The Privacy Rule and Health Care Practice Essay
How will you use this information in the future? On April 14, 2003 the Health Insurance portability and Accountability Act of 1996 (HAIFA) took effect, and these federal regulation have had an impact on the field of healthcare. It affords certain protections to persons covered by health care plans, Including continuity of coverage when changing Jobs, standards for electronic health care transactions, and primary safeguards for the privacy of individually identifiable attain information. The Privacy Rule and Health Care Practice Essay.
Protecting healthcare information is the key essential in a healthcare organization. In an Internet video, Barclay (2010) states It Is Imperative that all healthcare providers be knowledgeable about the HAIFA standards and protect the rights of patients and residents. However, patients also have the responsibilities to give accurate information about their condition and to participate in treatment and care. With that being said the doctrine of informed consent allows attends full disclosure to make a knowledgeable decision about their care. The Privacy Rule and Health Care Practice Essay.
Failure of patient confidentiality gives rise to legal liability. Identifying deferent forms of security breaches and creating measures to safeguards standards, procedure and policies against leaking personal health information (PHI) will maintain and promote growth of an organization. Identifying different forms of security breaches and Instituting measures to implement and safeguard specific standards, policies, and procedures against eking e-Pals to attackers and hackers, will maintain patients’ integrity and promote growth of the organization.
To malignant the confidentiality of e-Pals, HAIFA created privacy rule, security rule, and HITCH. These rules help to safeguard patient’s privacy, prevent, detect, and correct security violation. Furthermore, viruses, which are Introduced by hackers, can attack the computer systems. Another way to protect patients’ information is to protect buildings, equipment, and software. This is done in order to steal information, either for profit, to make a political point, or for entertainment. Sing programs like firewalls, Virtual Private Networks, Intrusion detection system, virus detection, cryptography, and content filtering can help to guard against information hackers. The Privacy Rule and Health Care Practice Essay. As a result, the organization will conserve resources and revenue that would have been lost through this process. In conclusion, protecting patients’ information is one of the ways to guard against leaking of attends’ information. The healthcare industries required adequate communication to survive.
thical health research and privacy protections both provide valuable benefits to society. Health research is vital to improving human health and health care. Protecting patients involved in research from harm and preserving their rights is essential to ethical research. The primary justification for protecting personal privacy is to protect the interests of individuals. In contrast, the primary justification for collecting personally identifiable health information for health research is to benefit society. But it is important to stress that privacy also has value at the societal level, because it permits complex activities, including research and public health activities to be carried out in ways that protect individuals’ dignity. At the same time, health research can benefit individuals, for example, when it facilitates access to new therapies, improved diagnostics, and more effective ways to prevent illness and deliver care.
The intent of this chapter1 is to define privacy and to delineate its importance to individuals and society as a whole. The value and importance of health research will be addressed in Chapter 3.
Privacy has deep historical roots (reviewed by Pritts, 2008; Westin, 1967), but because of its complexity, privacy has proven difficult to define and has been the subject of extensive, and often heated, debate by philosophers, sociologists, and legal scholars. The term “privacy” is used frequently, yet there is no universally accepted definition of the term, and confusion persists over the meaning, value, and scope of the concept of privacy. At its core, privacy is experienced on a personal level and often means different things to different people (reviewed by Lowrance, 1997; Pritts, 2008). In modern society, the term is used to denote different, but overlapping, concepts such as the right to bodily integrity or to be free from intrusive searches or surveillance. The concept of privacy is also context specific, and acquires a different meaning depending on the stated reasons for the information being gathered, the intentions of the parties involved, as well as the politics, convention and cultural expectations (Nissenbaum, 2004; NRC, 2007b).
Our report, and the Privacy Rule itself, are concerned with health informational privacy. The Privacy Rule and Health Care Practice Essay. In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. However, although privacy is often used interchangeably with the terms “confidentiality” and “security,” they have distinct meanings. Privacy addresses the question of who has access to personal information and under what conditions. Privacy is concerned with the collection, storage, and use of personal information, and examines whether data can be collected in the first place, as well as the justifications, if any, under which data collected for one purpose can be used for another (secondary)2 purpose. An important issue in privacy analysis is whether the individual has authorized particular uses of his or her personal information (Westin, 1967).
