Department of Veterans Affairs Medical Center, Oklahoma City, Oklahoma
Today, the Department of Veterans Affairs (VA) operates the nation's largest healthcare system through the Veterans Health Administration (VHA), including 152 medical centers (VAMCs), 800 community-based outpatient clinics and numerous state-based domiciliaries and nursing home care units (About VA, 2016). As the second-largest cabinet agency in the federal government, the VA's budget exceeds the State Department, USAID, and the whole of the intelligence community combined) with more than $60 billion budgeted for VHA healthcare (Carter, 2016). One of the VHA's largest medical centers that provides tertiary healthcare services to eligible veteran patients is the Oklahoma City VA Medical Center (OKC VAMC) in Oklahoma City, Oklahoma. Like several other VAMCs, the OKC VAMC has recently been implicated in a system-wide scandal concerning inordinately lengthy patient waiting times and misdiagnoses which may have contributed to the deaths of some veteran patients and jeopardized others. In addition, the VA has recorded the highest number of patient privacy violations of any healthcare provider in the country since 2011 (Westwood, 2016). To determine the facts from a risk management perspective, this paper provides an overview of the OKC VAMC and an analysis of the challenges that are involved in ensuring patient confidentiality while still maintaining accessibility to patient information, followed by a summary of the research and important findings concerning these issues in the conclusion.
Overview of Oklahoma City VA Medical Center
The OKC VAMC is located at 921 NE 13th Street in Oklahoma City, Oklahoma and provides a wide range of tertiary healthcare services, including psychiatry, physical medicine and rehabilitation, medical-surgical units as well as numerous specialty clinics (i.e., Mental Health Intensive Case Management (MHICM), Reaching Out to Educate and Assist Health Care Families (REACH), Homeless Program/Compensated Work Therapy, regional referral center for Open-Heart surgery, Telehealth Care Coordination, Center for Alzheimer and Neurodegenerative Diseases, Animal Assisted Therapy and a High Risk Foot Program) and various social services (About the Oklahoma City VA Medical Center, 2016). At present, the OKC VAMC features 192 beds, serves 48 counties in Oklahoma and two north central Texas counties, and operates an annex clinic in north Oklahoma City (About the Oklahoma City VA Medical Center, 2016). This medical center has recently been implicated in a VA-wide scandal concerning lengthy waiting times and the provision of suboptimal medical care that may have jeopardized the lives of dozens if not hundreds of veteran patients. For instance, a high-profile report by Donovan Slack (2015) in USA Today cites the specific cases of two veterans, Charles Hand and George Washington Purifoy, who are patients at the OKC VAMC. According to Slack, "Both sought care at Veterans' Affairs medical facilities in Oklahoma. And in their cases and others, medical professionals missed or misdiagnosed their conditions resulting in life-altering consequences" (2015, para. 2)
Analysis of the challenges of providing patient confidentiality vs. accessing necessary patient information for effective and efficient treatment with consideration for the different ways confidentiality can be violated
Like other VA medical centers, the OKC VAMC uses an electronic healthcare record (EHR) system to facilitate access to patient data for healthcare providers (What is VistA?, 2016). The ready accessibility of electronic protected health information (ePHI) through the EHR system, combined with frequent VA employee incompetence, have resulted in thousands of violations of the Health Insurance Portability and Accountability Act (HIPAA) since its passage in 1996 (Westwood, 2016). According to Lawley (2012), "ePHI is defined as any Protected Health Information (PHI) that is stored on any form of electronic media, or which is transmitted in any electronic form (e.g., fax or Internet). This would include scanned records or correspondence that is written on a computer and then printed" (p. 19). Indeed, the HIPAA agency has recorded more ePHI and other patient privacy complaint violations by the VA than any other healthcare provider in the country (Waldman & Orstein, 2015). This point is also made by Westwood (2016) who emphasizes, "Department of Veterans Affairs officials have racked up more than 10,000 privacy breaches since 2011, making the VA the nation's most prolific violator of laws protecting patients' personal medical information" (p. 3).
