Introduction to Health Information Management Week 3 Lecture 2
Who Needs to Know What?
An important part of this weeks content is privacy and confidentiality. There are multiple aspects to these two words when applied to healthcare records. Security pops its head in there as well, but that is for another week. Ideally, as you explore this weeks content; software applications, parts of the EHR, interoperability, user interface, and much more, you will keep in mind that behind each aspect is the need not only for the software to work as intended, gather data, share data, but also to make that data secure.
Every patient has the right to expect their Personal Health Information (PHI) to remain private and confidential. This begins with you. During a career in healthcare you will stop yourself from unwittingly revealing someone elses PHI. It is so easy to have happen.
ท Nurse Suzy after leaving work posted on Social Media that she had the most difficult code that evening and described in detail aspects of it, which ended in the patients death. She used no names and thought it was fine. However, the name of her hospital was visible from the video and the time could be estimated by the fact she said left after it happened. Family was made aware, watched the video, listened to the description, knew it was their loved one, and were distraught. After lodging a formal complaint to the CNO, Nurse Suzy was terminated.
ท Lab tech student Eric, during a hospital clinical accessed his own record. He was also an employee while attending school and had been waiting for the results of some lab. His instructor was contacted the next morning, directed that Eric be suspended immediately from clinical, would not be able to be a student in the hospital, and was suspended from his hospital position.
These are true stories and I could tell you hundreds more. The rules seem clear, but they are violated regularly, thus violating the patients right to privacy and confidentiality:
ุ Do not access parts of the EHR that you do not need. If you do not have a need to know to perform your duties, you may not look.
ุ Never give PHI information to someone else without the patients express, written permission.
ุ Never access your own PHI outside of the organizational policy.
ุ Always follow policies regarding secure sign-in, logging off, changing passwords, prepare for phishing scams, never sharing passwords, and securing any equipment removed from the property
Privacy rights for the PHI is secured by a variety of federal and state Regulatory, legal, and statutes.
It is also secured by the AHIMA HIM Code of Ethics:
AHIMA Code of Ethics: Preamble
The ethical obligations of the health information management (HIM) professional include the safeguarding of privacy and security of health information; appropriate disclosure of health information; development, use, and maintenance of health information systems and health information; and ensuring the accessibility and integrity of health information.
Healthcare consumers are increasingly concerned about security and the potential loss of privacy and the inability to control how their personal health information is used and disclosed. Core health information issues include what information should be collected, how the information should be managed, who should have access to the information, under what conditions the information should be disclosed, how the information is retained, when it is no longer needed, and how is it disposed of in a confidential manner. All of the core health information issues are addressed in compliance with state and federal regulations, and employer policies and procedures.
Ethical obligations are central to the professional's responsibility, regardless of the employment site or the method of collection, storage, and security of health information. In addition, sensitive information (e.g., genetic, adoption, substance use, sexual health, and behavioral information) requires special attention to prevent misuse. In the world of business and interactions with consumers, expertise in the protection of information is required.
If you remember and practice ONE bit of information from this lecture it is to obtain and FOLLOW the specific policies and procedures around the EHR and PHI at your place of employment.
