There are concerns regarding the protection of personally identifiable information which are not unique to the health care industry. This is because the consumers view regarding their privacy starts with their medical records to financial data or information. It means that involuntary disclosure of such information by a health practitioner can affect their job or even their health or insurance status. This is because the law has to say much regarding personal decision making. It has given people the legal right to make various health decisions that may help save their lives. Most often policies are set to safeguard the patient’s rights to privacy especially those who are vulnerable to discrimination in the society. It is also a way to ensure that people do not lose control of their lives because of what is happening to them. The Health Insurance Portability and Accountability Act of 1996(HIPPA) was responsible for setting the standards that are being used to ensure that all health institutions adhere to privacy regulations without failure. Every patient in the current health care system encounters multiple ethical and legal issues (Kass & Natowicz, 2003). It means that health care providers who are not aware of the ways in which they can appropriately deal with the legal and ethical rules in regards to the ways in which they deal with patients are at a great disadvantage. It is therefore important for every health care institution to work out guidelines and rules that would enable them to keep the privacy rights of the patients without any information leakage. This article looks at the unique privacy issues that are facing healthcare institutions and the practitioners on a daily basis.
Over the last few years, the world has experienced dramatic technological advancement that has made it easy for people to acquire information about a person. The health care sector also took advantage of the new technologies to use in their health sectors to enhance operations. The electronics and the computers have made it easy for them to capture, transfer, distribute and store health information from one person to another. The computers through the use of internet have also made it possible for all the information about patients to be distributed across various departments in the hospital. It is just a matter of click to acquire all the information that they need. However, with the rise of new technology, there has been complains of privacy breech and security issues in the hospitals whereby information about a patient was distributed minus their consent. This involves breach of confidentiality and private information that can sometimes lead to discrimination in the society.
Several studies have found that in the health care industry, the matters of security and privacy are not unique as expected in other industries such as the financial sectors (Carson, 2001). The banks together with credit cards companies are in the upfront in developing protections of their customer’s personal information that could lead to their money being lost. However, the consumer health is more important compared to their bank account statement which they share with the third parties. There are some patients who come to hospitals with various chronic conditions such as HIV/AIDs or cancer. It means that they are more vulnerable and needs protection of their health information because sometimes the disclosure of these details can cause them to lose their jobs.
The advancement in gene research has made people to be concerned regarding disclosure of their personal genetic information. A good example was the case of Terri Seargent which took place in North Carolina whereby the health institution concerned had to fire the person from work because of their genetic disclosure (Pace, Staton & olcomb, 2005). This is one way in which health institutions are trying to deal with issues of securities and to ensure that they maintain ethical standards of operations all through regardless of the technological advancement.
On the other hand, just like banks, health care institutions are working hard to set passwords which can only be accessed by the health workers. It is the best way in which they can keep the client’s information a secret and maintain high level of privacy in the work place (Kass & Natowicz, 2003). The aim of this paper is to analyze the privacy rights of every patient in the health care institutions and the ways in which those rights were historically development plus the case studies that currently exist are proof of their availability.
What the privacy rights entails
The Privacy rule according to the health care institutions involves protecting health information that has been received by the entity. It is their right to cover all the information and protect it to the best of their will to avoid the third party from having access to it. There is personally identifiable health information which comprise of information such as demographics that relates to the patient’s past, future or present physical or emotional health (Hodge, 2005). This information is always required by every institution especially when a person is suffering from critical conditions that the health practitioners have to get reference to them to know the history of the patient. In this regard, the right to privacy is always breached because the information has to be shared to the third party for proper treatment to be conducted. This does not mean that the health care institutions are performing in an illegal manner; it means that they are doing their best to ensure that the patient is served properly based on their history with the illness. However, this third party is always expected to maintain high level of privacy by ensuring that the information he has is not shared to everyone across the hospital. It is important to know that the privacy rule do not involve protection of identifiable health information that is maintained or held by a particular health institution.
