Privacy and Confidentiality of Information in the Electronic Medical Record Era - Essay Example

Ethical implications on privacy and confidentiality of information in the electronic medical record era Institution Name Introduction While many health care institutions that transition to electronic record storage may incur costs at the beginning, the transformation eventually increases data access and reliability, as well as reduces cost of data storage and occurrence of errors (Myers et al., 2008). At the same time, electronic data may potentially allow for real-time public health surveillance, as well as promote speedier emergency response. Consequently, improved availability of health information through the electronic format has improved healthcare delivery and reduced its costs. Still, it has concomitant implications because of the greater potential for loss of confidentiality and privacy of patient information (Dolan & Barrister, 2004). Hence, while the electronic medical records (EMRs) promote innovations that have the potential to reform the healthcare, there are concerns about the ethical and legal implications threatening their widespread acceptance. Some of the key legal implications that have to be reviewed in the near-term are those concerning the level of medical practitioner’s responsibilities in protecting the privacy and confidentiality of patient records (Wang et al., 2012). The ethical implication that require discussion are associated with opt-out provisions that leave out patients from storage of electronic records, using electronic data repository, and selling of de-identified patient data (Lewis et al., 2012). The concerns on confidentiality and privacy of medical records have encouraged debates on the proper balance of the societal and individual significance (Barrows & Clayton, 1996). Ultimately, confidentiality concerns are even more susceptible to security threats in the digital age. High-profile contraventions of the public health information have increased anxieties on the privacy (McGowan, 2012). This essay argues that medical ethics and laws have advanced in response to the abuses to medical practices, leading to greater ethical and legal implications on privacy and confidentiality of information in the electronic medical record era, since the emergence of digitalised records that allow for large-scale data-mining blurs the difference between routine and casual clinical care operations. Accordingly, this paper explores the ethical implications on privacy and confidentiality of information in the electronic medical record era. Background: Definitions and theoretical perspectives A clear purpose of EMR is to improve accessibility of health records. Information privacy and confidentiality is crucial since significant financial, emotional and social harm may result to a patient once the private health information is disclosed. In order to better understand the intricate nature of privacy, it is critical to understand the differences and the similarities between confidentiality and privacy (Avasthu et al., 2013). The same applies in the case of ethical and legal principles in the era of EMR. Confidentiality: The relationship between the patient and the healthcare providers is signified by confidentiality and trust, which is embedded in all stages of their interaction. The concept of confidentiality refers to the state of secrecy or discretion in protecting information (Mehnke, 2009). Therefore, it could be argued that confidentiality is a key tenet in promoting information security. This perspective is promoted by Barrows et al. (1996), who proposed that the goals of information security in healthcare include ensuring the privacy of patients and the confidentiality of their information by preventing authorised information disclosure. In Allen’s (2008) view, however, information security ensures the integrity of healthcare information by preventing authorised alteration of information and lastly, ensuring the accessibility of information to authorised parties by preventing undesirable withholding of healthcare information. Both conceptions, however, underscore the significance of confidentiality. Privacy: In a study to explore the potential to protect medical privacy in the age of genetic information, Alpert (2003) contended that privacy refers to something that is different, almost to everyone. In his view, the definition of information privacy is based on how much personal information is accessible from the sources rather than the person who have authorised access to the information. He argued that the less opportunity people have to restrict access to information by others, or restrict the amount of personal information they have to allow others to access, and the less informational privacy they have. Consequently, like privacy, Confidentiality is a clear ethical obligation of the healthcare practitioners. Pritts (2008) suggests that as a rule, physicians need to respect the rights of patients as well as protect patient privacy and confidence. The two refer to the restrictive access to the patient’s documents, feelings, thoughts and living spaces. Additionally, they refer to information already out in the