Consider a fictional health care organization that is planning to implement an a

Question

Consider a fictional health care organization that is planning to implement an automated patient care system that will enable the organization to electronically share information with their patients. They would like to provide patients with access to medical records, submit consent forms for treatment, and enable electronic payment of bills. Address ethical and legal concerns of the new patient care system. Also, identify relevant security technologies necessary to protect the privacy of patients and laws necessary to protect the privacy of patients.

Explanation / Answer

Reasons for Developing an Ethics Committee

Clinical ethics committees in each hospital are an essential part of the Ethics and Compliance Program. The following document provides a concise, functional guidebook for the organization and operation of an effective clinical ethics committee.

Fundamental Commitment to Patients. HCA is committed to providing quality care that is sensitive, compassionate, promptly delivered, and cost effective. The mission of our organization charges us to be committed to the care and improvement of human life.

Common Threads of Clinical Ethics Committees

Hospitals have infinite variability. At one extreme is the organization of the university teaching hospital that is characterized by (1) a full-time salaried chief of service; (2) a large proportion of full-time attending physicians; (3) division into major clinical and subspecialty departments; and (4) an active ongoing schedule of medical staff conferences and educational activities. At the other extreme is the loosely organized structure characteristic of smaller, rural hospitals that are characterized by: (1) an absence of clinical department subdivisions; (2) an absence of a paid clinical chief of service; and (3) a less active schedule of staff conferences and educational activities.

The experience of hospitals with ethics committees suggests that each institution will handle things differently; each will create a form to fit its situation. There are, however, common threads. First, the process of developing a functioning committee is slow. It may take time for members to feel and recognize accomplishments. They may be anxious to see effects on institutional attitudes and behavior, which may be discouraging. Committees with extensive experience report that it takes a year or two before members see or sense results of their work. Patience, compassion, and optimism are necessary virtues for ethics committee members. It is also vital for the members to listen carefully to one another with openness and enthusiasm to learning.  

Second, committees may become bogged down in decisions about committee structure, rules, and procedural operations. Voting procedures, the number of people needed for consults, type of minutes kept, and attendance requirements are concrete issues, issues that everyone is comfortable with and having concrete clear opinions. The committee must avoid being overly focused on these concrete matters rather than struggling through uncomfortable discussions about ethical issues.

The third common thread is that the committee will periodically struggle with its purpose, functions, and accountability. Although a naturally frustrating and evolutionary process, one thing is certain: clinical ethics committees should exist primarily to serve patients and to protect their interests. The temptation to protect the hospital, hospital employees and physicians will be felt frequently. In many situations, the interests of the hospitals healthcare workers and patients and families will be united; in other situations, the patient’s interests may be obscure, and in others the patient’s preferences may lie in sharp contrast with the values of the hospital or healthcare workers.   It may be difficult to keep the patient’s interests paramount.

Joint Commission Standards

The Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) standards place great emphasis on ethics, rights and responsibilities. These standards require the hospital follow ethical behavior in its care, treatment, services, and business practices, address the wishes of the patient relating to end of life decisions, and recognize that patients have the right to refuse care, treatment, and services in accordance with law and regulations. In essence, the hospital must establish and maintain structures to support patient rights. This must be done in a collaborative manner that involves the hospital’s leaders and others. The ethical infrastructure is based on policies and practices that reflect a philosophical basis and commitment to patient safety. This commitment makes up the framework that addresses ethical behavior, patient care and organizational ethics issues. Although clinical ethics committees have not been specifically mandated by the JCAHO, they have been given significant recognition by these mentions.

The JCAHO guidance defines a variety of functions and activities that it reviews in its accredited organizations on a regular basis. For purposes of smooth operation, the JCAHO manual specifies that the hospital staff be organized to accomplish its required functions. For the most part, many specific committees or groups accomplish these functions. These groups provide mechan­isms for dealing with issues that are clearly ethical, but beyond the scope of the clinical ethics committee. The clinical ethics committee should complement these groups, not substitute for them or interfere with their work. If they are not functioning properly, the clinical ethics committee can play a role in alerting the leadership, making suggestions for possible resolutions. But the clinical ethics committee should be cognizant of the fact that, despite its name, it is not the only entity in the hospital responsible for and capable of dealing with ethical issues.

