The law protecting patients’ rights and privacy known as Health Insurance Probability and Accountability (HIPPA) was enacted and signed into law by President Bill Clinton in 1996. HIPPA is created to help protect patients’ medical records and personal health records nationwide in addition to keeping all medical information confidential. Documents are filed and stored, but with technology evolving documents are stored in data files creating a system for physicians to retrieve and control patients’ information. Recently e-filing has been a concerning issue for patients.
Patients are weary of their information being universally available to anyone having access to the internet and intelligent enough to breach or hack medical records. Mishandling patient privacy is high; therefore it is very important that hospitals have a system to protect files from being released to unauthorized personnel and the public. This is when the Health Insurance Portability and Accountability Act come into effect. HIPPA sets a standard for electronic transfers of health data and should be handled according to the law. The law deals with privacy, information standards, data integrity, confidentiality, and data security.
With details shared between physicians and patients and should strictly be confidential verbally as well as electronically. With personal health data evolving it has become a concern with the public having access to those records online, cell phones, or memory cards. The thought of viewing private information by a click of a button required rules and regulations to be enforced. A breach in data information at the Stanford Hospital in Palo Alto, California appeared to the public on a website in 2010 and stayed on the website for nearly a year before the discovery of the breach was identified.
The hospital confirmed 20,000 emergency room patients from March 1, to August 31, 2009 were exposed. The information included names, account numbers, admission and discharge dates, account numbers, and billing charges (Sack, 2011). The discovery of the breach took place in September 2011 and since the discovery the hospital has been under investigation. The billing contractor identified as Multi-Specialty Collection Services, which is a subsidiary of Texican, a healthcare facility management vendor disclosed a detailed spreadsheet to a website called Student of Fortune.
Students use the Student of Fortune for assistance with their schoolwork. Gary Migdol, a spokesman for Stanford Hospital and Clinics, indicated that the spreadsheet first appeared on the site on September 9, 2010, as an attachment to a question about how to convert the data into a bar graph (Sack, 2011). The data remained publicly available without detection by Stanford for a long duration of time. Medical security breaches are not uncommon although identifying the breach and reporting the occurrence is a rule that must be complied.
Under federal stimulus laws healthcare organizations are required to publicly disclose data breaches in a timely manner and inform the patient of the breach as soon as possible to raise awareness to the patient of the possibility of their personal medical information being accessed by unauthorized persons. A patient of Stanford hospital discovered the breach and reported it to the hospital on August 22, 2011. Four days later the chief privacy officer Diane Meyer notified affected patients of the breach. Diane Dobson, of Santa Clara, California is one of thousands to be notified of her son’s name appearing on the website.
Meyer’s 21-year-old son received emergency psychiatric treatment in 2009; Diane states that it could have been disastrous if her son had learned that his name was linked to a mental health diagnosis (Sack, 2011). “My son, I can tell you, is fragile and confused enough that this would have sent him over the edge,” Ms. Dobson said, saying she decided to speak publicly now because of her frustration with the breach. “Everyone with an electronic medical record is at risk, and that means everyone” (Diane Dobson 2011).
Aggressive steps were taken by Stanford Hospital to remove the website postings and the website and removed the posting of the spreadsheet the next day. State and federal agencies were notified and the government required public reporting of the breach. Stanford Hospital suspended its relationship with the contractor along with receiving a written certification that previous files would be destroyed and returned securely. Different laws and government agencies regulate financial data and heath information. As hospitals continue to strengthen and secure patients medical information, laws should also tighten up on the agencies providing the services to the hospitals.
Given the circumstances of the breach regarding a patient’s personal medical information, it can be concluded that proper protocol was not administered to prevent the breaching of online medical records. I believe it is the hospital’s duty as well as the contractor to provide maximum security to any and all things electronically uploaded from the hospitals data base. All patients have the right and are to be respected regarding their personal information without having to worry of a breach of hacking from an outside source.
Technological information such as: identification, social security, financial information, and even medical records are expected to be protected on all occasion’s patients and physicians ethically and legally depend on the hospital to provide maximum security. In regards to confidentiality the provider is ethically and morally responsible to keep all such things protected for the patient at all times during the duration of time in which they spend in the hospital and doctors’ office as well as throughout a lifetime of medical history.
In any such situation it is the responsibility of the hospital to keep all information confidential, but is also the risk of the patient willing to take as giving their consent to have their medical information accessible electronically. Since technology is rapidly advancing, everything electronically (including medical records and personal identification information) is at risk and can be accessed by the general public.
It is the responsibility for the hospitals to keep all information confidential between themselves and their patients. Although it is equally responsible for the patient to understand that electronic based information storage is at high risk of being breached and any given moment. Medical records, identification, diagnosis codes, etc. become vulnerable to hackers and the possibility of being breached as soon as they are uploaded and stored on a hospital database.
It is important to take into consideration that any information technologically stored is somewhat unprotected if not defended by a proper security system provided by the hospital and database company and contractor. References Hader, A. , & Brown, E. (2010). LEGAL BRIEFS. Patient Privacy and Social Media. AANA Journal, 78(4), 270-274. Retrieved from EBSCOhost. Love, V. D. (2011). Privacy Ethics in Health Care. Journal of Health Care Compliance, 13(4), 15-57. Retrieved from EBSCOhost. Sack, K. (2011, September 9). Medical Data Of Thousands Posted Online… New York Times, pp. 1-2.