Electronic
health records are increasingly scrutinized because of the content of sensitive
information such as security, confidentiality and privacy concerns with the
emergence of electronic health records systems.
As health care changes new laws are becoming prevalent with regards to
the ethical and legal rights of employees, patient’s, and facilities abilities
to handle this information appropriately.
The
Health Insurance Portability and Accountability Act (HIPAA) established on
August 21, 1996 provided guidelines how private health information should be
protected in paper and electronic format.
Although HIPAA was originally intended for paper records it has adopted
the Privacy and Security rules to deal with the protection of electronic records. The Privacy Rules regulates private health
information (PHI) in oral, written, or electronic format for the purpose of “[meeting]
the pressing need for national standards to control the flow of sensitive
health information and to establish real penalties for the misuse or improper disclosure
of this information” (Choi, 2006, Sec. Privacy Rule, para. 1). The Security Rule however regulates only the protection
of the electronic format. The Security
Rule addresses “PHI electronically stored or transmitted, must be kept
confidential and protected against unauthorized users and threats to its
security or integrity” (Choi, 2006, Sec. Security Rule, para. 1). This establishes a minimum requirement of
security that entities must meet.
The
development of HIPAA was not just for patient protection but also involved the
billing and administrative procedures. HIPAA
was approved by congress in part to battle fraud and abuse; because of this
approval it strengthened programs to fight the fraud and abuse in aggresive billing practices (McWay, 2010).
Ethical issues related to health information arise from the pressures of releasing information, accidental system and employee HIPAA violations, and reimbursement issues. It is the health information manager’s responsibility to understand and implement the appropriate security measures. Federal and state laws determine the rules for the security and policy protocols but health information managers are bound by the American Health Information Management Association (AHIMA) code of ethics concerning electronic health records. According to AHIMA health information managers are to advocate and uphold patients’ rights to privacy, uphold the security of the contents and information taking into account the applicable statutes and regulations, and most importantly ‘not to participate in or conceal unethical practices or procedures’. (McWay, 2010). A popular trend today is risk management to assess the vulnerability of the organization.
Risk
management trends are using information from databases to ‘predict’ and ‘avoid’
unforeseen circumstances; however today’s risk management includes not only
direct patient care and safety but also reporting trends, database storage, and
daily operations of facilities to ensure proper safety and guidance of
associated risks while decreasing loss and liability (McWay, 2010).
Improving patient care is one of the
main focuses of confidentiality, privacy, security, and informed consent
measures. Federal, and state regulations
as well as statutes guide the practice of these measures use in
facilities. The need for laws regarding
their use has become a priority because of the increased use of electronic
health records. Confidentiality policies
and improved security measures will provide patients the necessary information
to access private care and treatment.
Thanks Chelley
References
Choi, Y. B., Capitan, K. E., Krause, J. S., &
Streeper, M. M. (2006). Challenges associated with privacy in health care
industry: Implementation of HIPAA and the security rules. Journal of Medical
Systems, 30(1), 57-64. doi:http://dx.doi.org/10.1007/s10916-006-7405-0
U.S. Department of Health and Human Services (n.d.). HIPAA privacy rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.htm
U.S. Department of Health and Human Services (n.d.). HIPAA security rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
No comments:
Post a Comment