician. In addition, the patient-physician relationship diminishes (Barrett et al. 2010). The patient loses faith in the entity’s credibility and need for privacy of information. A continuation of the above trend means the organization is no longer trusted as one that can maintain the confidentiality of information. All members of a healthcare team have authorized access to patients’ information. To ensure no unauthorized access, it is important to decrypt information. The consequences of laptops’ loss are severe when perpetrators use information in the laptops to damage the organization. There are several arguments and facts used in the article to support the proposed solution. First, the article draw a major reference to the HIPAA Act. In essence, every healthcare organization understands the requirement by HIPAA, especially regarding privacy. It requires effective use and revelation of protected health information. The entity is charged with protecting patients’ information using the best possible means, preferably encryption. In addition, OCR realizes that Concentra had recorded multiple cases of lack of laptops’ encryption but did not take any action. Virtually every device containing electronic protected health information (e-PHI) was not encrypted. More worryingly, the entity’s efforts were inconsistent and incomplete despite the needs at hand. Similarly, OCR realizes that QCA failed to comply with several HIPAA requirements. The investigation finds that the entity did not encrypt laptops despite its understanding of the need for protected health information (HHA, 2014). As a result, the monetary settlement seeks to punish the entities for negligence in their duties. It is disturbing that top healthcare organizations understand the risks of failing to protect patients’ information yet they do the same thing. To prevent future incidences, OCR requires QCA to provide an updated risk analysis and a follow-up risk management plan that encompasses particular security measures to reduce the risks (HHS, 2014). On the other hand, Concentra is required to adopt a corrective action plan that evidences its remediation of the findings of the investigation. As such, OCR seeks to ensure that security measures are implemented at the entity level. It means that OCR takes the backseat and evaluates an entity’s corrective plan of action to ascertain that the plan protects against future incidences. The decisions in the above administrative issue are based on certain ethical and legal concerns. For instance, it is ethically required that healthcare entities protect private information, use it only for intended purposes, and ensures people who may misuse the information do not have access to it. Presently, there are many proliferations on ways in which the American healthcare system can be reformed. Evidently, the healthcare system strains under the weight of uncertain quality, inefficiency, and erratic coverages (Barrett et al. 2010). Most importantly, the healthcare system strains under lack of protection of patients’ information. As mentioned, entities are tasked with protecting the confidentiality of information. Consequently, it is ethically wrong when such information reaches people who may misuse it. The idea of protected health information cannot be underestimated. There are several reasons why patients prefer to keep medical information secret. Even so, patients keep information confidential from anyone else but trusts physicians to use such information professionally (Barrett et al. 2010). The result is that patients feel betrayed when confidential information is shared. As a result, there comes legal consequences. The violation of HIPAA comes with monetary compensations that carter for the potential misuse of stolen information. In this case, the monetary remittances by the two entities differ depending on the extent to which an entity complied with HIPAA’s privacy requirements. It is despite the fact that just one laptop was stolen in each case. The case does not illustrate any managerial responsibility related to the issue. Nevertheless, there are several ways in which the management could improve the situation and prevent future incidences. Undeniably, managers are the center of interest in an entity and spearhead every activity (Floridi, 1999). As such, compliance to HIPAA requirements goes as far as the management wants it to go. It means that the organizations did not comply with HIPAA privacy requirements partly because the management was not stern on the same. Moreover, it is worrying that the management knows about encryption but does not push for it. Management involves driving the organization to achieving set objectives usually by inspired actions (Floridi, 1999). The implication is that employees’ actions revolve around management policies. In addition, the management is partly to blame for allowing a physician to store patients’ information in a laptop they move carry everywhere. There are potential risks involved, such as car accidents and theft among others. Here, the laptop is stolen from a workforce member’s car, which shows laxity in the management’s protection of the entity’s properties. As such, stringent measures should be put in place to ensure no employee leaves the workplace with laptops and other mobile devices that have patients’ information. It requires a screening process that guarantees that no physician takes home the entity’s property. In summary, it is important to protect patients’ information at whatever cost. This analysis identifies several ethical and legal consequences of failure to protect patients’ information. In the case above, two entities pay monetary compensation for failure to comply with HIPAA requirements. It follows that entities cannot underestimate the need for protected health information. Besides, patients share a lotof confidential information that they trust only physicians to keep secret. Failure to do this damages the patient-physician relationship lowering patients’ confidence on the entity. Finally, OCR provides six educational programs for providers of healthcare regarding compliance with HIPAA requirements. The programs come in handy with free continuing educational credits that improve physicians’ compliance and competencies. References Floridi, L. (1999). Information ethics: on the philosophical foundation of computer ethics. Ethics and information technology, 1(1), 33-52. Fremgen, B. (2009). Medical Laws and Ethics. New York: Pearson Education. Garrett, T., Baillie, H., McGeehan, J., &Rosellen, G. (2010). Healthcare Ethics, Principles and Problems. New York: Pearson International. Jessica, D., Burke, W., & Denise, M. (2013). Confidentiality. Ethics in Medicine: University of Washington School of Medicine. The U.S. Department of Health & Human Services. (2014). Stolen Laptops Lead to Important HIPAA Settlements. Retrieved from http://www.hhs.gov/news/press/2014pres/04/20140422b.html Read More