Maintaining Privacy of Patient Health Records
HIPAA and Confidentiality
Healthcare providers in all facets of healthcare receive prerequisite training in maintaining patient privacy and keeping healthcare information private. An understanding of the principles of HIPAA is a requirement in the healthcare industry.
Health Insurance Portability and Accountability Act - HIPAA
Insurance became portable (transferable between insurers under certain circumstances) and healthcare records became computerized with the advent of HIPAA. Because electronic records are vulnerable to such threats as hackers, computer viruses, and technical malfunction, the healthcare industry had to develop measures to protect electronic records.
Confidentiality of Health Records
Misappropriation of information such as social security number, address, birth date, etc. that is included in patient records could lead to identity theft. Private health information (PHI) is thus closely guarded, and access to healthcare records is carefully regulated.
Insurance companies and workplaces may also misuse information obtained from health records. Unscrupulous companies may use private information inappropriately to vet employees, and insurance companies may use the information to limit coverage. Also the client may suffer emotional distress if certain private information is disclosed. An example of sensitive personal information is sexual orientation or infection of a patient with a sexually transmitted disease.
Celebrity Examples
What happens if a breach in the security of healthcare records occurs? Celebrities Britney Spears and the now deceased Farrah Fawcett were victims of such breaches. Charles Ornstein of the Los Angeles Times reported that “Shortly after UCLA doctors told Fawcett that her cancer had returned - and before she had told her son and closest friends - the Enquirer posted the news...” (2008). And Ornstein adds that “The Times reported last month that UCLA was in the process of firing 13 employees and disciplining 12 others for improperly accessing (Britney) Spears' electronic records...”
In October 2009, Actor John Travolta testified that a “Bahamas paramedic threatened to sell stories to the news media suggesting the movie star was at fault in the death of his 16-year-old son” (McCartney, 2009). This is another example of a healthcare provider violating patient confidentiality. Medical facilities are increasing the penalties for invasion of patient privacy in response to such breaches.
Harsher Penalties
California is enacting two laws that “include provisions that assess civil penalties of up to $250,000 on individuals or entities that improperly disclose private medical information” (Lerner, 2008). Legislators hope that these laws will “…deter the kinds of privacy breaches that have recently dogged some California hospitals…State public health authorities in July released findings that more than 60 employees at the UCLA Medical Center improperly accessed patient records, and at least one former employee sold celebrity medical records to news outlets” (Lerner).
The list of victimized celebrities could continue, but the point of emphasizing these incidents is to dramatize and demonstrate the type of damage that can result when patient privacy is not maintained. Maintaining patient confidentiality is not just an administrative requirement; patients can be deeply affected by an invasion of privacy.
Patient Right to Privacy
Tabloid magazines are often willing to pay thousands of dollars for privileged information. Accordingly, healthcare providers must be vigilant and avoid divulging information about a client’s condition- celebrity or not. Healthcare providers also must be cautious when answering the phone or conversing in a public setting. Although HIPAA mostly applies to electronic records, the same principles apply in all healthcare settings.
HIPAA Warning
A HIPAA fact sheet published by the United States Department of Labor warns that “information about your physical and mental health will almost certainly end up in data files. Your records may be seen by hundreds of strangers who work in healthcare, the insurance industry, and a host of businesses associated with medical organizations…your private medical information is now a valuable commodity..." (2009). Healthcare providers are responsible for safeguarding this information.
Although personal healthcare information may be shared with certain agencies such as law enforcement or pharmaceutical agencies, dissemination of information is generally limited to a “need to know” basis, and state laws are being implemented to increase the penalties for violating patient/client healthcare privacy. The client who receives medical care should be confident that his or her privacy is maintained (Note: the patient is entitled to view his or her own medical record).
Suing for Breach of Privacy
Unfortunately, the patient or client who suffers a breach of privacy has little recourse. The Privacy Rights Clearinghouse has a factsheet entitled “HIPAA Basics, Medical Privacy” that lists resources and patient privacy rights. According to the factsheet, “You have no right to sue under HIPAA for violations of your privacy.”
The HIPAA factsheet says that “…Only the HHS (Health and Human Services) or the U.S. Department of Justice has the authority to file an action for violations of the Privacy Rule….However, you may be able to sue under state law using the HIPAA Privacy Rule to establish the appropriate standard of care.” The individual who elects to pursue a lawsuit should consult a lawyer and review applicable state laws.
HIPAA has two main purposes: to maintain the confidentiality of patient health records and to ensure that health insurance is portable. Healthcare providers are responsible for ensuring that private information of patients remains private. Various agencies find such information valuable, and the patient’s private health information must be protected.
References
Factsheet. (2004). The health insurance portability and accountability act. United States Department of Labor.
HIPAA law explained. (n.d.). Charlotte-Mecklenburg School. CMS.
HIPAA basics, medical privacy. (updated 2009). PrivacyRights.Org
McCartney, J. (2009). Travolta testifies Bahamas medic threatened him. Associated Press.
Lerner, N. (2008). HIPAA compliance strategies. Health Plan Facts, Trends, and Data. Health Business Daily. AIS.com
Ornstein, C. (2008). UCLA staffer looked through Farrah Fawcett's medical records. Los Angeles Times. April 3 Issue.
Privacy of Communication
|
Confidentiality of Electronic Records
|
Keeping Patient Records Private
|
What do you think about this article?
More in Business & Finance
Latest Articles