The US Constitution does not comprise of right to privacy. It means that the issue of privacy is not specifically identified in the constitution. However, the Bill of Rights reflects some aspects of health care privacy that can be used to make argument of breach of legality in case someone’s information is shared with a third party without their consent. In the Ninth Amendment, there is justification of protection of privacy in ways that are not specifically identified in the other first eight amendments. However, as early as the early 1923, the Supreme Court had made decisions to persecute anyone who did not adhere to the privacy rights of an individual. They use the liberty that is offered in the Fourteenth Amendment to persecute anyone who does not respect other people’s right to privacy.
In the constitutional law, privacy is mentioned as the right of an individual to make decisions that are personal regarding intimate matters and decides whom they share it with in the family. However, according to the common law, people have the right to live and lead their lives in the ways that is reasonable away from public scrutiny. It means that any scrutiny from the public is considered as breach of privacy rights which can be charged in the courts of law.
In the year 1890, Louis d. Brandeis and Samuel D. Warren published an article titled The Right to Privacy that contained all the common laws regarding privacy. During this period, the US courts had not taken into consideration or even recognized legal right to privacy (Hodge, 2005). However, it became the starting point for change because after the publication, the letter was approved by many law institutions and it was being used in the courts to rely on whenever privacy issues arose. The guidelines in the article would be used to determine whether a person breached personal privacy or not.
In 1928, a case between Olmstead v. United states, 277 US. 438, the then Supreme Court judge Brandeis articulated the privacy right in the constitution and describing it as the most valued and comprehensive right which is worthy of civilized people. From then, the privacy right gradually evolved across the world. Currently, every jurisdiction in the nation recognizes the constitutional, statutory and common law regarding privacy.
In the year 1996, the Health Insurance Portability and Accountability Act (HIPPA) was passed by the jurisdiction. This act governed the licensing of all the health institutions, regulated their practices and also governed the disclosure and use of health information. However, the state laws were different in protection, coverage and complexity of the health data. This is the reason the Congress decided to pass the Health Insurance Portability and Accountability Act to ensure that the safety of the patient was maintained while at the same time privacy in regards to keeping of the records in a standardized manner was also maintained by all health care providers (IOM, 2006). The act was created as a way to ensure that health safety is met by every individual offering health services while at the same time ensuring that they keep the patient’s privacy rights.
It is important to note that in the year 1999, in the absence of congress, HIPAA together with the Department of the Health and Human Services came up with national standards for financial electronic data transactions and also administration (IOM, 2000). This would enable the health care institutions to transact and share health information for the purposes of administration while at the same time maintaining high levels of patient privacy. The act was mandated to develop the regulations that would secure and protect the privacy of individual’s health information that is transmitted in various formats especially electronically. In this way, the privacy rights of the patient were still highly maintained. The act ensured that there was a national provider and employer identifier plus a secure electronic signature that would be used to trace any malicious acts of privacy breach by a health institution (Nass, 2009). This has been the best way to keep most health care organization at check especially whether they are adhering to the required legal standards or not.
The DHHS was expected to publish the HIPAA privacy rule in the year 1999 in the absence of the congressional action. The final rule was accepted and proved in February of 2000. The HIPAA rules of privacy were released in the Federal Register to make them legal for use in the future cases. Several studies have found that there were delays as a result of errors but they were resolved by the DHHS secretary, Tommy Thompson who also aided in the publication of the privacy rights in the year 2001 making it a legal entity (Farmer & Godard, 2007).
The HIPPA privacy rules cover health plans which include insurers, federal health programs, and the managed care organizations. It also covers the health care providers who directly are engaged in arranging and sampling of patient information in the electronic data such as computer which they then transmit for healthcare claims, remittance, benefit information and payment details (Hodge and Gostin, 2004). Lastly, it also covers the health clearinghouses whereby the data is unified in a standard format for any cases of referrals. They ensure that the information regarding the patient is handed to the right person to avoid breach of privacy.