Hospital committee membership is primarily representational. For example, a medical records committee may include representatives from the various sections or services of the medical staff as well as from nursing, pharmacy, and whatever other clinical services are required or permitted to make entries into the patient medical record.  

Members of the clinical ethics committee, on the other hand, are multidisciplinary and may not be as representational of a particular service, section, or department but, instead, are selected on individual's interests, abilities, background, education, dedication and willingness to commit substantial time to learning and service.

The committee, in terms of its definition in bylaws, is critical in determining exactly what its responsibilities are and how it may interpret its role. For example, if the clinical ethics committee has been established merely because "every other hospital in the city has one" then it’s annual report to the medical staff may consist only of a description of its educational activities, a list of the policies it has reviewed and/or recom­mended for consideration by the medical staff, a brief outline of the number of case reviews it has performed, and a list of its committee members. However, if the committee's charge is to be the ethical conscience of the institution, the committee's interpretation of its role may be entirely different and would involve relationships with other hospital committees. It is hoped that when a facility establishes a clinical ethics committee there is specific mention of the committee's responsibilities and role in patient care and in reporting its findings and recommendations. It is also important to establish and document within the bylaws whether the committee is a Board of Trustees committee with Medical Staff representation or a Medical Staff committee accountable to the Board of Trustees

Committee Structure

Getting Started

Initiating the development of an ethics committee may be a timorous endeavor at first; however, to be successful over time, it must be multidisciplinary and have support from both the physicians and the hospital administration. To gain support, the initiating group must have some clear sense of what such a committee has to offer the hospital. The group might want to prepare a list of paradigmatic or actual cases that have provided problems in the past, or to list specific kinds of inconsistencies in treatment decisions that have led to staff morale problems. In some way, the group should be able to document a genuine set of problems that needs to be addressed.

With official backing (tacit approval or other), at least three possible directions can be followed. First, a task force may be appointed to assess the need for an ethics committee. Second, a clinical ethics study group may be formed to enable the interested parties to increase their understanding of the issues. And third, a clinical ethics committee may be formed to undertake any or all of the possible functions of the committee.

A committee formed from task force deliberations begins with some inherent structure. The task force would already have some type of authoritative sanction. To be successful, it should have a deliberately balanced number of physicians, nurses, etc. It should have a written statement of its functions and goals. In addition, it should also have some kind of financial and clerical support.

When a committee begins as a study group or as an ad hoc clinical ethics committee, it will (and should) have much less structure. Members are often volunteers, terms of office are undetermined, and official support may be uncertain. Initially, this group should not be overly concerned about developing a particular structure or defining specific procedures. As it develops, the group will understand how it can best serve the hospital, patients, and the surrounding community.

Defining Goals and Functions

A wide range of ethical issues might be within the committee’s purview, including clinical care issues, patient advocacy concerns, and conflicts of care. Of course, a committee may choose to address any of these issues that are within its general mandate.

First and foremost, the committee should write a statement of its functions. The statement of the committee’s function should be detailed rather than perfunctory, and explain both why the committee has chosen these functions and how it intends to carry them out. This statement will require the committee to consider what can reasonably be done and to establish effective, time-sensitive priorities. Without such a statement, there is a very high probability of dissipation of efforts over too wide a field. The three standard functions of clinical ethics committees are: (1) education (of the committee members, of physicians and staff members, of patients and families, and of the local community);   (2) policy recommendation (policies and guidelines for health care professionals regarding decision-making processes in problematic cases); and (3) case consultation (active, prospective, and retrospective).

The committee should establish realistic goals and review them regularly (at least once every six months). Articulating goals and delineating functions means that priorities must be set and limits acknowledged.  

Organizational Placement

An ethics committee can be constituted as a medical staff committee, an administrative committee, or a governing board committee. Organizational placement may affect several different concerns:

Discoverability

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) allows for protected health information to be used for treatment, payment and healthcare operations. (45 CFR § 164.501). “Health care operations” include “[c]onducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines….” (Id.). Utilization review and quality assurance committees are paradigms of this kind of function. State laws specifically define protections for discovery and should serve as a resource in determination of committee organizational placement.

