730 likes | 1.86k Views
LDR 668 Politics, Policy & Ethics By Lori Reau. Ethical Issues in Health Information Technology. HIT (Health Information Technology)
E N D
LDR 668 Politics, Policy & Ethics By Lori Reau Ethical Issues in Health Information Technology
HIT (Health Information Technology) • The use of health information technology (HIT) is becoming increasingly important in medical providers’ efforts to support decision-making and to promote quality health care delivery (Fleming) Health Information Technology
Telehealth: Delivery of health-related services and information via telecommunications technologies, including both health care and education Electronic Medical Records: Computer-based patient records Electronic Clinical Support Systems: Computer-based knowledge management technologies that support the clinical decision-making process from diagnosis and investigation through treatment and recovery Online Health Care Resources: Web-based resources that market to health care consumers, as well as providers, linking to information and education about products, medical and dental services, alternative health care, hospitals, providers, employment, publications, and mental health (Fleming) Basic Health Information Technologies
Telehealth Respect privacy and confidentiality; ensure adequate informed consent Electronic Medical Records Ensure accuracy, accessibility and accountability by providers; seek information transferability between systems Electronic Clinical Support Systems Ensure access and reliability of decision support systems for local sites, with support from tertiary care sites when needed Online Health Care Resources Ensure accuracy and reliability of information being accessed; encourage careful scrutiny by those accessing such information Additional Protections Establish policies and procedures to ensure consistency, generalization, and quality; develop informational material for providers and patients; provide community-wide education on health information technology (Fleming) Preventing Ethic Conflicts with HealthCare Information Technology
Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. • Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. • The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system. • The Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. (Centers for Medicare & Medicaid Services) Health Insurance Portability and Accountability Act of 1996
Gives patients more control over their health information; • Sets boundaries on the use and release of health records; • Establishes appropriate safeguards that the majority of health-care providers and others must achieve to protect the privacy of health information; • Holds violators accountable with civil and criminal penalties that can be imposed if they violate patients' privacy rights; • Strikes a balance when public health responsibilities support disclosure of certain forms of data; HIPAA PRIVACY RULE
Enables patients to make informed choices based on how individual health information may be used; • Enables patients to find out how their information may be used and what disclosures of their information have been made; • Generally limits release of information to the minimum reasonably needed for the purpose of the disclosure; • Generally gives patients the right to obtain a copy of their own health records and request corrections; and • Empowers individuals to control certain uses and disclosures of their health information. HIPPA PRIVACY RULE
HIPPA Security RuleThe Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information What Information is Protected? Electronic Protected Health Information. The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI).3 The Security Rule does not apply to PHI transmitted orally or in writing. (Centers for Medicare & Medicaid Services)
Physical Safeguards • Facility Access and Control. • Workstation and Device Security. • Technical Safeguards • Access Control • Audit Controls. • Integrity Controls. • Transmission Security. • Organizational Requirements • Covered Entity Responsibilities. • Business Associate Contracts. • Enforcement and Penalties for Noncompliance • Compliance. Safeguards
This bill accomplishes four major goals that advance the use of health information technology (Health IT), such as electronic health records by: Requiring the government to take a leadership role to develop standards by 2010 that allow for the nationwide electronic exchange and use of health information to improve quality and coordination of care. Investing $20 billion in health information technology infrastructure and Medicare and Medicaid incentives to encourage doctors and hospitals to use HIT to electronically exchange patients’ health information. Saving the government $10 billion, and generating additional savings throughout the health sector, through improvements in quality of care and care coordination, and reductions in medical errors and duplicative care. Strengthening Federal privacy and security law to protect identifiable health information from misuse as the health care sector increases use of Health IT. (Committees on Energy and Commerce, Ways and Means, and Science and Technology, 2009) Health Information Technology for Economic and Clinical Health Act (HITECH Act)
Theft Loss of electronic media or paper records containing protected health information Unauthorized access to protected health information-intentional or unintentional Human error Improper disposal (Matre, 2012) Top (reported) Privacy Breach Causes
Includes unauthorized and disclosures uses of “unsecured”PHI. Similar to breach disclosures of financial and credit card institutions. "unsecured PHI" essentially means "unencrypted PHI Patients are to be notified If the breach number is greater than 500 the HHS must be notified. Under certain conditions the local media will also be notified. Notification must occur regardless if it is an internal or external breach. (The HIPPA Survival Guide) HITECH BREACH NOTIFICATION REQUIREMENTS
Security Headlines (Matre, 2012)
“Two regulations have been released, one of which defines the “meaningful use” objectives that providers must meet to qualify for the bonus payments, and the other which identifies the technical capabilities required for certified EHR technology. •Incentive Program for Electronic Health Records: Issued by the Centers for Medicare & Medicaid Services (CMS), this final rule defines the minimum requirements that providers must meet through their use of certified EHR technology in order to qualify for the payments.” (Glossary of EMR Requirements) Meaningful use and American recovery and reinvestment act 2009