Despite the flagrant nature of many of these violations which were determined by investigators to be intentional and malicious, there has been no official sanction of the VA to date (Westwood, 2016). Therefore, the challenges of providing patient confidentiality pursuant to HIPAA and professional codes of conduct involve both accidental and intentional privacy violations (Westwood, 2016), with the former representing an area of deficiency that can be addressed through remedial actions but with the latter representing an especially difficult challenge that must be addressed...
For instance, many privacy violations involved veterans who were also employees of the VA whose ePHI were accessed by spouses or their co-workers for use in divorce proceedings, by VA management investigating whisteblowing activities by these veteran employees or just "out of curiosity" following suicides or suicide attempts by veteran employees (Waldman & Ornstein, 2015, para. 6). Some salient examples of these abuses and violations include the following:
In September 2011, after a veteran committed suicide on the grounds of a VA facility in Biloxi, Miss., more than 40 employees accessed his medical records;
In September 2013, a VA employee who worked at the same facility in Biloxi committed suicide and, again, several co-workers inappropriately accessed the employee's medical records;
In January 2015, a veteran who works at C.W. Bill Young VA Medical Center attempted suicide. Afterward, many co-workers who had no direct involvement in his medical care seemed to know about his attempt and asked how he was doing. Following an investigation, the VA's incident response team found that an employee had indeed inappropriately accessed the veteran's medical records "out of curiosity" (Waldman & Ornstein, 2015, para. 7).
Unfortunately, these privacy violations are just a few of the thousands of such violations that have been reported to HIPAA in recent years despite VA's efforts to provide ongoing training to its employees concerning the proper handling of patient information (Waldman & Ornstein, 2015).
Comparison of the rights and responsibilities that physicians have toward patients in context to informed vs. implied consent situations
Informed consent involves formally providing patients with the information they need to make an informed decision concerned the type of medical care they want or do not want, even if clinicians do not agree with this course of action (Curran, 2012). For instance, Curran reports that, "Once a patient is properly informed, it is the patient's right to choose among the various alternatives rather than a physician's right to prescribe the 'best' treatment, even when that choice may be the more dangerous treatment" (p. 134). Pursuant to the reasonable care provider standard, clinicians are generally responsible for providing patients with information concerning (a) the purpose of the proposed treatment, (b) its risks and benefits, (c) available alternatives (including risks and benefits of alternative treatments), and (d) the effect of no treatment whatsoever (Curran, 2012).
By contrast, the term "implied consent" refers to situations in which patients are presumed to give their consent to medical treatment when they are otherwise unable to do so in an express manner such as with informed consent (Breen & Plueckhahn, 2002). Implied consent also extends to the sharing of patient information among healthcare providers, even if this has not been expressly consented to by the patient. For example, Breen and Plueckhahn (2002) report that, "In many health care situations, consent for sharing confidential information between members of the 'health care team' is implied and it is presumed that patients know and accept that this will happen" (2002, p. 39). The overarching factors to be taken into account in both informed and implied consent situations are the best interests of the patient (Breen & Plueckhahn, 2002).
Summary of the risk of malpractice and liability in the Oklahoma City VA Medical Center
Although many veterans may be unaware of their legal rights, the OKC VAMC is at high risk of being targeted for malpractice lawsuits. Pursuant to the Federal Torts Claims Act (FTCA), veterans and/or their families can seek compensation from the U.S. government in cases of negligence on the part of an employee of the VA (Veteran medical malpractice, 2016). In fact, the VA has paid about $100 million a year since 2003 to settle more than 3,000 medical malpractice suits filed by veterans (Veteran medical malpractice, 2016). Moreover, U.S. Treasury records indicate that $200 million more has been paid out since that time to settle almost one thousand wrongful death lawsuits (Veteran medical malpractice, 2016).