Confidentiality safeguards information that is gathered in the context of an intimate relationship. It addresses the issue of how to keep information exchanged in that relationship from being disclosed to third parties (Westin, 1976). Confidentiality, for example, prevents physicians from disclosing information shared with them by a patient in the course of a physician–patient relationship. Unauthorized or inadvertent disclosures of data gained as part of an intimate relationship are breaches of confidentiality (Gostin and Hodge, 2002; NBAC, 2001).
Security can be defined as “the procedural and technical measures required (a) to prevent unauthorized access, modification, use, and dissemination of data stored or processed in a computer system, (b) to prevent any deliberate denial of service, and (c) to protect the system in its entirety from physical harm” (Turn and Ware, 1976). Security helps keep health records safe from unauthorized use. When someone hacks into a computer system, there is a breach of security (and also potentially, a breach of confidentiality). No security measure, however, can prevent invasion of privacy by those who have authority to access the record (Gostin, 1995). The Privacy Rule and Health Care Practice Essay.
There are a variety of reasons for placing a high value on protecting the privacy, confidentiality, and security of health information (reviewed by Pritts, 2008). Some theorists depict privacy as a basic human good or right with intrinsic value (Fried, 1968; Moore, 2005; NRC, 2007a; Terry and Francis, 2007). They see privacy as being objectively valuable in itself, as an essential component of human well-being. They believe that respecting privacy (and autonomy) is a form of recognition of the attributes that give humans their moral uniqueness.
The more common view is that privacy is valuable because it facilitates or promotes other fundamental values, including ideals of personhood (Bloustein, 1967; Gavison, 1980; Post, 2001; Solove, 2006; Taylor, 1989; Westin, 1966) such as:
The bioethics principle nonmaleficence3 requires safeguarding personal privacy. Breaches of privacy and confidentiality not only may affect a person’s dignity, but can cause harm. When personally identifiable health information, for example, is disclosed to an employer, insurer, or family member, it can result in stigma, embarrassment, and discrimination. Thus, without some assurance of privacy, people may be reluctant to provide candid and complete disclosures of sensitive information even to their physicians. Ensuring privacy can promote more effective communication between physician and patient, which is essential for quality of care, enhanced autonomy, and preventing economic harm, embarrassment, and discrimination (Gostin, 2001; NBAC, 1999; Pritts, 2002). The Privacy Rule and Health Care Practice Essay. However, it should also be noted that perceptions of privacy vary among individuals and various groups. Data that are considered intensely private by one person may not be by others (Lowrance, 2002).
But privacy has value even in the absence of any embarrassment or tangible harm. Privacy is also required for developing interpersonal relationships with others. Although some emphasize the need for privacy to establish intimate relationships (Allen, 1997), others take a broader view of privacy as being necessary to maintain a variety of social relationships (Rachels, 1975). By giving us the ability to control who knows what about us and who has access to us, privacy allows us to alter our behavior with different people so that we may maintain and control our various social relationships (Rachels, 1975). For example, people may share different information with their boss than they would with their doctor.
Most discussions on the value of privacy focus on its importance to the individual. Privacy can be seen, however, as also having value to society as a whole (Regan, 1995). Privacy furthers the existence of a free society (Gavison, 1980). For example, preserving privacy from widespread surveillance can be seen as protecting not only the individual’s private sphere, but also society as a whole: Privacy contributes to the maintenance of the type of society in which we want to live (Gavison, 1980; Regan, 1995).
Privacy can foster socially beneficial activities like health research. Individuals are more likely to participate in and support research if they believe their privacy is being protected. Protecting privacy is also seen by some as enhancing data quality for research and quality improvement initiatives. When individuals avoid health care or engage in other privacy-protective behaviors, such as withholding information, inaccurate and incomplete data are entered into the health care system. These data, which are subsequently used for research, public health reporting, and outcomes analysis, carry with them the same vulnerabilities (Goldman, 1998). The Privacy Rule and Health Care Practice Essay.
The bioethics principle of respect for persons also places importance on individual autonomy, which allows individuals to make decisions for themselves, free from coercion, about matters that are important to their own well-being. U.S. society also places a high value on individual autonomy, and one way to respect persons and enhance individual autonomy is to ensure that people can make the choice about when, and whether, personal information (particularly sensitive information) can be shared with others.
