Ethical and security issues of HIT
ETHICAL AND SECURITY ISSUES OF HIT 5
Ethical and security issues of HIT
It is the responsibility of the nurse to protect their patient at all times and to be their advocate. This includes defending their right to privacy, safety, comfort and dignity. Breaching a patient’s confidentiality and or privacy can endanger many aspects of their life. HIT has streamlined access of patient’s records and made them readily accessible. Immediate access to information can save a patient’s life. HIT has helped bridge the communication gap that previously existed between various medical related disciplines through rapid information exchange (Goldstein, 2014). This has worked for the benefit of the patient. The problem that HIT created via its existence is the threat that a patient’s EHR will be breached. Not so long ago, a patient’s information could only be located in their chart. Their information was on paper. Once that patient was discharged, it was the responsibility of the ward clerk to break down the chart and take it to medical records, where it would be transferred onto a microfiche. The paper files would be kept tucked away in a vast library with the medical records department. As files aged, they would be boxed and taken to a warehouse. If someone wanted a patient’s information, they would have to gain access via personal contact, or subterfuge. They may be able to carry one box, and that one box could contain only 1 patient’s hospital records. Nowadays, if a computer hacker in China had a buyer in India, who was willing to pay $20,000.00 for 100,000 patient records, the hacker would be able to access a vulnerable hospitals mainframe and obtain all the patient data (Williams, 2013).
Therefore, in today’s society, it is harder to keep a patient’s information safe.
Related Issues to the Use of Portable Devices
RTI International ™ has contracted with 33 states to form the Health Information Security and Privacy Collaboration. The main goals of this organization are to identify best practices for protecting patients’ information and keeping it secure. Identifying and structuring rules and regulations for the safe handling of EHR are pivotal for all health care organizations. The goal of the consortium of states is to solidify a common ground from which to further develop technological safeguards. Ethical issues of whom may access HIT and for what reasons is a crucial point in determining what constitute a breach of confidentiality or privacy. The complex matrix of encryption software that some small hospitals use is more than some governments in third world countries can even afford. Many times physicians will use the computer that a nurse is logged into to access a patient record without logging the nurse out. Therefore, from the perspective of the IT department, the nurse committed a breach of patient privacy. Safeguards must be in place and enforced by everyone for the system to work.
Assessing the strategies
Strategies that our hospital uses to help prevent HIT misuse are the following; everyone must log out when walking away from their portable computers, if even for a moment, passwords must be changed every two weeks, nurses and health care providers must be aware suspicious activity, codes are staff specific and cannot be shared, and all physicians are required to use their specific code to access any hospital computer. Adhering to these protocols promotes a culture of safety (Barlow, 2015). Hospital employees are told not to access any other site outside their network. IT has begun to enforce these rules due to the amount of spam and potential viruses that are inadvertently being downloaded by employees surfing the web.
Areas of improvement
The areas of improvement that should be addressed in keeping HIT information safe would be to remind or penalize physicians when attempting to use a computer which someone is already logged into. Physician’s can be pushy at times, especially if they have forgotten their own code. The nurse should be reminded to alert the physician to call the IT department for assistance. Protecting a patient’s EHR is the duty of everyone in the hospital who has access to the computers (McGonigie & Mastrian, 2012). Mandatory meetings, addressing the importance of HIT protection, would reinforce the need for employees to take a more proactive stand.
Summary
In closing, it is not hard to see the fragility of even the most robust protection software. Electrons are packets of energy piggybacking bytes of information that is being sent and received from satellites, radio-frequency and fiber optic cables all over the world. Rules and statues are going to be in a constant dynamic flux as long as technology continues to develop. This is why it is so crucial that each health care provider act with discretion and caution when using HIT.
References
Barlow, R. D. (2015). Horizon-scanning around HIPAA, HITECH [Magazine]. Health Management Technology, 36(6), 8-11. Retrieved from http://web.b.ebscohost.com.ezp.waldenulibrary.org/ehost/detail/detail?vid=3&sid=13c13ee5-d221-41d0-af70-1be1ca12ebe5%40sessionmgr111&hid=123&bdata=JnNjb3BlPXNpdGU%3d#AN=2013034601&db=rzh
Goldstein, M. M. (2014). Health information privacy and health information technology in the US correctional setting [Magazine]. Journal Of Public Health, 104(5), 803-809. http://dx.doi.org/10.2105/AJPH.2013.301845
McGonigie, D., & Mastrian, K. G. (2012). Nursing science and the foundation of knowledge. In A. Harvey, & S. Bempkins (Eds.), Nursing informatics and the foundation of knowledge, pp. 1-15). 5 Wall St. Burlington, MA 01803: Jones & Bartlett Learning.
Williams, P. H. (2013). Does the PCEHR mean a new paradigm for information security? Implications for health information management [Health Information Management Journal]. Health Information Management Journal, 42(2), 31-36. http://dx.doi.org/10.12826/18333575.2013.007.