Posted: November 27th, 2013
Confidentiality in Allied Health
Should corrections be date and time stamped?
All corrections should be time and date stamped (AMA #1). The correction should be made by adding an addendum to the electronic record (AMA #5). This is to enable the concerned health departments to have proper documentation of the patients’ records. This also enables the persons responsible of doing the corrections have a good explanation to the patient or any other inquiring body (legally and ethically accepted to do so), on when and why the corrections were made. The name of the person responsible for making the correction should also be recorded.
When should a patient be advised of the existence of computerized databases containing medical information about the patient?
The patient should be advised about the existence of these databases before the data is transferred there (AMA #2). This is done so in order to obtain the patient’s consent of going ahead with the medical procedure. In telling the patient about the existence of these databases, the patients’ rights to privacy and confidentiality are carried out. This makes the patient aware of what is going on as he/she undertakes the treatment. The American recovery and Reinvestment Act bars doctors from or other concerned entities from selling the patients’ information without the consent of the patients (Kennedy 50).
When should the patient be notified of the purging of archaic or inaccurate information?
Once the purging or inaccuracy has been identified, the patient should be notified immediately (AMA #6). However, there are two advices given. One opinion suggests that the patient and the doctors concerned should be notified before and after the corrections are done. The second opinion suggests that the patient and the doctors concerned should receive notifications from the covered entity prior to the purge. Overall, patients deserve to be given notifications in relation to their medical records before anything is done that will affect the records
When should the computerized medical database be online to the computer terminal?
Putting the medical databases online enables many medical professionals access the information hence increase learning and information. However, it might destroy the patients’ privacy and confidentiality right. To prevent such types of occurrences, online information should be put only when programs that are authorized are used. Security protocols must also be administered in order to protect any data, which is of sensitive nature (AMA #7). The database should only be made accessible to the people who have acquired validity of the protocols put in place (Stanford hospital clinics, 2011).
When the computer service bureau destroys or erases records, should the erasure be verified by the bureau to the physician?
The bureau is identified as a business under HIPAA. For this reason, it is required to have the similar standards as those of the physician. As earlier noted, purging, mis-recording, inaccuracies, and any other mistakes should be notified to both the physician and the patient (AMA, N/A). It is the physician’s and the bureau’s responsibility to make sure that the patients’ records are protected from any error whether unintentional or malicious. When a doctor is no longer in need of computer bureau services, he/she can take one of the two options. One, the doctor can revert the files kept to his/her office. The second option is to destroying the data. However, this is only viable if the physician obtains a copy of the data and the bureau tells the physician in writing, that they have carried out the destruction (MMWR, 2003)
Should individuals and organizations with access to the databases be identified to the patient?
HIPAA has rules of privacy that guard the patients’ health information from improper disclosure (AMA N/A). Before the private information is provided to any other individual outside the medical staff dealing with a particular patient, the patient should first give consent. This is after it has been revealed to the patient why the other parties need to access the information. The level of access each party has should also be revealed to the patient (Kennedy 52).
Does the AMA ethics’ opinion mention encryption as a technique for security?
American Medical Association allows encryption as a standard way of securing electronic medical records. Encryption involves making a kind of a formula that changes selected text into encoded text before sending it to other users online (AMA, N/A). This is as very secure way of sending information online as the only way to get the identity of the text is to have the decoding key. This is only given to authorized personnel. HIPPA security rule does not make encryption mandatory, although any entity that feels it needs this foe security purposes is viable. AMA further states that access to the database should be secured using passwords, information encryption, badges that can be scanned, amongst others (MMWR, 2003).
In regard to electronic medical records (EMRs), what is the policy for disclosing authorized data requested by third parties?
The parties requiring the information must first seek consent from the patient before looking at the information or giving it away (AMA N/A). The patient should consent to this willingly without the use of any aggressive measures. Failing to acquire this consent would only lead to the breach of confidentiality. The giving out of confidential medical information should only be done those parties with a bona fide use of the information. These third parties do not have the right to give or reveal the information to other parties. The database should reveal the smallest amount of information possible to provide the purpose, while also putting a limit the period of it is meant to be used (Kennedy 60).
AMA Opinions and Standards, 5.07. Confidentiality: Computers. The Health Law Resource, 2011. Web. May 19, 2011.
Kennedy, Rosemary. Allied Health Professionals and the Law. Annandale, NSW: The Federation Press, 2008. Print.
Mobility and Mortality Weekly Report (MMWR). HIPAA Privacy Rule and Public Health. April 11, 2003. Web. May 17, 2011.
Stanford Hospital and Clinics. Confidentiality of Medical Staff/Allied Health Professional (AHP) Records. 2011. Web. May 17, 2011.
Place an order in 3 easy steps. Takes less than 5 mins.