SlideShare ist ein Scribd-Unternehmen logo

Patient Privacy Protections

K
kwittman
1 von 3
Katie Wittman<br />7/19/2010<br />Patient Privacy Risks Related to EHR and HIE Security<br />With the plethora of legislation being passed to reform the health care industry, electronic health records are slowly increasing in prevalence in medical practices across the United States. EHRs, as well as the networking of individual record systems into health information exchanges or HIEs, have been highly touted for their potential to save money, lives, and time; however, critics fear that the rush to make health information accessible anywhere in the country has caused legislators and industry professionals to overlook a Constitutionally protected freedom. The right to privacy implicit in the Bill of Rights and subsequent Constitutional Amendments was upheld by the Supreme Court as early as the 1920s. With the advent of the Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, the U.S. government began to address the right to privacy and confidentiality specifically in the health care industry. The privacy protections for health information set forth by HIPAA, while necessary and proper, were created in a predominantly non-EHR world and do little more than provide a framework for those patients victimized by violations to take legal action. The heart of the problem lies in the relatively weak “security” measures directed at covered entities outlined in the legislation which include limiting physical access to facilities and a vague requirement for organizational policies regarding the use of workstations. Requiring a lock on the door to a chart storage room might be moderately effective in deterring information theft in an office using paper records but does nothing to protect electronically stored data. Further adding to these concerns, the HIPAA “Privacy Rule” was amended in 2002 removing a mandate for health care providers to obtain consent from the patient before using or disclosing protected health information for treatment, payment, or operations purposes. A provider has the option to offer consent procedures to patients before services are rendered and billed, but are no longer legally required to do so. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 attempted to elevate the protection of electronic health information by requiring such things as data encryption, security breach notifications, and audits listing all users accessing a medical record. HITECH also addressed the issue of health care business associates and secondary use of information by making anyone who receives protected health information, including billing service providers and law firms, a HIPAA-covered entity. They are therefore subject to the same HIPAA regulations and penalties as health care providers, insurers, and clearinghouses. These additions have furthered legal privacy protections at an institutional level.<br />One significant stakeholder is conspicuously disenfranchised in all of this legislation: the patient. The very entity policy makers are tasked to protect has virtually no control over what can or cannot be done with his protected information. Tyranny of the majority, a hallmark problem in representative democracies, appears to be rearing its head again – this time in health care delivery. It is clear that rigorous security guidelines and privacy protections should be available to shield patients from potential negative outcomes such as discriminatory practices and stigmatization, but the patient himself ought to have some control over the use and disclosure of his personal information. Under the current amended version of HIPAA, it is the provider, not the patient, who makes decisions regarding consent. HITECH has addressed the need for electronic patient consent technologies, which would allow individuals to set their own defaults for use and disclosure of protected health information to various parties or for different purposes, but delayed the development of such tools for several years. This restraining of the patient’s right to choose is one of the risks of intricate universal privacy and security regulations.<br />At a higher level, supporters of health information exchanges and other advancements fear that implementing meticulous privacy policies will defeat the purpose of the technologies. Some argue that a trade-off must occur – reducing security requirements to increase usability and therefore reap all potential benefits. One of the goals of HIEs is to improve population health through the compilation and use of information related to the prevalence of diseases, effectiveness of treatments, and other documented medical data. The exchange would act as a census of sorts for health care statistics. If a patient has the ability to “opt-out” of having his de-identified medical information included in such a compilation by refusing consent, the data set becomes skewed. As is the case in any sort of research, distorted information makes the accuracy of the data questionable and any conclusions drawn from it difficult to generalize to a larger population. <br />Another problem associated with increasingly thorough privacy and security policies involves liability. If a patient is able to select which parts of his medical record are disclosed to a provider, many harmful situations might arise including misdiagnosis or contraindicated prescribing. This problem currently exists if a patient omits information in a medical history or examination, but it is amplified when health care providers begin relying on electronically acquired histories in emergency situations. At the present time, there is no legal protection for providers who make medical decisions based on patient information obtained in this manner. While legal precedents exist in some states for accessing information in so-called “break-the-glass” emergency situations, liability and privacy torts have not been explicitly addressed in relation to electronic health records and health information exchanges. <br />The benefits of patient-centered privacy and security regulations are self-evident, and allowing the individual patient the freedom to control his own protected health information is a policy consistent with fundamental principles of the United States as communicated in the Constitution. Promoting the health and welfare of the country’s population is also aligned with the nation’s core philosophies. The dilemma emerging as technology evolves between population- and individual-focused medical efforts follows a template already created by previous entries in the chapters on democracy in history books. Attempting to balance personal liberties with the “greater good” is a divisive act often left to Supreme Court rulings and revisited multiple times thereafter. The factious and immortal nature of such conflicts creates a grim forecast for finding an equitable resolution. In the case of patient privacy as it relates to health information technology, further compromising efforts are needed from both sides. The key to such a compromise lies in defining what information is vital for improving population health and determining how that information can be shared and accessed in a way that maintains individual anonymity.<br />Materials Referenced:<br />Laura Dunlop, Electronic Health Records: Interoperability Challenges Patients’ Right to Privacy , 3 Shidler J. L. Com. & Tech. 16 (Apr. 6, 2007), <http://www.lctjournal.washington.edu/Vol3/a016Dunlop.html><br />quot; Health Information Privacyquot; . U.S. Department of Health and Human Services. 7/15/2010 <http://www.hhs.gov/ocr/privacy/>.<br />Bentley, Lora. quot; HITECH Act Ramps up HIPAA Compliance Requirementsquot; . IT Business Edge. 7/15/2010 <http://www.itbusinessedge.com/cm/community/features/articles/blog/hitech-act-ramps-up-hipaa-compliance-requirements/?cs=31575>.<br />
Patient Privacy Protections
Patient Privacy Protections