public domain. Ethical and legal principles: Failure to respect the privacy and confidentiality may lead to ethical and legal liability. Dyer (2001) views ethics as a precondition for the success of medical practices to ensure trusts in services and the service provider. According to Rich and Butts (2010), ethics refers to the discipline that contends with what is good or bad, as well as individual’s moral obligation or duty. On the other hand, law refers to the binding practice or custom of a community of people. It also refers to a rule of action or conduct officially recognised that is set down by a controlling authority (Dyer, 2001). Therefore, when ethics is compared to law, it is perceivable that latter directs people overtly on how they should behave under particular circumstances. Additionally, law has set out punishments and remedies for those who fail to comply (Lachman, 2008). Further, the legal principles underscore the practical rule of morality while the ethical principles are concerned with moral decisions. Unlike ethical principles, the legal practices are also concerned with historical precedent and enforceability (Ivanović et al., 2013). Theoretical perspectives From the consequentialist justification of privacy and confidentiality, it is considered that the two have instrumental value since they seek to promote critical social goals such as the improved self-determination, individuality and the freedom to encourage intimate relationships that are free from the public (Noureddine, 2001). The justification of privacy and confidentiality has ethical implications since it addresses certain goals, including promoting healthcare provider-patient interactions and protecting the social status of the patient. From this, it could be argued that confidentiality and privacy have critical values as they promote good patient welfare and reduce harm (Blunt, 2006). These are covered in the ethical principles of beneficence (which includes promoting the medical wellbeing of the patients) and non-malfeasance (which is concerned with making sure that no harm happens to the patients). To this end, the healthcare institutions that fall short of protecting patient privacy and confidentiality contravene the fundamental principles. Ethical and Legal Implications of Confidentiality and Privacy Greater ethical liability Greater ethical liability is a major consequence of the EMRs. It is argued that medical ethics has advanced in response to the abuses to medical practices due to the uses of EMRs. Indeed, the emergence of digitalised records that allow for large-scale data-mining has continued to blur the difference between routine clinical care operations. Myers et al. (2008) reviewed published literatures on public health confidentiality risks in respect to the ethics in public health and concluded that a major implication of EMR is that safeguarding the privacy and confidentiality of patient information has today become a more intricate undertaking. Kumar et al. (2011) appeared to support the perception in his study of the staff nurses who have regarding legal and ethical responsibilities. Kumar et al. (2011) argued that fool proof solution has to be able to secure the clinical IT infrastructure and applications. Essentially, in a typical hospital setting, several practitioners such as the accountants, nurses, registrar, associates and technicians need to access the clinical applications. In order to protect the privacy of patient information, the healthcare providers have to monitor access to applications, as well as protect the information against improper data disclosure without hampering legitimate use or standing in the way of effective patient care (Husted & Husted, 2008). Greater nurse-patient alliances Increased alliances among the nurses and between nurses and patients have also increased. Rony et al (2011) conducted a study to examine the breach of confidentiality when working with adolescent patients. The researchers conducted a survey of Australian psychologists on the considerations that influence the nurses’ decisions. They established that confidentiality create effective therapeutic alliances between the nurses and the patients. They argued that this is specifically so when working with the clients who are minors. In the study, 164 psychologists in Australia were surveyed online. Rony’s et al (2011) research, however, has some underlying limitations. For instance, the results are less generalisable because of the small study sample. The study replicated an earlier study of American psychologists that was conducted by Sullivam et al. (2002), which also found that ethical considerations, such as confidentiality, promote alliances between the healthcare practitioners themselves, as well as between the health practitioners and the patients. Rony et al. (2011) strengthen this assertion. Sullivam et al. (2002) also used factor analysis rating to investigate the ethical implications of confidentiality. Knowledge of ethical and legal issues Increased knowledge of ethical and legal issues is also an underlying implication. Kumar et al. (2011) conducted a descriptive study with the goal of identifying knowledge of the nurses, regarding