By Brooke Faulkner, freelance writer; @faulknercreek.
Advancements in medical technology grant modern patients access to better care than ever before, but they also come with serious privacy concerns. Widespread data breaches in the realm of digital health records led to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, and it’s a relevant as ever in the present day.
In our current healthcare climate, patient privacy and data protection go hand in hand. HIPAA is meant to protect sensitive patient medical records while adhering to ethical principles. With the rise of alternate treatments like medical marijuana and CBD, which are illegal or regulated in many states, ensuring patient privacy is more important than ever. Here’s how patient privacy and ethics intersect in the age of technology.
Healthcare administrators, ethics and privacy
The role of the healthcare administrator is a complex one that merges patient care and bureaucratic involvement. Healthcare administrators are a major player in the front lines of HIPAA compliance. One of the biggest ethical dilemmas of the role is maintaining each patient’s right to privacy and autonomy. Administrators often play a big part in ensuring that a facility properly adheres to HIPAA and other relevant laws and regulations.
Of course, ensuring patient privacy only goes so far in certain situations. A healthcare administrator may break confidentiality under particular circumstances, such as when patients may harm themselves or others. Cultivating a thorough understanding of applicable laws and knowing when to break confidentiality is integral to maintaining a balance of patient privacy and ethics.
It may not always be easy to determine if or when confidential information should be shared. A psychiatrist in Singapore was recently fined $50,000 for breaching medical confidentiality by sharing confidential patient information with an unauthorized party. A man posing as a patient’s husband contacted the psychiatrist, claiming that his “wife” was suicidal. The psychiatrist had previously determined that his patient was at risk of self-harm, and he wrote a memo for the man that included confidential medical information. The man turned out to be the patient’s brother rather than her husband, and he did not have legal access to the patient’s medical information.
In this case, while the psychiatrist was within his rights to share information related to his patient’s potential for self-harm, he did not verify the identity of the family member who ultimately received the confidential medical information. Thus, the patient filed a complaint with the Singapore Medical Council (SMC). The SMC handed down the stiff penalty and censure as a form of “general deterrence” for similar situations in the future, and healthcare administrators should take note of the decision.
The role of the medical provider
The topics of patient privacy and ethics form the backbone of numerous industry jobs, from healthcare administrators to nurses and medical assistants. In many cases, medical assistants are directly responsible for administrative tasks, including the collecting and handling of patient data. Because of this fact, a medical assistant must ensure that he or she adheres to all pertinent privacy regulations and take the utmost care to keep patient data safe. Nurses also come in contact with sensitive patient data and should take similar precautions to avoid a potential HIPAA violation.
Ensuring patient data privacy starts at the training level for medical assistants. Best practices for maintaining electronic patient medical records is a key focus in any assistant’s education, but it’s particularly important for those interested in pharmacology. As a student, a medical assistant should be trained in HIPAA and similar regulations in order to develop a keen understanding of what’s at stake. A HIPAA breach could result in fines, but guilty parties may also be stripped of their individual licenses as well, causing many to lose their job and be barred from future employment in the healthcare industry.
While not all HIPAA violations result in termination, repercussions for individuals depend on the policy of the healthcare facility or organization and the severity of the violation. In 2018, a Texas nurse was fired after violating HIPAA regulations by posting sensitive patient data on social media. While posted information did not include a patient name, it contained specific details about the patient’s condition, and the nurse’s social media profile listed the facility in which she worked. Her employer, Texas Children’s Hospital, determined that the violation was severe enough to warrant firing her.
In the following conversation, Jim Lacy, CFO and general counsel of ZirMed, discusses the company’s mission, goals and growth; his passion for healthcare and serving those who work in it; ZirMed’s transition from a clearinghouse to a revenue cycle management, population health and predictive analytics firm; why privacy has become the biggest issue very few are seriously talking about; and the changing face of healthcare as a whole.
Tell me more about ZirMed, the brand, its solutions, and your mission for it.