Membership Requirements and Selection

Medical staff committees typically require that at least half the members be physicians. Governing board committees may require that some number of trustees be members of the committee. Regardless of the committee’s organizational placement, a diverse and multidisciplinary membership is advisable. The different types of committees differ with respect to who actually appoints the members; namely, a medical executive committee, the administration, or a governing board. Note that the documentation of important guidelines such as the purpose, meeting frequency, membership and reporting method should be in the Board Bylaws or Medical Staff Bylaws.

The chairman of a medical staff committee is customarily a physician. Board committees may be chaired by physicians but are sometimes chaired by other

professions. Credibility may be problematic if there are not enough physicians on the committee, but physicians are typically not mandated to chair board committees. In fact, some committees prefer a non-physician be the chairperson. Many committees appoint co-chairs; one co-chair a physician, the other a nurse, social worker, or pastoral care representative.

Character of the Committee

The type of clinical ethics committee that a hospital chooses to establish can make various statements about the committee’s role. A board committee gives the clear message that ethical concerns are not solely or primarily medical questions. A board committee may also give greater acknowledgment to the equal status of all members of the committee, each drawing upon his or her unique experiences and expertise. Such a committee is a model of the interdisciplinary collaboration that can occur throughout the hospital.  

Committee Membership

The size of clinical ethics committees varies widely, sometimes as a function of the committee’s origins. A clear idea of the committee’s function will help to resolve the question of size. If the committee’s role is primarily education, then a large group may be appropriate and preferable. If the committee intends to conduct “whole-committee” case reviews, then a large group would not be conducive to serious participation by all members.   If the committee plans to focus on writing policies, then a medium-size group may be best. If the committee plans to do all three, then it may help to have a larger group to handle the large amount of work, primarily through subcommittees. Personal qualities - attitudes, temperament, and the capacity for critical thinking - are more important than educational specialty or degree. To guarantee diversity and fairness, the committee should be representative of the hospital community.

Representatives

To gain credibility within the hospital and to provide accountability outside the hospital, a committee should be a representative body. A committee composed only of physicians would lack the variety of perspectives necessary to respond to ethical dilemmas. Likewise, a committee that functioned without physicians would be equally inadequate. It would lack clinical credibility because the physician’s scientific and technologic knowledge and the relationship between doctor and patient are vital factors in identifying and resolving the medical ethics dilemma.

Lawyers

Committees frequently include a lawyer who is not a hospital employee. A person familiar with legal requirements and restrictions will be vital to any committee. The committee will need to keep abreast of legal developments.   Non-hospital lawyers are preferred, not because they are better lawyers or know more about ethics, but because the hospital lawyer is employed to protect the hospital’s interests. Because the hospital’s interests may not be consistent with the patient’s desires or interest, the hospital lawyer should not be positioned in a of possible conflict of interest situation. If the hospital is located near a law school, the clinical ethics committee could inquire about any faculty member who has an interest or expertise in healthcare law, policy, or ethics.

Lay Members

Ethics committees are strongly advised to include lay members. Lay members provide a ‘community values’ perspective and help facilitate credibility within the community at large. Institutional Review Boards (IRBs) are required to include lay members and the faint parallel between IRBs and clinical ethics committees may account for the insistence upon lay membership. An ethics committee that chooses lay members should think about the ethnic and cultural representation of the community served by the hospital. An ethics committee that chooses to include a lay member should have at least two lay members. Many persons are intimidated by hospitals, by physicians and strangers. If isolated as a group of one, a lone lay member may be inclined to defer to the larger group. Generally, hospitals have great credibility within their communities. The community is seldom aware of hospital practices unless citizens read about them in the newspapers. If a hospital has marginal credibility, placing a lay member on the clinical ethics committee will not restore it. However, the committee would do well to ensure that the lay perspective is protected and heard.

HIPAA and Confidentiality

Clinical ethics committee discussions should never include unnecessary personal details about patients. Redacting names and patient information should be standard operating procedure. However, it may not be possible to remove or redact all identifiable health information. Because of the extremely sensitive nature of the personal protected health information (“PHI”) that may be discussed in meetings or consultations, anyone who is not a hospital employee must 1) be trained about the hospital’s HIPAA policies as if they were a member of the workforce or 2) sign a Business Associate Agreement that delineates the responsibilities of maintaining confidential any PHI.  