Empfohlen

Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacykendale
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
HITECH Act
HITECH ActHITECH Act
HITECH Actmeditrack
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Patton Boggs LLP
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 

Empfohlen

Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacykendale
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
HITECH Act
HITECH ActHITECH Act
HITECH Actmeditrack
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Patton Boggs LLP
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
Patients Rights and Regulations
Patients Rights and RegulationsPatients Rights and Regulations
Patients Rights and RegulationsMayra Lariosbriones
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Hitech Act
Hitech ActHitech Act
Hitech ActISACA New England
 
Ethics confidentiality-technology
Ethics confidentiality-technologyEthics confidentiality-technology
Ethics confidentiality-technologydelaneyl6238
 
Louise bailey ppt
Louise bailey pptLouise bailey ppt
Louise bailey pptLouise Bailey
 
Legal Aspects in Health Informatics
Legal Aspects in Health InformaticsLegal Aspects in Health Informatics
Legal Aspects in Health InformaticsNawanan Theera-Ampornpunt
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Confidentiality power point
Confidentiality power pointConfidentiality power point
Confidentiality power pointDoug Miller
 
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...Quinnipiac University
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Polsinelli PC
 
The challenges to clinical system adoption
The challenges to clinical system adoptionThe challenges to clinical system adoption
The challenges to clinical system adoptionrain2bow
 
Hitech for HIPAA
Hitech for HIPAAHitech for HIPAA
Hitech for HIPAAdkarpinsky
 
HIPAA TITLE II (2)
HIPAA TITLE II (2)HIPAA TITLE II (2)
HIPAA TITLE II (2)Quinnipiac University
 
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...Ted Myerson
 
THCS Workforce HIPAA Training
THCS Workforce HIPAA TrainingTHCS Workforce HIPAA Training
THCS Workforce HIPAA Trainingkerbertx
 
Kia healthsecurity
Kia healthsecurityKia healthsecurity
Kia healthsecurityKiaBro
 
How Do You Grow Leaders?
How Do You Grow Leaders?How Do You Grow Leaders?
How Do You Grow Leaders?Geoff Hardy
 
Fracking - AWMA Presentation
Fracking - AWMA PresentationFracking - AWMA Presentation
Fracking - AWMA Presentationkwtght
 
寻仙PK赛 LOG
寻仙PK赛 LOG寻仙PK赛 LOG
寻仙PK赛 LOGzhysun
 
Environmental Issues In The Foreclosure Process
Environmental Issues In The Foreclosure ProcessEnvironmental Issues In The Foreclosure Process
Environmental Issues In The Foreclosure Processkwtght
 

Weitere ähnliche Inhalte

Was ist angesagt?

HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Ethics confidentiality-technology
Ethics confidentiality-technologyEthics confidentiality-technology
Ethics confidentiality-technologydelaneyl6238
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Confidentiality power point
Confidentiality power pointConfidentiality power point
Confidentiality power pointDoug Miller
 
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...Quinnipiac University
 
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Polsinelli PC
 
The challenges to clinical system adoption
The challenges to clinical system adoptionThe challenges to clinical system adoption
The challenges to clinical system adoptionrain2bow
 
Hitech for HIPAA
Hitech for HIPAAHitech for HIPAA
Hitech for HIPAAdkarpinsky
 
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...Ted Myerson
 
THCS Workforce HIPAA Training
THCS Workforce HIPAA TrainingTHCS Workforce HIPAA Training
THCS Workforce HIPAA Trainingkerbertx
 
Kia healthsecurity
Kia healthsecurityKia healthsecurity
Kia healthsecurityKiaBro
 

Was ist angesagt? (18)

Patients Rights and Regulations
Patients Rights and RegulationsPatients Rights and Regulations
Patients Rights and Regulations
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Ethics confidentiality-technology
Ethics confidentiality-technologyEthics confidentiality-technology
Ethics confidentiality-technology
 
Louise bailey ppt
Louise bailey pptLouise bailey ppt
Louise bailey ppt
 
Legal Aspects in Health Informatics
Legal Aspects in Health InformaticsLegal Aspects in Health Informatics
Legal Aspects in Health Informatics
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Confidentiality power point
Confidentiality power pointConfidentiality power point
Confidentiality power point
 
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
 
The challenges to clinical system adoption
The challenges to clinical system adoptionThe challenges to clinical system adoption
The challenges to clinical system adoption
 
Hitech for HIPAA
Hitech for HIPAAHitech for HIPAA
Hitech for HIPAA
 
HIPAA TITLE II (2)
HIPAA TITLE II (2)HIPAA TITLE II (2)
HIPAA TITLE II (2)
 
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
 
THCS Workforce HIPAA Training
THCS Workforce HIPAA TrainingTHCS Workforce HIPAA Training
THCS Workforce HIPAA Training
 
Kia healthsecurity
Kia healthsecurityKia healthsecurity
Kia healthsecurity
 

Andere mochten auch

How Do You Grow Leaders?
How Do You Grow Leaders?How Do You Grow Leaders?
How Do You Grow Leaders?Geoff Hardy
 
Fracking - AWMA Presentation
Fracking - AWMA PresentationFracking - AWMA Presentation
Fracking - AWMA Presentationkwtght
 
寻仙PK赛 LOG
寻仙PK赛 LOG寻仙PK赛 LOG
寻仙PK赛 LOGzhysun
 
Environmental Issues In The Foreclosure Process
Environmental Issues In The Foreclosure ProcessEnvironmental Issues In The Foreclosure Process
Environmental Issues In The Foreclosure Processkwtght
 
Dematic Parts Repair
Dematic Parts RepairDematic Parts Repair
Dematic Parts Repairfletchmk
 
How do you grow leaders?
How do you grow leaders?How do you grow leaders?
How do you grow leaders?Geoff Hardy
 

Andere mochten auch (14)

How Do You Grow Leaders?
How Do You Grow Leaders?How Do You Grow Leaders?
How Do You Grow Leaders?
 
Fracking - AWMA Presentation
Fracking - AWMA PresentationFracking - AWMA Presentation
Fracking - AWMA Presentation
 
寻仙PK赛 LOG
寻仙PK赛 LOG寻仙PK赛 LOG
寻仙PK赛 LOG
 
Environmental Issues In The Foreclosure Process
Environmental Issues In The Foreclosure ProcessEnvironmental Issues In The Foreclosure Process
Environmental Issues In The Foreclosure Process
 
Dematic Parts Repair
Dematic Parts RepairDematic Parts Repair
Dematic Parts Repair
 
Intelligent Line Monitoring System
Intelligent Line Monitoring SystemIntelligent Line Monitoring System
Intelligent Line Monitoring System
 
