Privacy and Confidentiality Electronic Health Information - Essay Example

HEALTH CARE ETHICS Name University Affiliation Date Introduction Privacy and confidentiality of personal health information concerning a particular personal continues to be an issue of discussion in many societies. The situation is that the current information age has enabled the computerization of health information of many people; this has raised concerns among people about the security of their medical information. This is because new technologies have made individuals to loose control over their personal health information (Butler, & Murphy, 2014). This has triggered society members to believe that intruders may leak their confidential information. This is because there is no good security systems put in place to secure this information. This argument is because in almost every nation, there are provisions in the laws that give the protection of individuals’ privacy and confidentiality. Thus, when personal health information recorded by the healthcare givers in health care institutions for instance, the society views it as the violation of personal privacy right (Butler, & Murphy, 2014). The paper focuses on privacy and confidentiality electronic health information. It shows the reasons why peoples’ information need to be protected, the importance of protection of health records, the modes that are used for protection. Definitions Privacy can be defined as personal freedom from interference or intrusion. This right recognizes that every person has a sphere of existence and activities that belong to him/her alone in that they should not be subjected to constrain and coercion (Hughes, 2012). The protected space includes personal communications, opinions and even intimate relationships. Information privacy is defined as the right to control the access to individual information (McFarland, 2012). Every individual has a right to protect and control other people from accessing to their private information. Patient privacy can be defined as the right to the patients to determine how and when their health records can be disclosed and shared to with others people. Patient privacy involves maintaining the privacy and confidentiality of the patient information by the health care providers. The right to privacy has raised a great concern in the medical field where health care providers require individual information so that they can utilize the information to get the best approaches they can use to treat their clients (Win, Susilo and Mu, 2006). Confidentiality on the other hand refers to the maintenance of another person’s trust or confidence for having entrusted you with their private secrets or information. Therefore, for the context of the topic of discussion, the patients or health care consumers have entrusted their trust with healthcare providers by giving out their private matters concerning their health status. Therefore, it is ethical for the health care providers to maintain the privacy of this information. A clinician or a physician would be termed to be unethical when they let the information entrusted with them leak and accessed to by third persons. In order to address this public concern, the United States drew the federal rules that meant to govern the handling and disclosure of individual health information. This was instituted under the Health Insurance Portability and accountability Act (HIPAA) that was famously known as HIPAA privacy rule (Pritts, 2008). The main role of this act was to restrict the way health care providers may use and disclose personal health information. However, health care researchers have criticized the institutionalization of the HIPAA rule that it would interfere with quality and valuable research (Laurie, 2014). In fact, some of the research organizations have proposed the revision of the rule to lessen its impacts on research. Generally, the observation of the personal privacy is among the ethical values upheld in the health field. Nevertheless, the dilemma is that the healthcare givers need to have the fully information about their clients for them to find the best way they can administer treatment or help for their health problems. Need for protecting individuals’ privacy To exhibit ethical values in health care sector, the healthcare code of conduct requires that the stakeholders in this industry do not interfere with the privacy of any individual. Some of the reasons given that supports the adherence to maintenance of personal privacy include, first, the more sensitive personal information disclosed to other people, the greater the danger of error (Lin, Watson, & Tsai, 2013). There would be more misunderstandings, prejudice, discrimination and even other forms of abuses. This implies that some caregivers may judge their clients basing on the information they have seen and act unprofessionally while offering their services (Lin, Watson, & Tsai, 2013). Therefore, it is better when the clients themselves keep the in health information confidential. The second reason is that lack of privacy and confidentiality would inhibit personal development, freedom of thought and expression (Lin, Watson, & Tsai, 2013). When an individual