2nd part

Everyone has a role to play in the privacy and security of electronic health information — it is truly a shared responsibility. The Office of the National Coordinator for Health Information Technology (ONC) provides resources to help you succeed in your privacy and security responsibilities. This Guide to Privacy and Security of Electronic Health Information (referred to as “Guide”) is an example of just such a tool. The intent of the Guide is to help health care providers especially Health Insurance Portability and Accountability Act (HIPAA) Covered Entities (CEs) and Medicare Eligible Professionals (EPs)1 from smaller organizations better understand how to integrate federal health information privacy and security requirements into their practices. This new version of the Guide provides updated information about compliance with the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs’ privacy and security requirements as well as the HIPAA Privacy, Security, and Breach Notification Rules. The U.S. Department of Health and Human Services (HHS), via ONC, the Centers for Medicare and Medicaid Services (CMS), and the Office for Civil Rights (OCR), supports privacy and security through a variety of activities. These activities include the meaningful use of certified EHRs, the Medicare and Medicaid EHR Incentive Programs, enforcement of the HIPAA Rules, and the release of educational resources and tools to help providers and hospitals mitigate privacy and security risks in their practices.

Actions and Programs • The HIPAA Privacy, Security, and Breach Notification Rules, as updated by the HIPAA Omnibus Final Rule2 in 2013, set forth how certain entities, including most health care providers, must protect and secure patient information. They also address the responsibilities of Business Associates (BAs), which include EHR developers working with health care providers. • In 2011, CMS initiated the Medicare and Medicaid EHR Incentive Programs. 3,4 The programs are referred to as “EHR Incentive Programs” or “Meaningful Use” Programs throughout this Guide. Meaningful Use encourages health care organizations to adopt EHRs through a staged approach. Each stage contains core requirements that providers must meet; privacy and security are included in the requirements. Federal Organizations This Guide frequently refers to federal organizations within HHS that have a distinct health information technology (health IT) role. These organizations are summarized in Table 1.

Table 1: Overview of HHS Entities Federal Office/Agency Health IT-Related Responsibilities Website Centers for Medicare and Medicaid Services (CMS) • Oversees the Meaningful Use Programs www.cms.gov Office for Civil Rights (OCR) • Administers and enforces the HIPAA Privacy, Security, and Breach Notification Rules • Conducts HIPAA complaint investigations, compliance reviews, and audits www.hhs.gov/ocr Office of the National Coordinator for Health Information Technology (ONC) • Provides support for the adoption and promotion of EHRs and health information exchange • Offers educational resources and tools to assist providers with keeping electronic health information private and secure www.HealthIT.gov A fourth federal entity mentioned in this Guide is the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce. NIST sets computer security standards for the federal government and publishes reports on topics related to information technology (IT) security. While the reports are intended for the federal government, they are available for public use and can provide valuable information to support a strong security program for your practice setting. To review NIST publications that are relevant to the HIPAA Security Rule, visit http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html5 and scroll to the bottom of the page

Why Do Privacy and Security Matter? Increasing Patient Trust and Information Integrity Through Privacy and Security To reap the promise of digital health information to achieve better health outcomes, smarter spending, and healthier people, providers and individuals alike must trust that an individual’s health information is private and secure. If your patients lack trust in Electronic Health Records (EHRs) and Health Information Exchanges (HIEs), feeling that the confidentiality and accuracy of their electronic health information is at risk, they may not want to disclose health information to you. 6 Withholding their health information could have life-threatening consequences. This is one reason why it’s so important for you to ensure the privacy and security of health information. When patients trust you and health information technology (health IT) enough to share their health information, you will have a more complete picture of patients’ overall health and together, you and your patient can make more-informed decisions. In addition, when breaches of health information occur, they can have serious consequences for your organization, including reputational and financial harm or harm to your patients. Poor privacy and security practices heighten the vulnerability of patient information in your health information system, increasing the risk of successful cyber-attack. To help cultivate patients’ trust, you should: • Maintain accurate information in patients’ records • Make sure patients have a way to request electronic access to their medical record and know how to do so