Future Inspection of Overhead Transmission Lines
Future Inspection of Overhead Transmission Lines Future Inspection of Overhead Transmission Lines
Future Inspection of Overhead Transmission Lines
 
3D Smith Chart
3D Smith Chart3D Smith Chart
3D Smith Chart
 
Multilin™ Intelligent Line Monitoring System
Multilin™ Intelligent Line Monitoring SystemMultilin™ Intelligent Line Monitoring System
Multilin™ Intelligent Line Monitoring System
 
Incidencia Oblícua de una
Incidencia Oblícua de una Incidencia Oblícua de una
Incidencia Oblícua de una
 
Future Inspection of Underground Transmission Lines
Future Inspection of Underground Transmission LinesFuture Inspection of Underground Transmission Lines
Future Inspection of Underground Transmission Lines
 
Sensors & Robots Projects
Sensors & Robots ProjectsSensors & Robots Projects
Sensors & Robots Projects
 
ELEVATION GRADE
ELEVATION GRADEELEVATION GRADE
ELEVATION GRADE
 
How do you grow leaders?
How do you grow leaders?How do you grow leaders?
How do you grow leaders?
 

Ähnlich wie Patient Privacy Protections

Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacykendale
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docxteresehearn
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoaman341480
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
 
What is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdfWhat is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdfarchigallery1298
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
 
Course Point account for the nursing.pdf
Course Point account for the nursing.pdfCourse Point account for the nursing.pdf
Course Point account for the nursing.pdfsdfghj21
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitypraisehim1
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitypraisehim1
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitypraisehim1
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitypraisehim1
 
What explains why certain services were covered and others were not .docx
What explains why certain services were covered and others were not .docx What explains why certain services were covered and others were not .docx
What explains why certain services were covered and others were not .docxajoy21
 
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docxONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docxmccormicknadine86
 
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docxONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docxvannagoforth
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 

Ähnlich wie Patient Privacy Protections (20)

Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacy
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH Era
 
1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes ago
 
Electronic Health Record Essay
Electronic Health Record EssayElectronic Health Record Essay
Electronic Health Record Essay
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...
 
What is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdfWhat is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdf
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
 
HIPAA regulations
HIPAA regulationsHIPAA regulations
HIPAA regulations
 
Course Point account for the nursing.pdf
Course Point account for the nursing.pdfCourse Point account for the nursing.pdf
Course Point account for the nursing.pdf
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
What explains why certain services were covered and others were not .docx
What explains why certain services were covered and others were not .docx What explains why certain services were covered and others were not .docx
What explains why certain services were covered and others were not .docx
 
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docxONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
 
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docxONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
ONE Featherfall Medical CenterThe 1920s Featherwall Consulting.docx
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 