realizes that his/her confidential information has been leaked to other people, they develop a fear that would limit them from being free with those people who have handled their information. Lack of freedom of speech and thought would hinder personal development (Lin, Watson, & Tsai, 2013). The good knowledge and skills of such individuals would be unexploited because of this fear thus they do not progress. Moreover, creativity in such people would be suppressed. Thirdly, when individuals’ confidential information is disclosed in public, it makes it difficult for the people to form, and manage meaningful relationships with others (Pritts, 2008). This is because they would always feel inferior or in any relationship, more especially when they realize that the people they are within the relationship know their background. This means that when somebody’s confidential information is not disclosed, there is some sort of confidence a person develops when interacting with people than when private issues are revealed to everyone. Fourthly, the disclosure of an individual’s private information tends to restrict personal’ autonomy through allowing them less time to have control over their lives especially over the access of other people on their lives (Pritts, 2008). This means that such people are insecure since outsiders easily use their information to manipulate their lives, and they are left with nothing to do (Pritts, 2008). Individuals are left vulnerable to external powers to control their lives. Lastly, exposure of individuals’ private information tends to defraud them off their dignity. Individual's respect is lost when their private matters find their way to circulate in public domain. Therefore, the dignity of the affected individuals is soiled (Pritts, 2008). Other people would be always judging such individuals according to the information that they came to know about them. Provisions of law on privacy and confidentiality In the contemporary society, most governments have seen the importance of ensuring privacy of their citizens to some degree. The protections given have different styles and concerns. The common law of the US protects the privacy of the individuals. It states that it is illegal to disclose private facts concerning a particular individual. Further, more, it is an offense to place a person in a false light (Mc Farland, 2012). The act of appropriation of somebody’s name, image or any other personal identity is considered an offense and one can be sued in courts of law successfully. The common law still provides that the intrusion of one’s private communication is illegal unless it is done for valid reasons (Pritts, 2008). The United States' constitution does not have a provision personal privacy. However, the judiciary has found the constitutional basis of privacy rights to be ordinary realms of individuals’ life (Lowth, 2013). This is found in the fourth, fifth and fourteenth amendments where the protection of individual liberty from external interference is found (Mc Farland, 2012). The first amendment tends to protect people from freedom of speech to some extent taking care of privacy protection. A famous case of 1967 Katz v. United States compelled the Supreme Court to extend the fourth amendment protection to include some types of electronics communication thus, giving birth to the protection of information privacy (Pritts, 2008). This has now extended to the health care sector where the caregivers have the obligation of observing personal privacy when discharging their duties as one of the ethical values in this health field. In 1974, there was an enactment of a privacy Act to control the federal governments over collection and disclosure of personal information (Terry & Francis, 2007). Other Acts concerning individual privacy were enacted in the succeeding years. It was until 1986 when the electronic communication privacy Act (ECPA) was enacted. This law emphasized privacy protection to new communication technologies such as computer-to-computer, emails, mobile phones and pagers communications (Terry & Francis, 2007). This law aimed at forbidding the interception, the use, and the disclosure of any electronic communication such as transfer of electronic data. This act further has the provision that protects the stored communication (Mc Farland, 2012). It prohibits breaking into the system that stores electronic communication and an offense to operate or disclose any electronic communications that are stored. Therefore, in the medical field, medical contains some sensitive materials that stores personal databases. Some of the personal information found in the medical records includes; psychiatric histories of individuals, accounts of historical breakdowns, mental and physical disabilities, drug and alcohol use, family backgrounds, and the historical medication of individuals (Mcgowan, 2012). Most of such information is private, and individuals guard it not to be disclosed to outsiders because it can cause other unwanted inconveniences (Mcgowan, 2012). Some of the outsiders who may be interested to know the personal information of particular individuals include; employers, law enforcement officials, researchers, insurance