their ethical and legal responsibilities in the area of psychiatric nursing at psychiatry centre in Jaipur, Rajasthan in India. In their survey of 30 nurses using Structured Knowledge Questionnaire, Kumar et al. (2011) revealed that the severe ethical implications, such as inappropriate and irrational employment termination, illegal use of clients identity and loss of health insurance, promoted increased awareness of ethical and legitimate practice. At any rate, the nurses tended to have moderate level of awareness of the ethical practice. A major limitation of the study, however, is the limited sample size. However, the findings present significant implications to the nursing practice. Further, the findings show that there is a need to ensure that nurses have intensified knowledge on the legal and ethical issues, in addition to the implications of violations. Growing need to spot ethical violations There is also a growing need to identify ethical violations within health institutions. Sittig and Singh (2011) argued that despite the rise in EMR, application-layer surveillance is inadequate. The medical health providers also need to monitor the IT systems, violations of information security policies and the employee communication. A rogue hospital administrator may circumvent the application-oriented privacy monitoring solution through access to the raw patient records from the databases. Additionally, sensitive data may also be leaked through removable media, email or chat or by the printed patient records. In fact, patient privacy is a critical issue for the patients and healthcare providers. This is since the patients are likely to suffer from financial loss when their billing data, such as social security number, is leaked or stolen once the patient information is disclosed. As a consequence, healthcare providers may face heavy fines or reputational damage once their Information systems are compromised (Sittig & Singh, 2011). The privacy breaches may include record snooping, or disclosing an individual’s medical records. A notable example is when an employee at UCLA Medical Centre leaked cancer treatment records of Farah Fawcett, a celebrity, to the tabloids. Another example is financial identity theft, where a patient’s data is stolen for financial gain. A notable example is when a clerk at the Baptist Health Medical Centre in the United States stole patient information of about 1,800 patients to purchase Wal-Mart gift (HIMSS, 2012). Medical identity theft is the use of patient data to start inflated treatment claims or access free medical treatment. An example is when a front-desk clerk at medical centre in Florida downloaded records of some 1,100 Medicare patients and issued them to a cousin who made false Medicare claims to obtain $2.8 million. Cases of family members, co-workers and neighbours snooping to disclose a patient’s medical records to unauthorised persons also abound (HIMSS, 2012). Complexity in ownership of medical records Issues regarding ownership of medical records are also an ethical issue at play in the EMR era. This view is promoted by Mick and Conners (1997), in his review of the Ethical Issues of Medical Records on the Internet. The researchers established that improved accessibility of electronic medical records has raised ethical concerns on the ownership of secured health information. The responsibilities of the nurses to prevent and notify patients of the potential for privacy violations have correspondingly increased. In a later review of literature to establish the perspectives of patients on medical confidentiality, Sankar ‘s et al. (2003) findings corroborated those of Mick and Conners (1997). Increase nurse-patient trusts Badzek et al. (1998) used a qualitative case study research design to determine the conflicts between clients’ privacy and rights to know when professional standards have been violated. Badzek et al. (1998) noted that the health care providers and practitioners have the responsibility to manage and access the EMRs in a method that can be viewed to be ethically sound. Compliance with the sound principles of confidentiality, in regards to the confidential information for the patients can promote trust within the healthcare organisation. On the other hand, non-compliance is likely to result to lack of trust between the patients and the healthcare providers. Therefore, the healthcare practitioners have to demonstrate consistent ethical standards and decision-making in regards to managing the EMRs, as this can minimise the disturbances associated with the ethical issues, such as confidentiality. Badzek et al. (1998) suggests that the ethically competent staff will identify confidentiality issues once they arise and rationalise convincing reasons to ignore confidentiality. Greater risk avoidance Greater avoidance of risk is also a key implication. According to Fisher (2008), the proponents of absolute confidentiality have often underscored the clinical consequences of emphasising the conditions for protecting the confidences. However, conditional confidentiality has significant ethical implications. Much of the conditions emphasised on confidentiality encourage psychologists to