Patient Privacy Protections

  • 1. Katie Wittman<br />7/19/2010<br />Patient Privacy Risks Related to EHR and HIE Security<br />With the plethora of legislation being passed to reform the health care industry, electronic health records are slowly increasing in prevalence in medical practices across the United States. EHRs, as well as the networking of individual record systems into health information exchanges or HIEs, have been highly touted for their potential to save money, lives, and time; however, critics fear that the rush to make health information accessible anywhere in the country has caused legislators and industry professionals to overlook a Constitutionally protected freedom. The right to privacy implicit in the Bill of Rights and subsequent Constitutional Amendments was upheld by the Supreme Court as early as the 1920s. With the advent of the Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, the U.S. government began to address the right to privacy and confidentiality specifically in the health care industry. The privacy protections for health information set forth by HIPAA, while necessary and proper, were created in a predominantly non-EHR world and do little more than provide a framework for those patients victimized by violations to take legal action. The heart of the problem lies in the relatively weak “security” measures directed at covered entities outlined in the legislation which include limiting physical access to facilities and a vague requirement for organizational policies regarding the use of workstations. Requiring a lock on the door to a chart storage room might be moderately effective in deterring information theft in an office using paper records but does nothing to protect electronically stored data. Further adding to these concerns, the HIPAA “Privacy Rule” was amended in 2002 removing a mandate for health care providers to obtain consent from the patient before using or disclosing protected health information for treatment, payment, or operations purposes. A provider has the option to offer consent procedures to patients before services are rendered and billed, but are no longer legally required to do so. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 attempted to elevate the protection of electronic health information by requiring such things as data encryption, security breach notifications, and audits listing all users accessing a medical record. HITECH also addressed the issue of health care business associates and secondary use of information by making anyone who receives protected health information, including billing service providers and law firms, a HIPAA-covered entity. They are therefore subject to the same HIPAA regulations and penalties as health care providers, insurers, and clearinghouses. These additions have furthered legal privacy protections at an institutional level.<br />One significant stakeholder is conspicuously disenfranchised in all of this legislation: the patient. The very entity policy makers are tasked to protect has virtually no control over what can or cannot be done with his protected information. Tyranny of the majority, a hallmark problem in representative democracies, appears to be rearing its head again – this time in health care delivery. It is clear that rigorous security guidelines and privacy protections should be available to shield patients from potential negative outcomes such as discriminatory practices and stigmatization, but the patient himself ought to have some control over the use and disclosure of his personal information. Under the current amended version of HIPAA, it is the provider, not the patient, who makes decisions regarding consent. HITECH has addressed the need for electronic patient consent technologies, which would allow individuals to set their own defaults for use and disclosure of protected health information to various parties or for different purposes, but delayed the development of such tools for several years. This restraining of the patient’s right to choose is one of the risks of intricate universal privacy and security regulations.<br />At a higher level, supporters of health information exchanges and other advancements fear that implementing meticulous privacy policies will defeat the purpose of the technologies. Some argue that a trade-off must occur – reducing security requirements to increase usability and therefore reap all potential benefits. One of the goals of HIEs is to improve population health through the compilation and use of information related to the prevalence of diseases, effectiveness of treatments, and other documented medical data. The exchange would act as a census of sorts for health care statistics. If a patient has the ability to “opt-out” of having his de-identified medical information included in such a compilation by refusing consent, the data set becomes skewed. As is the case in any sort of research, distorted information makes the accuracy of the data questionable and any conclusions drawn from it difficult to generalize to a larger population. <br />Another problem associated with increasingly thorough privacy and security policies involves liability. If a patient is able to select which parts of his medical record are disclosed to a provider, many harmful situations might arise including misdiagnosis or contraindicated prescribing. This problem currently exists if a patient omits information in a medical history or examination, but it is amplified when health care providers begin relying on electronically acquired histories in emergency situations. At the present time, there is no legal protection for providers who make medical decisions based on patient information obtained in this manner. While legal precedents exist in some states for accessing information in so-called “break-the-glass” emergency situations, liability and privacy torts have not been explicitly addressed in relation to electronic health records and health information exchanges. <br />The benefits of patient-centered privacy and security regulations are self-evident, and allowing the individual patient the freedom to control his own protected health information is a policy consistent with fundamental principles of the United States as communicated in the Constitution. Promoting the health and welfare of the country’s population is also aligned with the nation’s core philosophies. The dilemma emerging as technology evolves between population- and individual-focused medical efforts follows a template already created by previous entries in the chapters on democracy in history books. Attempting to balance personal liberties with the “greater good” is a divisive act often left to Supreme Court rulings and revisited multiple times thereafter. The factious and immortal nature of such conflicts creates a grim forecast for finding an equitable resolution. In the case of patient privacy as it relates to health information technology, further compromising efforts are needed from both sides. The key to such a compromise lies in defining what information is vital for improving population health and determining how that information can be shared and accessed in a way that maintains individual anonymity.<br />Materials Referenced:<br />Laura Dunlop, Electronic Health Records: Interoperability Challenges Patients’ Right to Privacy , 3 Shidler J. L. Com. & Tech. 16 (Apr. 6, 2007), <http://www.lctjournal.washington.edu/Vol3/a016Dunlop.html><br />quot; Health Information Privacyquot; . U.S. Department of Health and Human Services. 7/15/2010 <http://www.hhs.gov/ocr/privacy/>.<br />Bentley, Lora. quot; HITECH Act Ramps up HIPAA Compliance Requirementsquot; . IT Business Edge. 7/15/2010 <http://www.itbusinessedge.com/cm/community/features/articles/blog/hitech-act-ramps-up-hipaa-compliance-requirements/?cs=31575>.<br />