Administrative Ethics Paper
Jon Williams
HCS/335
9/29/14
Linda Hagler-Reid
Administrative Ethics Paper
Houston is home to one of the largest medical centers in the world that strictly uses Electronic Medical Records. With a medical center of this size patient privacy and confidentiality is extremely import and a constantly evolving aspect of health care.
Since 2010 The Texas Medical Center has had 5 major breaches of security resulting in the unauthorized access to over 50,000 patients.
According to the American Medical Association's (AMA) Council on Ethical and Judicial Affairs, "The purpose of a physician's ethical duty to maintain patient ...view middle of the document...
Deterrence attempts are designed to prevent the violations by imposing sanctions and punishment for violations.
Problems have developed in the human chain of control. In July of 2014, it was discovered that an employee of the Memorial Hermann Health System inappropriately accessed confidential information of more than 10,000 patients over a 6 ½-year period (Ackerman, 2014). The accessed data included medical records, health insurance information and, in some cases, social security numbers. It did not include financial information, such as credit cards or bank accounts (Ackerman, 2014).
The impact of this type of breach can be extremely crippling to an organization. The Memorial Hermann Health System is currently under investigation by HHS and if HHS investigators find a pattern of failure to protect patient information, fines of up to $1.5 million for each calendar year in question can be imposed (Ackerman, 2014). That would be over $10 million in fines. That is money that is being taken away from the health care system which could be used for new equipment, research, and supplies. It can also have an effect on staffing and budget cuts.
Another issue that has developed because of the human chain of control is the possible privacy breach that can happen within the organization due to the amount of primary or secondary users. These users are usually the individuals that come in contact with this data on a daily basis such as doctors, nurses, third-party payers, and insurance companies. The policies that these groups use regarding protection of personal and private information may vary greatly as their needs and uses of the information.
The Stop Taking Our Health Privacy Act of 2003, H.R. 1709 and The Patient Privacy Act, H.R. 1699 both address issues that were discovered during breaches of medical health information.
Stop Taking Our Health Privacy (STOHP) Act of 2003 - Declares that modifications made by an August 14, 2002, final rule affecting medical privacy to a Code of Federal Regulations (CFR) section concerning consent for uses or disclosures to carry out treatment, payment, or health care operations shall have no force or effect. Directs that such CFR section shall be construed and applied to permit a health care provider to use or disclose an individual's protected health information without prior consent under specified circumstances, provided that the provider obtains written consent from the individual as soon as practicable("H.r.1709 - Stop Taking Our Health Privacy (stohp) Act Of 2003", n.d.).
Declares that a CFR section dealing with uses and disclosures for which an authorization is required shall be construed and applied so that an authorization shall be invalid unless it meets specified criteria, including that it describes the specific marketing uses...