Even if you can look up a patient's electronic medical health record from another unit, should you? What happens if you accidentally pull up the wrong patient's EHR? What happens if you accidentally divulge information from that EHR?
There can be serious consequences for not using technology wisely and not thinking. That was the takeaway message of a session on Health Information Technology and Ethics in Oncology at the Oncology Nursing Society Annual Congress, co-moderated by Anne Ireland, MSN, RN, AOCN, CENP, Clinical Director of the Solid Tumor Program at City of Hope National Medical Center, who was also previously the Clinical Architect for Electronic Health Record Implementation at Fletcher Allen Health Care in Burlington, Vermont. The promise of a fully recognized EHR system comes with new challenges to protect patients' privacy, confidentiality, and data, and puts new ethical burdens on care providers to use the tools responsibly, Ireland and the other session moderators explained. In an interview afterward, she summed up these key points:
1. What new challenges does health IT pose regarding the protection of patients' privacy?
“All information is fully accessible—it's really easy now. But by the code of ethics it is obligatory to protect the health information of the people we care for. Other people around them don't have a right to know any of that information, unless the patient has explicitly given me permission to share that. It's hard now though, because the information is just there.
“We talked about that in the conversation. When we asked the nurses: ‘If you work in one unit, are you able to look at a patient's chart in another unit? Everybody said yes. But is that actually OK, that you can just click and read all that?’”
2. So what information is considered protected, private?
“Anything that could speak to the patient's health condition or the treatment of that health condition. Anything that would make it clear, explicitly, what was going on with that particular patient. Frankly, even just knowing that somebody's coming to a facility for care can be a breach. In my case, I work at City of Hope. If you're a patient at City of Hope, people now know you have cancer. So, I'm very sensitive to that.
“That gentleman I was just talking about [during the session Ireland had related an incident of running into a patient who asked her where he knew her from, while both were at a baseball game]—I said I work in ‘health care.’ ... I didn't want to say I work at City of Hope, because by virtue of saying that—I didn't know whether the people who were with him knew he had a cancer diagnosis.
“These issues have existed in health care for a long time. Because now you can see what people are doing and where people are looking—every click is recorded—in a way, health IT has just shined a light on all of it.”
3. The onus then seems to be on providers, to be aware of whether or not they are breaching a patient's privacy-What is your advice for providers?
“Choose your words very carefully—what you say in public, especially what you say in public places where other people are around. You have to assume that the person doesn't want anyone to know [information about their health]. That's the safe place to start from.
“Before we share anything—unless the patient has explicitly said, ‘Please share this information with this person because I want them to understand and help’—we have to assume that they don't want that person to know anything. And it's incumbent upon us professionally to protect their request.”