companies, marketers coworkers and other curious individuals that just want to know more of other people. There was no any federal protection of personal privacy in medical records; the states laws varied considerably. However, in 1996 when health insurance portability and accountability (HIPAA) was initiated, the privacy laws on medical records were introduced (Warkentin, Johnson& Adams, 2006). This was because HIPAA enabled the handling of electronic information to be done in different ways and in the process, wrong people who would take an advantage and violate the individuals’ privacy rights could handle the information. The benefits that accrued from the Initiation of HIPAA include; first, the computerized information became now readily available to the healthcare givers even in more remote villages (McCullough & Schell-Chaple, 2013). Any doctor can treat a strange patient because his/her medical records are found online, and the physician can just retrieve and know the medical history of the patient. Secondly, large base of medical data online can aid in medical research; the researchers would use online medical information as secondary sources when collecting data during research work (McCullough & Schell-Chaple, 2013). Moreover, HIPAA enabled efficient billing, payment and reimbursement. Ethical and legal issues arising In this digital era where technology is quite dynamic, a device that is considered hot on the market today and today is already replaced with another that surpasses it. This change in technology is affecting all the sectors of the economy (Lachmann, 2012).The medical field like another field has not been left behind. Many technological devices have been innovated to assist health delivery in this sector. Most of the work has been computerized in that there is a transition from pen and paper storage to electronic storage. Nowadays, nearly all the medical records are now stored in electronic medical records (EMR). This transformation has enhanced efficient handling of the patients’ records hence better services. The benefits resulting from the shift from manual to electronic record keeping are hard to ignore. However, so many ethical and legal issues have emerged due to the advent of the technology enabling keeping patients’ records in electronic form other than the paper form. Some of the issues emerging from this transformation are as discussed below. Legal issues The first legal issue concerning the adoption of the electronic health records is that most of the legal systems around the world rely much of the precedent cases to form future decisions. However, the new technologies give little guidance concerning the transition from pen and paper to EMR (Lachmann, 2012). Currently, we have renewed pressure to develop both local and national health information records. This implies that physicians will have more access to the patients’ private information. However, no precedents of any statute that give the guideline on which physicians or clinicians are responsible for reviewing the electronic data (Mcgowan, 2012) Therefore, the chances of exposure of patients’ medical information are very high because every health provider can access to this information quickly. Secondly, EMR adoption has increased the clinicians’ legal responsibility and even accountability. There are complex computer based auditing processes as compared to paper-based record keeping. The dilemma is that most of the clinicians do not have this computer-based auditing knowledge (Lachmann, 2012). When this task of reviewing the records using complex verification procedures are left to the discretion of every health provider, there would be high risk that patients’ private information would be tempered with, and accessed by wrong people (Mcgowan, 2012). Therefore, the issue is whether to choose specific health providers to be handling this electronic information so that when anything bad happens, these persons are held legally responsible. Another legal issue arising from the electronic medical record is related to the literature. The advent of EMR as mentioned earlier has introduced new liabilities (Mcgowan, 2012) Most of these electronic records include documentation templates that need to be approved by the authorities of various departments. The problem comes when some such documents are signed electronically approving a particular action. These electronic written documents can be copy pasted and may include irrelevant information or leak confidential information to wrong individuals (Pritts, 2008). On other account, these documents created using templates, copy paste allowing the physicians or clinicians to type in short sentences might create issues that may force the insurance firms not to extend their services to the patients (Mcgowan, 2012). In simple terms, the handlers can easily manipulate these electronic documents and cause inconveniences. This may give birth to court battles. The fourth legal issue is that the law does not stipulate what liabilities the health providers who manage EMR face when they do not respect to the clinical decision support (CDS) instructions. This is important particularly applicable to those clinicians who handle