Summary of recommended practical measures to minimize risk of malpractice and liability
Complex problems usually require complex solutions and this is certainly the case with mitigating the risk of malpractice and liability at the OKC VAMC. In fact, the very same attributes that make the VA's EHR a valuable resource in delivering high quality healthcare services are the same attributes that provide opportunities for their abuse and misuse. The ease of access to…
About the Oklahoma City VA Medical Center. (2016). Oklahoma City VA Medical Center. Retrieved from http://www.oklahoma.va.gov/about/.
About VA. (2016). Department of Veterans Affairs. Retrieved from http://www.va.gov / about_va/vahistory.asp.
Breen, K. J. & Plueckhahn, V. D. (2002). Ethics, law, and medical practice. St. Leonards, NSW: Allen & Unwin.
Carter, P. (2016). How to fix the VA. Slate. Retrieved from http://www.slate.com/blogs / the_works/2016/03/25/slate_s_infinite_scroll_implementation_explained.html.
Slack, D. (2015). Veterans still suffering from poor VA care despite fixes touted in Washington. USA Today. Retrieved from http://www.usatoday.com/story/news/politics/2015/12/22 / veterans-suffering-poor-va-care-despite-washington-fixes/77556860/.
Veteran medical malpractice. (2016). Lawyers and Settlements. Retrieved from https://www. lawyersandsettlements.com/lawsuit/veteran_medical_malpractice.html.
Waldman, A. & Oldstein, C. (2015, December 30). Privacy violations rising at Veterans Affairs medical centers. National Public Radio. Retrieved from http://www.npr.org/sections / health-shots/2015/12/30/461400692/patient-privacy-isn-t-safeguarded-at-veterans-medical-facilities.
What is VistA? (2016). Department of Veterans Affairs. Retrieved from http://www.ehealth. va.gov/vista.asp.
Only those that are supposed to have access to that information would have all of the correct keys to unlocking it. Advanced technology such as retinal scans, or fingerprint matching could be employed at the most sensitive levels. The implementation of such a system would be long and complicated. The first step would be the development and testing of the software package. The second would be training bedside personnel to
This is troubling, because the different exemptions can cause confusion among stakeholders about how they would apply. Where, health care providers, regulators and insurance companies can be able to circumvent the law, under the exemptions of HIPPA and the Privacy Act. For the individual this gives the appearance of security, yet the various exemptions do little to increase privacy. Then when you consider the fact; that these laws reflect
Patient Education Brochure Patient Privacy and Electronic Medical Records: Patient Privacy and Electron Medical Records: Patient Education Brochure Brochure Content With the implementation of computer-based medical records systems in private offices, physicians have the capacity to maintain clear, organized, and accurate patient records, with pivotal information available with the simple click of a mouse. These systems eliminate the need for bulky paper filing systems that take significant time to sort through and pose the risk
One issue which has gained in public attention in recent years, first with the outbreak of SARS and avian flu, and more recently with the spread of swine flu, is that of public health epidemic. A failure to disclose health concerns properly or to allow others to know when one is seriously ill is a way to instigate the spread of a condition. Thus, "public health has laws governing
patient privacy, confidentiality HIPPA. Must answer questions: Describe issue impact population affects. What arguments facts article support proposed solution. Park, Alice. (2009, September 23). Are med-student tweets breaching patient privacy? Time Magazine. Retrieved March 27, 2011 at http://www.time.com/time/health/article/0,8599,1925430,00.html Patient privacy article review: Park, Alice. (2009, September 23). Are med-student tweets breaching patient privacy? Time Magazine. Retrieved March 27, 2011 at http://www.time.com/time/health/article/0,8599,1925430,00.html According to Time Magazine, the Internet has proved to be both a boon to
Nursing Research HIPAA Proposal Patient privacy protection is a cornerstone of any patient bill of rights and is a major goal of any nurse or medical professional. Without privacy, the basis of trust necessary to facilitate patient healing simply can not occur. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) increasingly dominates the nursing landscape. Safeguarding private patient information is not just important. It is the law. HIPAA provides