There is an underlying case in Corning New York titled Doe v. Guthrie Clinic Ltd which took place on 25th March, 2013 whereby an employed nurse working at Guthrie Clinic Steuben sent a text to the patient’s girlfriend after learning that he had sexually transmitted disease. The nurse was the sister-in-law to the patient’s girlfriend and because of their relation, she decided to forget about work ethics and reveal the condition of the patient without his consent. The patient known as John Doe called the clinic and made complains and later sued the clinic for privacy breach. The clinic had terminated the nurse’s employment, but the case is still under review in court because they had breached their responsibility of protecting and keeping health care confidential information of a patient (Dexcomm, 2013).
In another case titled Walgreen Co. v. Hinchy, which took place on 14th November 2014 an Indiana an appellate court has fined a pharmacy employee who was using company equipments to have access to the patient’s prescription records. The case was considered as breach of privacy because the nurse was using the data for personal reasons by divulging the information she had acquired to send an ex-boyfriend. Her aim was to use the data to find information about the history of the plaintiff in case he was suffering from a venereal disease. The employee was found guilty for breach of privacy and is awaiting trial.
Another case is in the Florida court titled AvMedHealth v. Curry and Moore on 16th November 2010 whereby a lawsuit was filed for breach of health information data. Unencrypted laptops had been stolen from a corporate office which comprised of data of about 1.2 million members of health plan. The case is awaiting trial for health data breach. This is because the victim health information is not protected and now that the devices have been stolen, it exposes them to vulnerability. The insurance company is to be charged huge fines for their negligence while the medical practitioners pay secondary costs.
In a case titled Byrne v. Avery Center for Obstetrics and Gynecology which took place on 12th March 2013 involved disclosure of patient’s medical records by a hospital. The hospital did not inform the plaintiff regarding the subpoena, files thus had to appear in court for breach of information to answer a suit that had been set against them. The courts also found that the hospital did not meet the HIPPA standards of privacy.
There is another case in Texas titled MD Anderson Cancer Center v. State which took place on 9th September 2014 involving electronic device which was stolen from a home facility where one of the employees was keeping the laptop. The laptop contained information about patient’s names, their social security numbers, medical records, and treatments. About 30, 000 patient’s information was in the laptop which means that their information is breeched. The court found the hospital guilty of privacy breach claiming that they could have used encryption to make the laptop less accessible by unauthorized person or for them to retrieve any data but this did not happen thus they will be charged for breach of information.
In conclusion, matters regarding privacy are highly valued and land a person or health care institution in problem in case there is evidence of breach. It is the role of every health care organization to ensure that their patient’s privacy is well maintained while at the same time their medical practitioners are informed of the penalties for breach of information. On the other hand, most companies have resorted in use of passwords to protect patient information by ensuring that only the right people have access to them.
Carson, A. (2001).That’s another story: narrative methods and ethical practice. J Med Ethics 27, 198–202.
Dexcomm (2013). IPPA case study: Privacy breach, identity theft and fraudulent checks. Dexcomm.com. Retrieved http://www.dexcomm.com/category/hippa-preparedness/case-study/
Farmer, Y & Godard. B. (2007). Public health genomics (PHG): From scientific considerations to ethical integration. Genomics, Society and Policy 23, 14–27.
Hodge, J. (2005). An enhanced approach to distinguishing public health practice and human subjects research. Journal of Law, Medicine & Ethics 33(1), 125–141.
Hodge, J. and Gostin, L. (2004). Public health practice vs. Research: A report for publichealth practitioners including cases and guidance for making distinctions. Atlanta, GA: Council of State and Territorial Epidemiologists.
IOM (2000). Protecting data privacy in health services research. Washington, DC: National Academy Press.
IOM. (2006).Effect of the HIPAA Privacy Rule on health research: Proceedings of a workshop presented to the National Cancer Policy Forum. Washington, DC: The National Academies Press.
Kass, NE. & Natowicz, MR (2003).The use of medical records in research: What do patients want? Journal of Law, Medicine & Ethics 31:429–433
Nass, SJ. (2009). Beyond the HIPPA privacy rule: Enhancing privacy, improving health through research. New York: The National Academic Press.
Pace, WD, Staton EW, & olcomb, S. (2005). Practice-based research network studies in the age of HIPAA. Annals of Family Medicine 3, 38-45.