Please note! This essay has been submitted by a student.
As McGonigle, Mastrian, & Farcus (2018) mention, as with any paradigm shift, a new way of viewing the world brings some of the enduring values of the previous worldview. This paper presents an ethical dilemma related to the unauthorized access of patient files and nursing informatics. The purpose of choosing this subject is that the unauthorized access of patient files is one of the most common ethical issues in healthcare organizations; according to the U.S. Department of Health and Human Services, there were 3,054 healthcare data breaches between 2009 and 2019, resulting in the exposure of 230,954,151 medical records (Torrey, 2020).
New computer technologies for collecting and transmitting data transform the use and distribution of information, and along the way, they create ethical dilemmas: a decision-making problem between two possible moral imperatives, neither of which is unambiguously acceptable or preferable (Mohmmed, & Abeer El-sol, 2018). Nurses can face many ethical issues in the workplace, as security breaches threaten patient privacy when confidential health information is made available to others without an individual’s consent or authorization (Ozair et al., 2015). Accessing patient information without authorization is a common Health Insurance Portability and Accountability Act (HIPAA) violation, and can cost a practice substantially, as individuals that use or sell PHI can be subject to fines or prison time (Zebel, 2016). For example, federal prosecutors charged a medical technician at Howard University Hospital with violating the HIPAA; over a 17-month period, the technician used her position at the hospital to gain access to patients’ names, addresses, and Medicare numbers to sell their information (Ozair, et al., 2015).
Firstly, the privacy and security of patient health information should be a priority without exception for healthcare professionals. Leadership has to provide current and up-to-date materials and manuals to their employees and conduct annual HIPAA training, as most violations can be easily prevented by ensuring that all individuals with access to patient information receive proper training (Zebel 2016).
A second alternative is that healthcare organizations have to implement security measures such as firewalls and intrusion detection software to protect data integrity. For example, employees should not share their ID with anyone or a security officer must be designated by the organization to work with a team of health IT experts (Ozair, et al., 2015). Thus, if healthcare organizations are not up to date with changes in their HIPAA practices, they risk potential violations that could not only damage a practice’s reputation but cause criminal and civil fines.
Today, EHRs (Electronic Health Record) have demonstrated value in features such as accurate prescriptions and prevention reminders, but are a double-edged sword, bringing both opportunity and risk (Sulmasy et al., 2017). Two general types of medical records are shared/purchased. The first is called an individually identifiable record, which focuses on personal attributes, such as a person’s name, doctors, diagnoses, and treatments (Torrey, 2020). The second type is an aggregated medical record, which is a database of attributes that are not used to identify any one individual—in other words, data mining (Torrey, 2020). For example, if a nurse leader would like to analyze how late/early Lovenox was administered on the medical-surgical floor, he/she could review aggregated medical records to pull data without compromising patient privacy.
Furthermore, certain individuals and entities such as medical professionals/facilities, health insurance providers, and the government have the right to access patients’ medical records and are classified as covered entities under HIPAA (Torrey, 2020). Therefore, nurse leaders need to understand the barriers and possible gaps in the system which might result in the compromise of health information.
The American Nurses Association (ANA) has developed a Code of Ethics for Nurses, which serves as a guide to the implementation of nursing responsibilities in a manner consistent with quality in nursing care (ANA, n.d.). For example, nurse leaders should strongly emphasize that it is not acceptable to check the patient’s status after the nurse sends the patient to the critical care unit, or follow up with the patient’s status after the nurse’s shift is over.
One possible application might be to remind the staff to log out when they are not working on their patients’ charts; nurses can be busy with interruptions such as phone calls or emergency needs, and leaving a computer open might be an invitation to unauthorized access. Another possible application would be to encourage nurses to have strong passwords, using signs and numbers that are not shared with anybody. The third and final application might be monitoring since prevention is a crucial step.
As a nurse leader, the first action plan is to mandate HIPAA in-services and make sure that human relations provide the same in-services to new hires. Additionally, the nurse leader should utilize quarterly education seminars with scenarios to enforce HIPAA regulations. Moreover, the nurse leader should make documents/clarifications on protocols easy to access, and nurses and nurse aids should not hesitate to reach out to the nurse leader if they witness patient privilege violations.
Thus, all healthcare staff members need to commit to following security and privacy policies to help create the first line of defense in protecting confidential patient information (Borten, 2016).
No healthcare organization or nurse leader wants to receive notification that there has been unauthorized healthcare data access (Patel, 2016). Nurses are the frontline of care and may intentionally or unintentionally expose patients’ EHRs, and since the improvement of patient safety has been a major topic on organizational agendas for years and minimizing risks and promoting safety is the responsibility of nurse leaders. Healthcare and nursing informatics will evolve, and it is realistic to expect that HIPAA-related implementation tasks will be necessary for years to come as more extensive patient safety measures evolve across the industry (Flores & Paralegal, 2005).