Confidentiality in Healthcare
One of the most important elements of medical care is the ethical non-disclosure agreement between doctor and patient. This agreement is in place to ensure that patients will have the freedom to be absolutely honest with their physicians. Frequently the lives of patients depend upon the insurance of confidentiality, which ensures that patients will release all the information necessary to be treated in a targeted and effective way. The American Medical Association has provided very clear guidelines for doctor-patient confidentiality and its maintenance, particularly as relevant to computer databases. General guidelines for the relationship between physicians and their patients, along with the maintenance of their confidentiality levels are addressed by the E-5.059, E-7.02 and E-10.01 forms on the AMA online database.
The E-5.07 form of the AMA medical ethics guide that deals with computer confidentiality states that it is important to date- and time-stamp any changes to confidential medical information on the computer-based patient record. This would naturally include corrections to such records. Furthermore, the record should also show who made the changes, and such changes should only be made by authorized personnel. This serves the important purpose of keeping the patient informed on relevant changes and corrections to his or her medical information.
2. Both the patient and the physician responsible for treatment should be advised of the existence of computerized databases prior to its creation and storage by computer personnel. Furthermore, the patient should also be informed of all the persons and entities with any access to this information via the database. The specific level of access, along with the names of the persons or entities should also be released to the patient prior to releasing the information relating to the database. The reason for this measure is to obtain the informed consent of the patient for the disclosure of his or her confidential information to the parties involved, according to the ethical AMA standard.
3. Both the patient and physician should be notified of purging procedures before and after purging takes place. An important aspect of this is that the patient's records should also not be mixed with those of other computer service bureau clients, regardless of the status of the information as archaic or incorrect. Measures to protect the records being purged should be implemented during the process.
4. To provide optimal protection of privacy, the computerized medical database should be online to the terminal only when computer programs with the necessary authorization, and specifically requiring the data, are in use. No person or entity outside of the clinical facility should have access to any online computerized database with medical records of patients who can be identified via the program. This ensures continued doctor-patient confidentiality, which belongs to the patient according to standard medical ethics, as well as the law.
5. The bureau should provide the physician with verification of destroyed or erased records. The physician is primarily charged with the confidentiality of patient records, and as such should always be fully aware of any action taken regarding the records of his or her patient. Concomitantly, the patient should also be kept informed of such actions, as it directly affects his or her confidentiality status. The physician should then advise the patient regarding the necessary actions or allowance to be made for the destruction of the records.
6. As mentioned above, it is absolutely vital to identify individuals and organizations with access to the databases containing his or her medical records. The reason for this is again for the purpose of informed consent. The physician should also be informed of such individuals or organizations. The patient is then given full power to provide or withhold consent in concomitance with advice from the physician.
7. The AMA ethics opinion mentions encryption, along with several other measures, to ensure the security of medical records from unauthorized access. Other forms of access control include passwords and scannable badges. This ensures the confidentiality of patient records and protection from outside parties, including hackers or other entities without the informed consent of both the physician and the patient.
The AMA ethics opinion very strongly promotes the security of patient records, stating that the most stringent possible security procedures should be implemented to prevent unauthorized access. The ethics document also states that audit procedures should be in place to create records of any unauthorized disclosure or access to medical data. Furthermore, if employees working with the databases are terminated or leave the employer, their access to medical records should be terminated at once.
You’re 77% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.