avoid financial and legal risks. For instance, when a clinician obeys reporting laws, they in actual fact avoid the financial and legal risks associated with civil disobedience. However, this merely transfers the risks to the clients whose confidences have been betrayed. In a similar vein, when the clinicians divulge information against the wishes of a patient in a court case, in actual fact, what they tend to avoid are the financial penalties, job loss, contempt citation and incarceration. Instead, the patient bears the risk since his confidential information is transformed into public information. Towards this end, it could be argued that it is this potential risk to the patients that create the ethical necessity for informing the patients in advance of the likelihood of breach of their confidentiality. Put differently, when confidentiality is a condition, the patients reserve the right to become notified on the conditions before they agree to confide, despite the ethical consequences of their subsequent conversation (Lawson, 2008). Rise in negligence lawsuits From a survey of literature, it is perceivable that the rise in use of EMR corresponds with the rise in medical malpractice lawsuits due to failure to apply the EMRs appropriately (Pandit & Pandit, 2009; Perritt, 2009; Sittig & Singh (2011). Using document analysis research design to examine the financial, ethical and legal concerns in EMR adoption, Sittig and Singh (2011) observed that the legal system that depend on precedent and trails behind the adoption of new technologies, such as EMR, offer limited guidance to steer the transition from paper- to electronic-based records. This often leads to failures to apply them effectively. The perspective is shared by Perritt’s (2009) discussion on information superhighway and its legal implications. Perritt argued that the legal systems rely on precedents, which make them less likely to address longstanding issues in the healthcare organisations of missing clinical information. Perritt, however, failed to conduct follow-up studies to back up this assumption. Sittig and Singh (2011)’s survey indicated that there is no precedent or statute that addresses the degree in which nurses are responsible for reviewing missing clinical information. In their review, Sittig and Singh (2011) summated the legal implications that EMR introduces in contrast to paper-based records as illegible or incomplete information and in some instances information overload, which may lead to negligence lawsuit. Additionally, while the nurses may still not be held responsible, their employers may be under the “respondeat superior.” Newer responsibilities and accountabilities The EMRs also increase health practitioners’ legal responsibility and accountability. In a survey to examine the liabilities associated with medical malpractice in the age of EMR, Mangalmurti et al. (2010) undertook document analysis to point to the idea that computer-based auditing procedures have the capability to identify individuals who access information. This shows that an intrusion by a member of the staff is possible. Sittig and Singh (2011) share a similar perspective in their literature review. According to Sittig and Singh (2011), the fact that user log-ins indicate that certain information was accessed using a particular employee’s account creates the potential to identify whether an employee is involved in malpractices of leaking patient information. However, while EMR has opened up opportunities to detect such intrusions, it does not prove that the employee whose account accessed the records is guilty. Indeed, such assumptions have limited the scope in which such evidences can be used within the court of law (Sittig & Singh, 2011). Korin’s (2007) document analysis revealed that the liabilities that the healthcare providers get when they import clinical findings that are not within their clinical range of interest are not clear. This also means that notes written sequentially that are copied and pasted may have information that are similar, and which may, however, have been accessed without permission. Therefore, the copy and paste capability has opened up grounds for violation of confidential patient information. Sittig and Singh (2011) supported this assumption when they pointed out that the copy and paste capability of computer-based systems have raised the potential to steal patient information. Unauthorised access and stealing of confidential information however has far reaching ramifications, such as legal law-suits and dismissals. Conclusion Medical ethics and laws have advanced in response to the abuses to medical practices, leading to greater ethical and legal implications on privacy and confidentiality of information in the electronic medical record era, since the emergence of digitalised records that allow for large-scale data-mining blurs the difference between routine and casual clinical care operations. Confidentiality of patient information is a growing concern in the healthcare industry. Indeed, electronic medical records, government regulations and the growth of internet health services have created a range of security challenges. To assuage these challenges, health