• Carefully handle patients’ health information to protect their privacy • Ensure patients’ health information is accessible to authorized representatives when needed Protecting patients’ privacy and securing their health information stored in an EHR is a core requirement of the Medicare and Medicaid EHR Incentive Programs. 7 (The EHR Incentive Programs are also referred to as the “Meaningful Use” Programs throughout this Guide.) Your practice — not your EHR developer — is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EHR. Effective privacy and security measures help you meet Meaningful Use requirements while also helping your clinical practice meet requirements of the HIPAA Rules and avoid costly civil money penalties for violations,

Your Practice and the HIPAA Rules Understanding Provider Responsibilities Under HIPAA The Health Insurance Portability and Accountability Act (HIPAA) Rules provide federal protections for patient health information held by Covered Entities (CEs) and Business Associates (BAs) and give patients an array of rights with respect to that information. This suite of regulations includes the Privacy Rule, which protects the privacy of individually identifiable health information; the Security Rule, which sets national standards for the security of electronic Protected Health Information (ePHI); and the Breach Notification Rule, which requires CEs and BAs to provide notification following a breach of unsecured Protected Health Information (PHI). CEs must comply with the HIPAA Privacy, 10 Security, 11 and Breach Notification12 Rules. BAs must comply with the HIPAA Security Rule and Breach Notification Rule as well as certain provisions of the HIPAA Privacy Rule. Whether patient health information is on a computer, in an Electronic Health Record (EHR), on paper, or in other media, providers have responsibilities for safeguarding the information by meeting the requirements of the Rules. This chapter provides a broad overview of the HIPAA privacy and security requirements. You may also need to be aware of any additional applicable federal, state, and local laws governing the privacy and security of health information.

What Types of Information Does HIPAA Protect? The Privacy Rule protects most individually identifiable health information held or transmitted by a CE or its BA, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information” or “PHI.” Individually identifiable health information is information, including demographic information, that relates to: • The individual’s past, present, or future physical or mental health or condition, • The provision of health care to the individual, or • The past, present, or future payment for the provision of health care to the individual. In addition, individually identifiable health information identifies the individual or there is a reasonable basis to believe it can be used to identify the individual. For example, a medical record, laboratory report, or hospital bill would be PHI if information contained therein includes a patient’s name and/or other identifying information. The HIPAA Rules do not apply to individually identifiable health information in your practice’s employment records or in records covered by the Family Educational Rights and Privacy Act (FERPA), as amended.

Do I Need to Inform My Patients about How I Use or Disclose Their Health Information? Generally, yes, a CE must prominently post and distribute an NPP. The notice must describe the ways in which the CE may use and disclose PHI. The notice must state the CE’s duties to protect privacy, provide an NPP, and abide by the terms of the current notice. The notice must describe individuals’ rights, including the right to complain to the U.S. Department of Health and Human Services (HHS) and to the CE if they believe their privacy rights have been violated. The notice must include a point of contact for further information and for making complaints to the CE. CEs must act in accordance with their notices. The Rule also contains specific distribution requirements for health care providers and health plans. In addition to providing this notice to patients at the initial visit, your practice must make its NPP available to any patient upon request (discussed in Chapter 3). Chapter 6, Step 5C, provides an overview about new notification requirements resulting from the 2013 Privacy Rule modifications. You may want to start with and personalize for your practice the model NPPs for providers24 that were developed by OCR in collaboration with the Office of the National Coordinator for Health Information Technology (ONC). Your REC or medical association also may be able to suggest some NPP templates that comply with the updated requirements. Note that your state health information privacy law may require you to add other information to your notice.

