Even if you can look up a patient’s electronic medical health record from another unit, should you? What happens if you accidentally pull up the wrong patient’s EHR? What happens if you accidentally divulge information from that EHR?
There can be serious consequences for not using technology wisely and not thinking. That was the takeaway message of a session this week at the 2014 Oncology Nursing Society Annual Congress on Health Information Technology and Ethics in Oncology, here in Anaheim, California. With the implementation of electronic medical health records systems still underway, and the rules of social media changing all the time, sessions like this one tended to raise as many questions as answers.
The promise of a fully recognized EHR system comes with new challenges to protect patients’ privacy, confidentiality, and data, plus puts new ethical burdens on care providers to use the tools responsibly, Ireland and the other session moderators explained. In an interview afterward, Ireland summed up these key points.
1. What new challenges does health IT pose regarding the protection of patients’ privacy?
“All information is fully accessible — it’s really easy now. But by the code of ethics it is obligatory to protect the health information of the people that we care for. Other people around them don’t have a right to know any of that information, unless the patient has explicitly given me permission to share that. It’s hard now though, because the information is just there.
“We talked about that in the conversation. When we asked the nurses: ‘If you work in one unit, are you able to look at a patient’s chart in another unit? Everybody said yes. But, is it OK that you can just click and go read?’”
2. What information is considered protected, private?
“Anything that could speak to the patient’s health condition or the treatment of that health condition. Anything that would make it clear, explicitly, what was going on with that particular patient. Frankly, even just knowing that somebody’s coming to a facility for care can be a breach. In my case, I work at City of Hope. If you’re a patient at City of Hope, people now know you have cancer. So, I’m very sensitive to that.
“That gentleman I was just talking about [During the session Ireland had related an incident of running into a patient who asked her where he knew her from, while both were at a baseball game] — I said I work in ‘health care.’ … I didn’t want to say I work at City of Hope, because by virtue of saying that — I didn’t know whether the people that were with him knew he had a cancer diagnosis.
“These issues have existed in health care for a long time. Because now you can see what people are doing and where people are looking — every click is recorded — in a way, health IT has just shined a light on all of it.”
3. The onus then seems to be on the provider then to be aware of whether or not they are breaching a patient’s privacy? What is your advice for providers?
“Choose those words very carefully — what you say in public, especially what you say in public places where other people are around. You have to assume that the person doesn’t want anyone to know [information about their health]. That’s the safe place to start from.
“Before we share anything — unless the patient has explicitly said, ‘please share this information with this person because I want them to understand and help’ — we have to assume that they don’t want that person to know anything. And it’s incumbent upon us, professionally to protect their request.”