By Brooke Faulkner, freelance writer; @faulknercreek.
Advancements in medical technology grant modern patients access to better care than ever before, but they also come with serious privacy concerns. Widespread data breaches in the realm of digital health records led to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, and it’s a relevant as ever in the present day.
The federal government takes HIPAA violations extremely seriously, and fines for data breaches can reach up to $1.5 million per violation category, per year. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights is responsible for enforcing HIPAA. The stiff penalties for violations have led to a decrease in data breaches in recent years. Forbes reports that HIPAA violations decreased three-fold in the years between 2014 and 2018, citing data from HHS.
In our current healthcare climate, patient privacy and data protection go hand in hand. HIPAA is meant to protect sensitive patient medical records while adhering to ethical principles. With the rise of alternate treatments like medical marijuana and CBD, which are illegal or regulated in many states, ensuring patient privacy is more important than ever. Here’s how patient privacy and ethics intersect in the age of technology.
Healthcare administrators, ethics and privacy
The role of the healthcare administrator is a complex one that merges patient care and bureaucratic involvement. Healthcare administrators are a major player in the front lines of HIPAA compliance. One of the biggest ethical dilemmas of the role is maintaining each patient’s right to privacy and autonomy. Administrators often play a big part in ensuring that a facility properly adheres to HIPAA and other relevant laws and regulations.
Of course, ensuring patient privacy only goes so far in certain situations. A healthcare administrator may break confidentiality under particular circumstances, such as when patients may harm themselves or others. Cultivating a thorough understanding of applicable laws and knowing when to break confidentiality is integral to maintaining a balance of patient privacy and ethics.
It may not always be easy to determine if or when confidential information should be shared. A psychiatrist in Singapore was recently fined $50,000 for breaching medical confidentiality by sharing confidential patient information with an unauthorized party. A man posing as a patient’s husband contacted the psychiatrist, claiming that his “wife” was suicidal. The psychiatrist had previously determined that his patient was at risk of self-harm, and he wrote a memo for the man that included confidential medical information. The man turned out to be the patient’s brother rather than her husband, and he did not have legal access to the patient’s medical information.
In this case, while the psychiatrist was within his rights to share information related to his patient’s potential for self-harm, he did not verify the identity of the family member who ultimately received the confidential medical information. Thus, the patient filed a complaint with the Singapore Medical Council (SMC). The SMC handed down the stiff penalty and censure as a form of “general deterrence” for similar situations in the future, and healthcare administrators should take note of the decision.
The role of the medical provider
The topics of patient privacy and ethics form the backbone of numerous industry jobs, from healthcare administrators to nurses and medical assistants. In many cases, medical assistants are directly responsible for administrative tasks, including the collecting and handling of patient data. Because of this fact, a medical assistant must ensure that he or she adheres to all pertinent privacy regulations and take the utmost care to keep patient data safe. Nurses also come in contact with sensitive patient data and should take similar precautions to avoid a potential HIPAA violation.
Ensuring patient data privacy starts at the training level for medical assistants. Best practices for maintaining electronic patient medical records is a key focus in any assistant’s education, but it’s particularly important for those interested in pharmacology. As a student, a medical assistant should be trained in HIPAA and similar regulations in order to develop a keen understanding of what’s at stake. A HIPAA breach could result in fines, but guilty parties may also be stripped of their individual licenses as well, causing many to lose their job and be barred from future employment in the healthcare industry.
While not all HIPAA violations result in termination, repercussions for individuals depend on the policy of the healthcare facility or organization and the severity of the violation. In 2018, a Texas nurse was fired after violating HIPAA regulations by posting sensitive patient data on social media. While posted information did not include a patient name, it contained specific details about the patient’s condition, and the nurse’s social media profile listed the facility in which she worked. Her employer, Texas Children’s Hospital, determined that the violation was severe enough to warrant firing her.
How changing laws affect patient privacy
In our modern era, healthcare professionals must continuously be aware of law and policy changes that could affect patient care. One field that has seen drastic legal changes in recent years is that of medical marijuana, and the decriminalization of the plant has led to numerous privacy-related questions. As of 2019, 33 states and Washington, D.C., allow the use of marijuana to treat certain medical conditions, including glaucoma and some cancers.
These state laws don’t change the fact that marijuana, no matter if recreational or medical, remains illegal at the federal level. This raises challenges in the realm of data privacy, as it may not be clear if healthcare providers should disclose a patient’s use of the drug. More questions are raised when it comes to CBD, a compound found in the hemp plant, which is closely related to marijuana but contains no psychoactive properties.
CBD oil is used in a wide variety of applications, from reducing anxiety to fighting the flu. While CBD is not a cure for any disease, it has been reported to help with some of the symptoms that accompany the flu, including body aches and nausea. But healthcare professionals should be aware that CDB is strongly regulated in some states.
In Idaho, for example, anyone found selling CBD oil can be criminally charged, since the compound typically contains a negligible amount of THC, which is psychoactive. Any substance that contains even a small amount of THC is illegal in the state, according to the Idaho State Police. This can pose an ethical dilemma for healthcare professionals in the area, who may be required to disclose a patient’s use of CBD in Idaho and other states where the compound is regulated.
Keeping patient data safe means ensuring that a facility has proper electronic security in place and that healthcare professionals understand how to keep information private, as well as the situations in which patient information can be shared. While it can be difficult to determine what patient data to share and with whom in some cases, healthcare professionals should always do their best to adhere to the guidelines set by HIPAA to maintain patient confidentiality.