With the increase of health information technology used to store and access patient information, the likelihood of security breaches has also risen. In fact, according to the Canadian Medical Association Journal (CMAJ):
In the United States, there was a whopping 97% increase in the number of health records breached from 2010 to 2011… The number of patient records accessed in each breach has also increased substantially, from 26,968 (in 2010) to 49,394 (in 2011). Since August 2009, when the US government regulated that any breach affecting more than 500 patients be publicly disclosed, a total of 385 breaches, involving more than 19 million records, have been reported to the Department of Health and Human Services.
A large portion of those breaches, 39%, occurred because of a lost, stolen, or otherwise compromised portable electronic device—a problem that will likely only get worse as iPads, smartphones, and other gadgets become more common in hospitals. (CMAJ, 2012, p. E215).
Consider your own experiences. Does your organization use portable electronic devices? What safeguards are in place to ensure the security of data and patient information? For this Discussion you consider ethical and security issues surrounding the protection of digital health information.
- Review the Learning Resources dealing with the security of digital health care information. Reflect on your own organization or one with which you are familiar, and think about how health information stored electronically is protected.
- Consider the nurse’s responsibility to ensure the protection of patient information. What strategies can you use?
- Reflect on ethical issues that are likely to arise with the increased access to newer, smaller, and more powerful technology tools.
- Consider strategies that can be implemented to ensure that the use of HIT contributes to an overall culture of safety.
- Ask a probing question, substantiated with additional background information, evidence or research.
- Share an insight from having read your colleagues’ postings, synthesizing the information to provide new perspectives.
- Offer and support an alternative perspective using readings from the classroom or from your own research in the Walden Library.
- Validate an idea with your own experience and additional research.
- Make a suggestion based on additional evidence drawn from readings or after synthesizing multiple postings.
- Expand on your colleagues’ postings by providing additional insights or contrasting perspectives based on readings and evidence.
Nursing Responsibility to Protect Patient Information
Office of the National Coordinator for Health Information Technology (ONC) developed a framework to address privacy and security challenges online related to health information (Brown, 2009). The eight principles are (1) individual access; (2) correction; (3) openness and transparency; (4) individual choice; (5) collection, use, and disclosure limitation; (6) data quality and integrity; (7) safeguards; and (8) accountability (Brown, 2009).
The first four principles describe an individual’s rights regarding the accessibility, disclosure about how their information is collected and treatment of their personal health information.
The last four principles suggest measures ensure an individual’s health information is protected. Data should be accurate and not changed without authorization, information that is transmitted electronically should implement reasonable administrative, technical, and physical safeguards to ensure confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use or disclosure (Brown, 2009). There should also be auditing policies in place to ensure the principles are being followed to prevent any breaches.
HIT has made it more difficult to protect patient privacy
Protecting patient’s privacy is more difficult with HIT, particularly with the utilization of the internet to ensure real-time information is available to all departments, for example, in emergency medicine, orders need to be completed on an emergent basis. The radiology department needs to be able to access orders and records in real-time to know which procedure to perform. Through communication tools, electronic ordering, decision support features, and data management, EHR systems will guide many aspects of patient care. Treatment success will often depend on their proper functioning (Hoffman & Podgurski, 2011).
Security and ethical issues related to the use of smartphone and tablets are related to the type of information that is shared in some instances by healthcare workers. In my organization, we are cautioned in orientation to be careful what we post about patients at our facilities. McGonigle, & Mastrian, (2015, p. 70) as cited in Englund, Chappy, Jambunathan, & Gohdes, (2012, p. 244), comment above all, nurses must be mindful that once communication is written and posted on the internet, there is no way to retract what was written; it is a permanent record that can be tracked, even if the post id deleted. In my organization strategies to safeguard patient information that promotes a culture of safety is by not only monitoring our computer workstations but holding educational workshops on ways to protect patient privacy. In my facility since everything we do is virtual, anyone who enters our building needs to sign a privacy and confidentially statement. The strategies in place instill confidence by our patients that we take their privacy seriously.
An area of improvement in my facility is with the way our workstations are configured. As I work for our Virtual Care Center, our workstations are just computers and six screens, with what is called a “privacy sail” that we can move. This sail is okay for some of the work that is done at our facility where nurses are monitoring ventilators or monitors, however for my department which is Case Management; we are talking to patients all day long, and conversations carry. Those conversations are heard by everyone in the department. One strategy to address this issue would be to move our department to the third floor, which has not yet been completed, with more of a cubical arrangement instead of open workstations.
Brown, B. (2009). Improving the Privacy and Security of Personal Health Records. Journal Of Health Care Compliance, 11(2), 39-68.
Brown, S. M., Aboumatar, H. J., Francis, L., Halamka, J., Rozenblum, R., Rubin, E., & … Sarnoff Lee, B. (2016). Balancing digital information-sharing and patient privacy when engaging families in the intensive care unit. Journal Of The American Medical Informatics Association, 23(5), 995-1000. doi:10.1093/jamia/ocv182
Hoffman, S., & Podgurski, A. (2011). Meaningful Use and Certification of Health Information Technology: What about Safety?. Journal Of Law, Medicine & Ethics, 3977-80. doi:10.1111/j.1748-720X.2011.00572.x
McGonigle, D., & Mastrian, K. G. (2015). Nursing informatics and the foundation of knowledge (3rd ed.). Burlington, MA: Jones and Bartlett Learning.