overwhelming numbers of CDS alerts (Lachmann, 2012).Therefore, such clinicians may not be cautious because there are no consequences set for them when they do not adhere to the CDS standards. This increases the chances for the consumers’ information mismanagement and may lead to leakage. Finally, we have the issue of usability, quality and the reliability of the modern EMR. Most of the electronic health records tend to put restrictions on the ability of the health providers to report EMR related problems (Sao, Gupta, & Gantz, 2013). For improving the success in using these EMR, the health providers should be given the freedom of report safety issues with less fear. Therefore, these caregivers may have valuable information that could improve the services but they shelf this information for fear of the consequences set by legal restrictions. Ethical issues The first ethical issue rose concerning the adoption; and use of the electronic health records is that portability, and accessibility of the data is being compromised with. The question surrounds the ownership of this EMR (Lachmann, 2012). Some of the enlightened patients are much concerned with the increased risk of the unauthorized disclosure of protected health information. Reports reveal that several electronic health records vendors such as GE and Cerner have been seen selling copies of their patient databases to various organizations (Pritts, 2008). In reaction to this, some of the patients’ privacy advocacy groups are proposing that the right of “opt-out” which demands that individuals’ medical information should not be stored in this protected health information (Grady, 2014). This proposal may cause another moral and financial issue. Electronic based medical information also tends to raise complex issues pertaining appropriateness of the modern methods of handling the breaches. Audit logs are the evidence that is used to justify an individuals’ unauthorized access to the EMR (Sao, Gupta, & Gantz, 2013). Some problems arise when, for example, an officer on duty is too busy and forget to log out in the systems and other people use this chance to access and mishandle the electronic information without his consent (Lachmann, 2012).There are no recourse laid that are appropriate in finding the truth on what happened. Another ethical issue arises in a case where EHR and the HIE need to be integrated to come up with an uniform health care delivery service. The question out of this is who will be responsible overseeing data aggregation, validation, verification and even data analysis (Grady, 2014). Who will have an access to the data? When any of the stakeholders is chosen to carry out these functions then the privacy right against accessing individuals’ information would be violated. The final moral dilemma emerges where the clinicians have voluminous files to be maintained confidential. The clinicians are required to maintain the rights of the adolescents in light of the parents’ access to their data (Lachmann, 2012). However, parents also have the right to access the medical information concerning the children. In most cases, adolescents do not want their medical information be revealed to their parents. This is because it can easily interrupt the treatment to certain sensitive condition which adolescence does not want their parents to know (Pritts, 2008). Thus, health providers find themselves in a moral dilemma whether to reveal to the parents of the youth their medical records or maintain confidentiality. Safeguards actions Some of the healthcare institutions are trying to keep safe the individual information secure by using three modes. The first one is physical protection mode; this includes devices isolation where the information systems is isolated from the other devices and kept in a secluded place so that other people (Harvey et al. 2011) cannot access it. Physical safeguards also allow only authorized individuals to access the systems. Another physical protection is maintaining data backup and making copies. This would assist when the systems collapses, the information would be retrieved from the backup devices (Harvey et al. 2011). Proper device disposal is also a physical way of safeguarding personal information in healthcare sector. On the hand, administrative safeguards include procedures that should be adhered to when documenting patients’ documents. People who are responsible in carrying out documentation should follow certain procedures to ensure safety of the patient’s information (Grady, 2014). Maintaining an audit trail is another way of ensuring information security. It involves enforcing policies for storage and retention of the electronic information and even back of the entire system (Harvey et al. 2011). Sanctions and disciplinary actions are also an administrative way of maintaining the security; this is enforcing to those individuals who violate the rules laid. The technical safeguard includes using the secure transmission modes to transmit information. The important data should not be sent through unsecure modes because other individuals who may access it and misuse it (Sao, Gupta, & Gantz, 2013). Virtual private networks, or secure sockets layer and encryption