Do I Have to Get My Patients’ Permission to Use or Disclose Their Health Information with Another Health Care Provider, Health Plan, or Business Associate? In general, you as a CE may use and disclose PHI for your own treatment, payment, and health care operations activities and other permissible or required purposes consistent with the HIPAA Privacy Rule without obtaining a patient’s written permission (e.g., consent or authorization). A CE also may disclose PHI for: • The treatment activities of another health care provider, • The payment activities of another CE and of any health care provider, or • The health care operations of another CE when: o Both CEs have or have had a relationship with the individual o The PHI pertains to the relationship o The data requested is the minimum necessary o The health care operations are: Quality assessment or improvement activities Review or assessment of the quality or competence of health professionals, or Fraud and abuse detection or compliance. An exception applies to most uses and disclosures of psychotherapy notes that may be kept by a provider from the EHR; a CE cannot disclose psychotherapy notes without an individual’s written authorization. Except for disclosures to other health care providers for treatment purposes, you must make reasonable efforts to use or disclose only the minimum amount of PHI needed to accomplish the intended purpose of the use or disclosure. This is called the minimum necessary standard. 25 When this minimum necessary standard applies to a use or disclosure, a CE may not use or disclose the entire medical record for a particular purpose, unless it can specifically justify the whole record as the amount reasonably needed for the purpose. When Are Patient Authorizations Not Required for Disclosure? • Information Sharing Needed for Treatment – You may disclose, without a patient’s authorization, PHI about the patient as necessary for treatment, payment, and health care operations purposes. Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another. A disclosure of PHI by one CE for the treatment activities undertaken by another CE is fundamental to the nature of health care. • Disclosures to Family, Friends, and Others Involved in the Care of the Individual as well as for Notification Purposes – To make disclosures to family and friends involved in the individual’s care or for notification purposes, or to other persons whom the individual identifies, you must obtain informal permission by asking the individual outright, or by determining that the individual did not object in circumstances that clearly gave the individual the opportunity to agree, acquiesce, or object. For example, if a patient begins discussing health information while family or friends are present in the examining room, this is a “circumstance that clearly gave the individual the opportunity to agree, acquiesce, or object.” You do not need a written authorization to continue the discussion. Where the individual is incapacitated, in an emergency situation, or not available, a CE generally may make such disclosures, if the provider determines through his/her professional judgment that such action is in the best interests of the individual. You must limit the PHI disclosed to what is directly relevant to that person’s involvement in the individual’s care or payment for care. Similarly, a CE may rely on an individual’s informal permission to use or disclose PHI for the purpose of notifying (including identifying or locating) family members, personal representatives, or others responsible for the individual’s care, of the individual’s location, general condition, or death.26 OCR’s website contains additional information about disclosures to family members and friends in fact sheets developed for consumers27 and providers. 28 • Information Needed to Ensure Public Health and Safety – You may disclose PHI without individual authorization in the following situations: o To send immunization records to schools. Immunization records about a student or prospective student of a school can be disclosed to the school without written authorization — as long as your practice has a parent or guardian’s oral agreement if the student is a minor, or from the individual if the individual is an adult or emancipated

minor. Your practice must document such oral agreement. Such disclosures can only be made in instances where state law requires the school to have such information before admitting the student. In addition, the PHI disclosed in such an instance must be limited to proof of immunization. 29 o To a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability. This would include, for example, the reporting of disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions.30 o To a foreign government agency (at the direction of a public health authority) that is acting in collaboration with the public health authority.31 o To persons at risk of contracting or spreading a disease or condition if other law, such as state law, authorizes the CE to notify such individuals as necessary to prevent or control the spread of the disease.32 • Information Needed to Prevent or Lessen Imminent Danger – You may disclose PHI that you believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone you believe can prevent or lessen the threat (including the target of the threat). CEs may also disclose to law enforcement if the information is needed to identify or apprehend an escapee or violent criminal.

JCAHO Accreditation. Accreditation is also an impetus for maintaining an effective clinical ethics committee. For example, the Joint Commission’s chapter covering the Rights and Responsibilities of the Individual include the following standards:

By these direct references, JCAHO lends urgency to the organizational protocol for the protection of patient’s rights. The American Society for Bioethics and Humanities developed a task force to develop standards for health care ethics consultation.

Health Insurance Portability and Accountability Act (HIPAA)

Recently enacted federal HIPAA Privacy regulations provide for civil monetary penalties for wrongful disclosures of protected health information (“PHI”). Clinical Ethics committees have a valuable institutional role in propagating the necessary paradigm

shift in this highly sensitive area. Clinical ethics committees must be extremely sensitive to the protected health information that may accompany case reviews and other committee functions. The federal regulations allow covered entities to use PHI for operations and oversight bodies like ethics committees. This document is offered in the hope that one recognizes the important and timely initiatives undertaken in the area of clinical ethics.

Mark of Professionalism. Organizational protocols that address the protection of patients’ values and preferences evidence not only a commitment to high quality care, but also provide the facility with a mark of professionalism.  

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.