Our core mission is to help healthcare providers, hospitals and health systems get paid. It sounds simple, but efficiently and effectively getting providers paid for their services and supporting their mission in an ever-evolving technological, regulatory, and clinical environment is incredibly complex.
ZirMed is uniquely positioned to deliver a comprehensive end-to-end platform of cloud-based financial and clinical performance management solutions. That means that at every point in the revenue cycle, we have solutions that support healthcare providers in collecting monies from payers and patients, and do it as quickly, efficiently, and cost-effectively as possible. Our solutions address the challenges of the current fee-for-service and consumer-driven payment systems, and also support fee-for-value reimbursement, broadly defined as population health management.
ZirMed’s solutions are logically oriented to address the revenue cycle needs of providers ranging from small physician practices and durable medical equipment providers to the largest hospitals and health systems. At the front end, we offer Patient Access solutions focused on registration and check-in to streamline pre-registration, estimate patient responsibility, accurately verify eligibility, and more.
Core to our mission of getting hospitals and health systems paid for services provided is our Charge Integrity solution. We use big-data and predictive analytics to identify and capture charges, resolve process inefficiencies, improve coding compliance, and ensure the complete integrity of all inpatient and outpatient billing.
Our claims and A/R management solutions include robust edits and rules aggregating claims across an entire system, and provide highly efficient claims and receivables workflows, reduce preventable denials, and deliver insights into financial performance for critical decision support.
With the ability to process vast amounts of data and provider metrics across an organization, our cost and utilization solutions benchmark provider performance, stratify risk, and support fee-for-value reimbursement programs.
Population health management has come to hold very different meanings across different organizations. Our population risk management solutions combine clinical and financial information, enabling insights into patient populations while identifying risk, analyzing discharges for readmission risks, and managing referrals across an integrated system.
And, of course, healthcare is always about the patients. We offer a comprehensive suite of Patient Engagement solutions including consumer-friendly billing and payment options and a patient portal offering online payment, statement management, and two-way messaging between the patient and provider.
What about you? What keeps your passion for this mission, and organization, alive? Tell me more about what excites you about your work and why you love what you do?
I love what I do, and couldn’t design a better job for myself than this one: I get to be a CFO, counsel and influence product design, all within the course of a normal day.
My roles are seemingly very different and one person holding them is rather non-traditional; however, there is logic to the fit. ZirMed develops financially focused software solutions in a highly regulated healthcare environment. We deal with billions of transactions and hundreds of billions of dollars annually with an extreme focus on privacy, security and compliancy. My background from the provider side of healthcare prior to joining ZirMed directly influences the types of solutions we build and how we deploy them to positively impact provider organizations.
Ric Sinclair, our VP of product, and his team excel at designing and delivering great software that’s beautiful, powerful, and easy to use. Their role is to take all this complexity and make it as simple and easy as possible for users and managers in client organizations. My role is to weave my experiences into the design of our products and support the role of the client in everything we build.
So I’m doing what I love and working with incredibly smart, talented people every day. That makes it easy to stay passionate and excited about my work and about ZirMed.
A patient’s right to the privacy of their health records seems obvious, but some of the benefits of connected health will only be achieved if this right is qualified and perhaps compromised. Assuming the twin goals of maximizing both personal and public health, there can be no absolute rights of privacy or ownership in personal health data.
The tools of connected health make it possible to determine the efficacy and safety of diagnostic and therapeutic devices and services in the real world. This can serve as the basis for a learning health care system that continuously improves its services and outcomes. Today it takes between 15 and 17 years for the medical community to fully embrace better approaches.
Traditional privacy and ownership rights of health data stand in the way of these benefits. An obvious example of the problem arises where an antibiotic drug taken for an infectious and dangerous disease is not effective. What if a diagnostic device is unreliable? Does the patient have an absolute right to privacy in these situations? What obligation does that patient and her provider have to other individuals who are at risk and to the system that is paying for ineffective services?
There has been a lot of discussion recently in regard to the ownership of patient health data in the electronic health records of providers. The issues of ownership and privacy are overlapping considerations in determining the answer to these questions.