Is patient privacy at risk when it comes to electronic medical records?
The healthcare industry is constantly changing, specifically when it comes to the protection of patient information and patient privacy. All hospitals and institutions have strict regulations and policies on HIPAA. Medical records can include patient’s date of birth, social security numbers, and complete medical history from birth to death. Most employees must have usernames and passwords to access these records. Patients are led to believe that confidentiality still exists but they are not aware that their information is accessed and used to determine various situations. Some companies and hospitals may make it public when a breach in the system or network has occurred, …show more content…
Truth is every diagnoses, medication, and conversation is noted in a electronic medical record and can be viewed by other people besides the doctor. “I thought I had protection under HIPAA” (Avila & Marshall, 2012) Patients expect their information to remain private and to be protected by HIPAA, but has the realm of protection changed? The HIPAA Privacy Rule states “The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information” (Summary of the HIPAA, 2002) This rule includes all identifiable information such as social security numbers, date of birth, and name. The Privacy Rule for de-identified information has no restriction “There are no restrictions on the use or disclosure of de-identified health information.14 De-identified health information neither identifies nor provides a reasonable basis to identify an individual.”(Summary of the HIPAA, 2002) Author Sweeney suggest that “the remaining data can often be used to re-identify individuals by linking or matching the data to other databases or by looking a unique characteristics found in the fields and records of the database itself” (Sweeney, 1997, p.51) In short patients are protected and can choose to opt out of …show more content…
Author Conlan presents the term data extraction and gives background information on how software companies extract data from pharmacies network. “The practice is called data extraction. Typically, a pharmacy's software company, while on-line with the pharmacy's computer to do price updates, will take out what it assures is non-patient-specific information.” (Conlan, 1995, p. 52). This example can be considered a data breach if the patient information becomes re-identified and traced back to the pharmacy. According to the Privacy Right Clearinghouse many states have laws that focus on data breaches. They also keep track of the total amount of breaches and breaches made public. Below is a graph that shows the total number of data breaches made public in 2013 and 2014. This is not the total number of breaches for the two years, just the total that were made
The healthcare industry is constantly changing, specifically when it comes to the protection of patient information and patient privacy. All hospitals and institutions have strict regulations and policies on HIPAA. Medical records can include patient’s date of birth, social security numbers, and complete medical history from birth to death. Most employees must have usernames and passwords to access these records. Patients are led to believe that confidentiality still exists but they are not aware that their information is accessed and used to determine various situations. Some companies and hospitals may make it public when a breach in the system or network has occurred, …show more content…
Truth is every diagnoses, medication, and conversation is noted in a electronic medical record and can be viewed by other people besides the doctor. “I thought I had protection under HIPAA” (Avila & Marshall, 2012) Patients expect their information to remain private and to be protected by HIPAA, but has the realm of protection changed? The HIPAA Privacy Rule states “The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information” (Summary of the HIPAA, 2002) This rule includes all identifiable information such as social security numbers, date of birth, and name. The Privacy Rule for de-identified information has no restriction “There are no restrictions on the use or disclosure of de-identified health information.14 De-identified health information neither identifies nor provides a reasonable basis to identify an individual.”(Summary of the HIPAA, 2002) Author Sweeney suggest that “the remaining data can often be used to re-identify individuals by linking or matching the data to other databases or by looking a unique characteristics found in the fields and records of the database itself” (Sweeney, 1997, p.51) In short patients are protected and can choose to opt out of …show more content…
Author Conlan presents the term data extraction and gives background information on how software companies extract data from pharmacies network. “The practice is called data extraction. Typically, a pharmacy's software company, while on-line with the pharmacy's computer to do price updates, will take out what it assures is non-patient-specific information.” (Conlan, 1995, p. 52). This example can be considered a data breach if the patient information becomes re-identified and traced back to the pharmacy. According to the Privacy Right Clearinghouse many states have laws that focus on data breaches. They also keep track of the total amount of breaches and breaches made public. Below is a graph that shows the total number of data breaches made public in 2013 and 2014. This is not the total number of breaches for the two years, just the total that were made