care providers have to protect the clinical applications, as well as the fundamental infrastructure from unauthorised access. Among the ethical implications include greater ethical liability and increased alliances between the nurses and patients. Other implications include increased knowledge of ethical and legal issues among the nurses and a growing need to identify ethical violations within health institutions also exists. Some of the legal implications may include disciplinary action by the employer against the employee who is in breach, disciplinary proceedings under the regulatory statute, a lawsuit against the individual who made the disclosure and fines in cases where there is a violation of statutory duty to privacy and confidence. Reference List Allen, A. (2008). Confidentiality: An Expectation in Health Care. Publication Penn Guide to Bioethics Springer Alpert, S. (2003). Protecting Medical Privacy: Challenges in the Age of Genetic Information. Journal of social Issues 59(2), 302-322 Avasthu, A., Ghosh, A., Sarkar, S., Grover, S. (2013). Ethics in medical research – General principles with special reference to psychiatry research. Indian J Psychiatry 55(1), 86-91 Badzek, L., Mitchell, K., Marra, S., Bower, M., (1998). Administrative Ethics and Confidentiality/Privacy Issues. Online Journal of Issues in Nursing 3(3) Barrows, R. & Clayton, P. (1996). Privacy, Confidentiality: and Electronic Medical Records. Journal of the American Medical Informatics Association 3(2), 139-147 Baur, K. (2009). Privacy and Confidentiality in the Age of E-Medicine. Journal of Health Care Law and Policy 4(1), 47-62 Blunt, D. (2006). Confidentiality, informed consent, and ethical considerations in reviewing the client’s psychotherapy records. ERIC Document Reproduction Service No. ED490794 Bowman, S. (2013). Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications. Perspect Health Inf Manag. 10(1), Dolan, B. & Barrister, P. (2004). Medical records: Disclosing confidential clinical information. Psychiatric Bulletin 28(1), 53-56 Dyer, K. (2001). Ethical Challenges of Medicine and Health on the Internet: A Review. J Med Internet Res 3(2), 23 Fisher, M. (2008). Protecting Confidentiality Rights: The Need for an Ethical Practice Model. Center for Ethical Practice 63(1), 1-13 HIMSS (2012). Security and Privacy of Electronic Medical Records. White Paper. Retrieved: Husted, J. & Husted, G. (2008). Ethical Decision Making in Nursing and Health Care: The Symphonological Approach. 4th edn. New York: Springer Publishing Company Ivanović, S., Stanojevic, C, Jajic, S., Vila, A. & Nikolic, S. (2013). Medical Law and Ethics. Acta Medica Medianae 52(3), 67-72 Kumar, R., Mehta, S. & Kalra, R. (2011). Knowledge of staff nurses regarding legal and ethical responsibilities in the field of psychiatric nursing. Nursing and Midwifery Research Journal, 7(1), 1-11 Lachman, V. (2008). Making ethical choices: Weighing obligations and virtues. Nursing 38(10). 42-46 Lawson, K. (2008). Patient confidentiality and the intensivist. JICS 9(2), 178-183 Lewis, A., Tamparo, C, & Tatro, B. (2012). Law, Ethics, & Bioethics for the Health. Philadelphia: F.A. Davis Co. McGowan, C. (2012). Patients’ Confidentiality. Critical Care Nurse 32(5), 61-65) Mehnke, A. (2009). Managing a breach in patient confidentiality. OR Nurse, 3(6), 56 Mick, S. & Conners, S. (1997). Ethical Issues of Medical Records on the Internet. Confidential. Myers, J., Frieden, T., Bherwani, K. & Henning, K. (2008). Ethics in Public Health Research: Privacy and Public Health at Risk: Public Health Confidentiality in the Digital Age. Am J Public Health, 98(5), 793–801 Noureddine, S (2001). Development of the ethical dimension in nursing theory. International Journal of Nursing Practice 6, 2-7 Pandit, M. & Pandit, S. (2009). Medical negligence: Coverage of the profession, duties, ethics, case law, and enlightened defense - A legal perspective. Indian Journal of Urology 25(3), 372–378. Pritts, J. (2008). The Importance and Value of Protecting the Privacy of Health Information: The Roles of the HIPAA Privacy Rule and the Common Rule in Health Research. New York: National Academy of Sciences. Rich, K. & Butts, J. (2010). Foundations of Ethical Nursing Practice. Jones & Bartlett Learning, LCC Rony, D., Williams, B & Knowles, A. (2011). Breaching Confidentiality with Adolescent Clients: A Survey of Australian Psychologists about the Considerations that Influence Their Decisions. Psychiatry, Psychology and Law,1(1), 1-12 Sankar, P., Mora, S., Merz, J. & Jones, N. (2003). Patient Perspectives of Medical Confidentiality: A Review of the Literature. J Gen Intern Med 18(8): 659–669. Sittig, D. & Singh, H. (2011). Legal, Ethical, and Financial Dilemmas in Electronic Health Record Adoption and Use. Pediatrics, 127(4), e1042–e1047 Sullivan, J., Ramirez, E., razo, N. & George, C. (2002). Factors Contributing to breaking confidentiality dilemma to work in children's best interests. Professional psychology: Research and Practice 33(1), 396-401 Wang, S., Middleton, B, Bardon, C. & Spurr, C. (2012). A Cost-Benefit Analysis of Electronic Medical Records in Primary Care. The American Journal Of Medicine 114(1), 397-403 Read More