American society places a high value on individual rights, personal choice, and a private sphere protected from intrusion. Medical records can include some of the most intimate details about a person’s life. They document a patient’s physical and mental health, and can include information on social behaviors, personal relationships, and financial status (Gostin and Hodge, 2002). Accordingly, surveys show that medical privacy is a major concern for many Americans, as outlined below (reviewed by Pritts, 2008; Westin, 2007). As noted in Chapter 1, however, there are some limits to what can be learned from surveys (Tourangeau et al., 2000; Wentland, 1993; Westin, 2007). For example, how the questions and responses are worded and framed can significantly influence the results and their interpretation. Also, responses are biased when respondents self-report measures of attitudes, behavior, and feelings in such a way as to represent themselves favorably.
In a 1999 survey of consumer attitudes toward health privacy, three out of four people reported that they had significant concerns about the privacy and confidentiality of their medical records (Forrester Research, 1999). In a more recent survey, conducted in 2005 after the implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, 67 percent of respondents still said they were concerned about the privacy of their medical records, suggesting that the Privacy Rule had not effectively alleviated public concern about health privacy. Ethnic and racial minorities showed the greatest concern among the respondents. Moreover, the survey showed that many consumers were unfamiliar with the HIPAA privacy protections. The Privacy Rule and Health Care Practice Essay. Only 59 percent of respondents recalled receiving a HIPAA privacy notice, and only 27 percent believed they had more rights than they had before receiving the notice (Forrester Research, 2005). One out of eight respondents also admitted to engaging in behaviors intended to protect their privacy, even at the expense of risking dangerous health effects. These behaviors included lying to their doctors about symptoms or behaviors, refusing to provide information or providing inaccurate information, paying out of pocket for care that is covered by insurance, and avoiding care altogether (Forrester Research, 2005).
A series of polls conducted by Harris Interactive suggest, however, that the privacy of health information has improved since implementation of the Privacy Rule. Prior to its creation, a 1993 survey by Harris Interactive showed that 27 percent of Americans believed their personal medical information had been released improperly in the past 3 years. In contrast, 14 percent and 12 percent of respondents believed this had happened to them in 2005 and 2007, respectively (Harris Interactive, 2005 Harris Interactive, 2007). In the 2005 survey, about two-thirds of respondents reported having received a HIPAA privacy notice, and of these people, 67 percent said the privacy notice increased their confidence that their medical information is being handled properly (Harris Interactive, 2005).
Responses to other questions on recent public opinion polls conducted by Harris Interactive only partially corroborate these findings. In one survey, 70 percent of respondents indicated that they are generally satisfied with how their personal health information is handled with regard to privacy protections and security. Nearly 60 percent of the respondents reported that they believe the existing federal and state health privacy pro tection laws provide a reasonable level of privacy protection for their health information (Harris Interactive, 2005). Nonetheless, half of the respondents also believed that “[P]atients have lost all control today over how their medical records are obtained and used by organizations outside the direct patient health care such as life insurers, employers, and government health agencies.” In another survey, 83 percent of respondents reported that they trust health care providers to protect the privacy and confidentiality of their personal medical records and health information (Westin, 2007). However, in that survey, 58 percent of respondents believed the privacy of personal medical records and health information is not protected well enough today by federal and state laws and organizational practices. The Privacy Rule and Health Care Practice Essay.
A number of studies suggest that the relative strength of privacy, confidentiality, and security protections can play an important role in people’s concerns about privacy (reviewed by Pritts, 2008). When presented with the possibility that there would be a nationwide system of electronic medical records, one survey found 70 percent of respondents were concerned that sensitive personal medical record information might be leaked because of weak data security, 69 percent expressed concern that there could be more sharing of medical information without the patient’s knowledge, and 69 percent were concerned that strong enough data security will not be installed in the new computer system.
Confidentiality is particularly important to adolescents who seek health care. When adolescents perceive that health services are not confidential, they report that they are less likely to seek care, particularly for reproductive health matters or substance abuse (Weddle and Kokotailo, 2005). In addition, the willingness of a person to make self-disclosures necessary to mental health and substance abuse treatment may decrease as the perceived negative consequences of a breach of confidentiality increase (Petrila, 1999; Roback and Shelton, 1995; Taube and Elwork, 1990). These studies show that protecting the privacy of health information is important for ensuring that individuals seek and obtain quality care.