Latest qualifying period start date for Stage 1 is 7/3/13 With this start date, the full year one payment can be obtained along with all payments as long as attestation is done for all The challenge is that a higher Stage level will need to be met in a shorter time period with a later initial qualifying period start date ARRA Qualifying Period Timeline
Regulations only help to alleviate risk-benefit balance related ethical dilemmas by eliminating so called unethical implications committed against the patient. • The ethical obligations pertain to actions taken on patients’ behalf, to improve their health status and protect their personal information. • The ethical dilemmas do not lie in the crimes, they arise when we have to decide if the benefits of implementing an IT system outweigh the risk of computer crimes which harm the patient. • Unintended harms must be considered in pursuit of the intended good. Do no harm. • Who gets to define harm in this technological arena? (Ethical Dilemmas of Healthcare Delivery in the Information Technology Age, 2003) Balancing Technology Regulation and Ethical Obligations to Patients
That confidentiality may become less important, or more difficult to enforce, as health information technologies become more universally available and applied, particularly as human curiosity continues to promote behavior that derails even the most secure system. Breaches in confidentiality can be both visual and auditory. Such breeches may be quite innocent, such as when a passer-by inadvertently views or hears a provider’s videoconference interactions with patients. Other concerns include unauthorized viewing of patient images or clinic notes in an electronic database that is shared The digital divide whereas patients are particularly vulnerable to geographic, physical, cognitive, or economic barriers to health care services Broader Ethics Concern
Elementary school. • Understand Moral “right” and “wrong” • Understand privacy and safety …Aristotle is deeply indebted to Plato’s moral philosophy, particularly Plato’s central insight that moral thinking must be integrated with our emotions and appetites, and that the preparation for such unity of character should begin with childhood education… (Stanford Encyclopedia of Philosophy, p.2). (Martens) Ethics Training and Education
High School and College • ‘netiquette’, intellectual property rights, plagiarism, piracy and privacy. Information integrity, information confidentiality and information availability/non-availability , authentication, speed of computers- information that cannot be deleted once sent. (Martens) • Psychological Distance or Anonymity does not excuse the immorality of an action or behavior. • Criminal, Societal and Personal Repercussions • Workforce • Regulation • Non-compliance Penalties • Yearly Updates and Acknowledgements • Criminal, Societal and Personal Repercussions (Rikowski, 2003). Ethics Training and Education
Professionals-physicians, psychologists, psychiatrists, and social workers-are licensed by their respective professional agencies and therefore required to follow a certain professional code of conduct established by their professional boards • Many states already require licensure in their state before an out-of-state physician can electronically provide services to patients • the provider would need to be licensed in the state the patient was residing, severely limiting the practice of cyber medicine, e-psychiatry, or e-therapy • Special training programs • Establishment of an independent, international body to assess "cyber-docs," issue a special license to practice in cyberspace, and then monitor their practice Cyber Licensing
Knowledge is power HIPAA Rights-to know, to privacy, to property, to confidentiality Understand access, safety and security Reliable online resources Consumer and patient
Questions Patients Should Ask When Using Medical Web Sites/PHI Portals • Who maintains the site? • Is there an editorial board or listing of names and credentials of those responsible for preparing and reviewing the site’s content? • Does the site link to other reliable sources of medical information? • Does the site provide references to reliable sources? • When was the site last updated? • Has the site been reviewed for mistakes in grammar or spelling? • Are informative graphics and multimedia files such as video or audio clips available? • Is the site HIPAA/HITECH compliant? • Is there a security or trustmark symbol? Consumer and patient
Patients are uniquely empowered, because they are now able to access health information directly, without depending on physicians, clinics, and hospitals to select what they read and hear about health and health care. It must be the responsibility of each individual user, whether professional, public or private, to check the accuracy, reliability, and overall trustworthiness of information given on health-related Web sites EMR or portals. The ultimate responsibility of access to patient healthcare information lies with all of us. People are the consumer, the patient, the licensed professional who drives the ethical goodness, well-being and dignity of humankind. Consumer and patient
Centers for Medicare & Medicaid Services. (n.d.). Retrieved April 2012, from CMS.gov: http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/index.html Committees on Energy and Commerce, Ways and Means, and Science and Technology. (2009, January 16). Retrieved April 2012 Ethical Dilemmas of Healthcare Delivery in the Information Technology Age. (2003). Singapore Med J, 44(3), 145-148. Fleming, D. A. (n.d.). Ethics Conflicts in Rural Communities: Health Information Technology. Retrieved April 2012, from http://geiselmed.dartmouth.edu/cfm/resources/ethics/chapter-14.pdf Glossary of EMR Requirements. (n.d.). Retrieved April 2012, from Greenway: http://www.meaningfuluse-emr.com/glossary/1#term7 http://www.hipaasurvivalguide.com Matre, K. (2012, May). I am a patient perspective data privacy in healthcare. HIMSS Virtual Conference . Martens, B. (n.d.). Computer Ethics in Secondary and Teacher Training. Retrieved April 2012, from http://bibliotecavirtual.clacso.org.ar/ar/libros/raec/ethicomp5/docs/pdf_papers/43Martens,%20Bern.pdf Rikowski, R. (2003). Teaching ethical issues in Information Technology: how and when. Retrieved April 2012, from http://www.libr.org/isc/issues/ISC23/B9a%20Ruth%20Rikowski.pdf References