Patient Privacy Essay Paper
For this Assignment, review the following from this week’s Resources:
• Resources on the HIPAA Privacy and Security Rules
• Resources on privacy and security and the use of mobile devices in patient care
• Privacy and Confidentiality Scenario
As you reflect on the Privacy and Confidentiality Scenario (located in this week’s Resources), consider the following points and write a 2-3-pages proposal addressing privacy issues:
• Identify the issues related to patient privacy and confidentiality in this scenario.
• Describe strategies your organization (or one with which you are familiar) might use to safeguard patient information from the use of mobile devices.
• Discuss the use of mobile devices for patient care in your organization (or one with which you are familiar) and any organizational policies related to mobile devices. Specifically, address the use of text messages to communicate patient care information and explain what happens to a message after it is sent.
• Analyze your personal strategies used to protect patient health information on mobile devices.
• Do your personal strategies adequately protect information in a patient care setting?
• Provide examples of alternate or additional methods that could be used to insure patient privacy and confidentiality is maintained.
Include a minimum of three resources from the professional nursing literature in the assigned course readings and other references in the Walden Library.
Privacy and Confidentiality Scenario
This scenario is based on a true story and due to increased ubiquitous use of mobile technology more incidents such as this will occur. Nurses must fully understand privacy and confidentiality issues and apply the information to various settings and situations to best advocate for the patient. Working in a busy cardiac cath lab provides many opportunities for possible breaches of confidentiality or privacy. Jennifer works in a cath lab and has noticed mobile technology is encroaching on patient confidentiality and privacy. A few months back they were very busy and several patients were in the holding area awaiting procedures. Jennifer’s coworker, Tim, decided to take a picture of the patients in the holding area and posted it on Facebook to show his friends how busy he was. Jennifer felt very uncomfortable about this and told Tim she really did not think that was appropriate due to the patients in the picture. She also noted the schedule board was in the picture which contained patient initials, procedures, and doctor. Tim said it was nothing, as the patients could not really be identified and pretty much told Jennifer she was being, “Miss. Perfect because she was in school.” As time went by Jennifer noticed it was becoming commonplace for techs and nurses to text information back and forth about cases to the physicians on their personal cell phones. Initials were supposed to be used, but sometimes, patient names would be added by mistake. The physicians loved the convenience and encouraged this behavior. It wasn’t long before patient scheduling via Google was the new tool. This meant all the nurses, techs, and physicians could share a common calendar on Google Calendar and view the schedule in real time. Again, patient initials were to be used and at times full names came through. Every time a patient was added to the schedule a popup on the physician’s, tech’s, and nurses’ personal phones would flash the procedure, time, and patient. Jennifer knew all this was not correct as none of the phones or tools had been approved via the Compliance Officer or Information Technology. The most difficult thing was the unit manager was in agreement with the mobile communications and Jennifer felt she had nowhere to go to stop this potential breach of patient information.
• Identify the issues related to patient privacy and confidentiality in this scenario.
• Describe strategies your organization uses to safeguard patient information from the use of mobile devices. Patient Privacy Essay Paper
• Discuss the use of mobile devices for patient care in your organization and any organizational policies related to mobile devices. Specifically address the use of text messages to communicate patient care information and explain what happens to the message after it is sent.
• Analyze your personal strategies used to protect patient health information on mobile devices.
• Do these strategies adequately protect information in your patient care setting?
HIPAA – an issue of patient privacy
There are three issues that can be seen in the scenario. Firstly, there is an issue of confidentiality that focuses on the health professionals’ obligation to hold patient information in confidence, especially when they have access to the information. The social media postings violate the confidentiality expectations. Besides that, communicating using the patients’ names rather than initials also violates confidentiality expectations. Secondly, there is an issue of privacy that concerns the patients’ right to make independent decisions on whether and how their personal information should be shared. None of the patients was consulted when the information was shared on social media. Finally, there is an issue of security that concerns that absence of protection protocols that support medical personnel in holding patient information in confidence. The facility is using Google technology which does not provide adequate protection for the information.
There are two strategies for safeguarding patient information from the use of mobile phones. The first strategy is to educate mobile personnel on the need to protect patient information and how the use of mobile phones can violate this need. The second strategy is to mobile devices use policies that punish persons who violate security expectations. Finally, implementing a breach protocol the involves containing and evaluating the scope of the breach, notifying the affected persons, conducting an investigation to identify the nuances of the breach, and remediation (Bromwich, M. & Bromwich, R., 2016)
Mobile devices have offered medical personnel new ways for carrying out professional communication, ease access to decision support, and accelerated consultations. In fact, it is not uncommon for medical personnel to communicate among themselves and with patients using text messages that communicate diagnosis, test results, care progress, make and confirm appointments, access medical records, and so on. Although mobile devices offer communication conveniences, they present some concerns with regards to breaching privacy expectations, insecure data storage, and legal liability for failing to obtain the patient’s consent. This is particularly true when the possibility of data hacking and access by a third party is considered (McGonigle & Mastrian 2018).
I implement four personal strategies to protect patient health information on mobile devices. The first strategy is authentication controls that involve locking my devices when not in use and requiring biometrics and passcodes to access secured information. The second strategy is an automatic and remote lock and wipe policy that comes into play if the device is stolen or a loose it. The fourth strategy is positional awareness whereby I only access patient information away from prying eyes so that no third party unintentionally sees the information. The final strategy involves installing regularly updated security programs that protect the device from malicious programs such as viruses as well as hackers (Maki & Petterson 2013).
I do not believe that my personal strategies offer adequate protection of patient information within the care setting. That is because these strategies still has a loophole for breaches. The loophole is that patient information is not typically encrypted. This implies that any person who can intercept the information while being transmitted will be able to view the information. This loophole can be addressed by employing encryption that prevents unauthorized persons from reading the information even if they can access it (Maki & Petterson 2013).
Other than the mentioned strategies, there are two additional strategies that can be applied. The first strategy is to implement a mobile device use policies that controls how the device is used if it contains vital information. The strategy focuses on evaluating applications. At the very least, unsecured and unapproved applications should not be used. The second strategy is to regularly update operating systems, applications and other software. The updates plug previous security vulnerabilities. The mobile device users should be informed of these updates while the more sensitive devices should include options for forced security updates (Davis & LaCour, 2016).
References
Bromwich, M. & Bromwich, R. (2016). Privacy risks when using mobile devices in health care. CMAJ, 188(12), 855-856. doi: 10.1503/cmaj.160026
Davis, N. & LaCour, M. (2016). Foundations of health information management. Amsterdam: Elsevier Health Sciences.
Maki, S. & Petterson, B. (2013). Using the electronic health record: in the health care provider practice (2nd ed.). Mason, OH: Cengage Learning.
McGonigle, D., & Mastrian, K. G. (2018). Nursing informatics and the foundation of knowledge (4th ed.). Burlington, MA: Jones and Bartlett Learning. Patient Privacy Essay Paper