techniques are some other examples of technical safeguards that are supposed to be employed by health institutions for the safety of the healthcare consumers’ information (Rotenberg, & Jacob, 2013). All these three means of safeguarding of the personal health information should be used simultaneously to ensure that there is high security to this information. Conclusion Information safety practice has existed for a long time; the practice is evolving with time. The advent of new technologies created a challenge to this sector because, by the use of technologies, individuals were able to access other peoples’ private information. This raised concerns among the healthcare consumers and other stakeholders who wanted the assurance of safety of their information from other people. Information privacy in recent years has become a subject of research and discussion. Many scholars have conducted studies to find better ways on how to handle the issue of privacy and confidentiality of the consumers’ information without violating their privacy rights. However, as more and more technologies are included in the healthcare systems, more ethical and legal issues arise leading to dilemmas. European and the US have at least tried to put in place some mechanisms that can help reduce this practice. However, other nations still have no sound structures to address this problem. The best way to counter this social problem is to employ modern hi-tech to help in keeping and maintaining health records. Keeping electronic records is believed to be more secure than using paper records. In the future, more and more security measures would be innovated because of continued the advancement in technology. References Agris, J. (2014). Extending the Minimum Necessary Standard to Uses and Disclosures for Treatment. Journal of Law, Medicine & Ethics, 42(2), 263-267. Appari, A. &Johnson, M. (2008). Information security and privacy in Healthcare: Current State of Research. Retrieved from http://www.ists.dartmouth.edu/library/416.pdf Butler, B., & Murphy, J. (2014). The Impact of Policies Promoting Health Information Technology On Health Care Delivery In Jails And Local Communities. Health Affairs, 33(3), 487-492. Fleurence, R. L., Beal, A. C., Sheridan, S. E., Johnson, L. B., & Selby, J. V. (2014). Patient- Powered Research Networks Aim To Improve Patient Care And Health Research. Health Affairs, 33(7), 1212-1219. Grady, J. (2014). Tele-health: A Case Study in Disruptive Innovation. American Journal of Nursing, 114(4), 38-47. Goldstein, M. M. (2014). Health Information Privacy and Health. American Journal of Public Health, 104(5),803-809. Harvey et al. (2011). Privacy, confidentiality and information sharing- Consumers, Carers and Clinicians. Retrieved from http://www.nmhccf.org.au/documents/NMHCCF%20P&C%20ps%20&%20ip.pdf Health Care Technology Today. (2013). PT in Motion, 5(11), 24-28. Howarth, F. (2010). Security challenges in the US health sector. Retrieved from http://www.mcafee.com/us/resources/white-papers/wp-bloor-healthcare-security.pdf Hughes, K. (2012). A Behavioral Understanding of Privacy and its Implications for Privacy Law. Modern Law Review, 75(5), 806-836. Kuang-Ming, K., Chen-Chung, M., & Alexander, J. W. (2014). How do patients respond to the violation of their information privacy? Health Information Management Journal, 23(2), pp23-33. Lachman, V. (2012). Ethics, law and policy. Ethical challenges in the era of health care reform. 21(4). Retrieved from http://www.nursingworld.org/MainMenuCategories/EthicsStandards/Resources/Ethical- Challenges-in-the-Era-of-Health-Care-Reform.pdf Laurie, G. (2014)Conceptual, Professional & Legal Implications. Journal of Law, Medicine & Ethics, 42(1), 53-63. Lin, Y., Watson, R., & Tsai, Y. (2013). Dignity in care in the clinical setting. A narrative review. Nursing Ethics. 20(2), 168-177. Li, T., & Slee, T. (2014). The effects of information privacy concerns on digitizing personal health records. Journal of The Association For Information Science & Technology. 65(8). pp 1541-1554. Lowth, M. (2013). Treating teenagers. Practice Nurse, 43(12).35-39 McCullough, J., & Schell-Chaple, H. (2013). Maintaining Patients' Privacy and confidentiality with family communications in the Intensive Care Unit. Critical Care Nurse. 33(5), 77- 79. McFarland, M. (2012). Information privacy. Amazon Publishers. New York City. Mcgowan, C. (2012). Patients' Confidentiality. Critical Care Nurse, 32(5), 61-65. Pritts, J. (2008). The importance and value of protecting the privacy of health information: HIPAAandResearch/Pritts Privacy Final Draftweb. ashx. Rotenberg, m., & Jacob, d. (2013). Updating the law of information privacy: Harvard Journal of Law & Public Policy, 36(2), 605-652. Sao, D., Gupta, A., & Gantz, D. A. (2013). Interoperable Electronic Health Care Record: Journal Of Legal Medicine, 34(1), 55-90. Solove, D. J., & Hartzog, W. (2014). The FTC and the new common law of privacy. Columbia Law Review, 114(3), 583-676. Quigley, L., Lacombe-Duncan, A., Adams, S., Hepburn, C., & Cohen, E. (2014). A qualitative analysis of information sharing for children with medical complexity within and across health care organizations., 14(1), 778-798. Read More