The potential for economic harm resulting from discrimination in health insurance and employment is also a concern for many people (reviewed by Pritts, 2008). Polls consistently show that people are most concerned about insurers and employers accessing their health information without their permission (Forrester Research, 2005; PSRA, 1999). This concern arises from fears about employer and insurer discrimination. Concerns about employer discrimination based on health information, in particular, increased 16 percent between 1999 and 2005, with 52 percent of respondents in the later survey expressing concern that their information might be seen by an employer and used to limit job opportunities (Forrester Research, 2005; PSRA, 1999). The Privacy Rule and Health Care Practice Essay. Reports alleging that major employers such as Wal-Mart base some of their hiring decisions on the health of applicants suggest that these concerns may be justified (Greenhouse and Barbaro, 2005).
Studies show that individuals are especially concerned about genetic information being used inappropriately by their insurers and employers (reviewed by Pritts, 2008). Even health care providers appear to be affected by these concerns. In a survey of cancer-genetics specialists, more than half indicated that they would pay out of pocket rather than bill their insurance companies for genetic testing, for fear of genetic discrimination (Hudson, 2007). Although surveys do not reveal a significant percentage of individuals who have experienced such discrimination, geneticists have reported that approximately 550 individuals were refused employment, fired, or denied life insurance based on their genetic constitution (NBAC, 1999). In addition, a study in the United Kingdom suggested that life insurers in that country do not have a full grasp on the meaning of genetic information and do not assess or act in accord with the actuarial risks presented by the information (Low et al., 1998). There is, therefore, some legitimate basis to individuals’ concerns about potential economic harm and the need to protect the privacy of their genetic information. Recent passage of the Genetic Information Nondiscrimination Act in the United States will hopefully begin to address some of these concerns.4
Ideally, there would be empirical evidence regarding the privacy value of all the specific PrivacyRule provisions that impact researchers, but there are only limited data on this topic from the consumer/patient perspective. A few studies have attempted to examine the public’s attitudes about the use of health information in research. However, few have attempted to do so with respect to the intricacies of the protections afforded by the Privacy Rule or the Common Rule,5 which are likely not well known to the public.
A review by Westin of 43 national surveys with health privacy questions fielded between 1993 and September 2007 identified 9 surveys6 with one or more questions about health research and privacy (Westin, 2007). The Privacy Rule and Health Care Practice Essay. In some, the majority of respondents were not comfortable with their health information being provided for health research except with notice and express consent. But in others, a majority of respondents were willing to forgo notice and consent if various safeguards and specific types of research were offered. For example, a recent Harris Poll found that 63 percent of respondents would give general consent to the use of their medical records for research, as long as there were guarantees that no personally identifiable health information would be released from such studies (Harris Interactive, 2007). This is similar to the percentage of people willing to participate in a “clinical research study” (Research!America, 2007; Woolley and Propst, 2005) (see also Chapter 3). A 2006 British survey also found strong support for the use of personally identifiable information without consent for public health research and surveillance, via the National Cancer Registry (Barrett et al., 2007).
Westin noted that opinions varied in the surveys according to developments on the health care scene and with consumer privacy trends. He concluded from this review that the majority of consumers are positive about health research, and if asked in general terms, support their medical information being made available for research. However, he also noted that most of these surveys presented the choice in ways that did not articulate the key permission process, and that there was much ambiguity in who “researchers” are, what kind of “health research” is involved, and how the promised protection of personal identities would be ensured (Westin, 2007).
Reviewing the handful of detailed studies examining patient views of the use of their medical information in research through surveys, structured interviews, or focus groups, Pritts determined that a number of common themes emerge (reviewed by Pritts, 2008):
In studies where patients were able to provide unstructured comments, they expressed concern about the potential that anonymized data would be reidentified. They were also concerned that insurers or employers or others who could discriminate against subjects could potentially access informa tion maintained by researchers (Damschroder et al., 2007; Kass et al., 2003; Robling et al., 2004). Some feared that researchers would sell information to drug companies or other third parties (Damschroder et al., 2007).
The Privacy Rule and Health Care Practice Essay