Consider a fictional health care organization that is planning to implement an a

Question

Consider a fictional health care organization that is planning to implement an automated patient care system that will enable the organization to electronically share information with their patients. They would like to provide patients with access to medical records, submit consent forms for treatment, and enable electronic payment of bills.

Question

Address the ethical and legal concerns of the new patient care system. Also, identify relevant security technologies and laws necessary to protect the privacy of patients

Explanation / Answer

Ethical Concerns
For the nurse in a traditional medical setting, ethical decisions occur occasionally and at times the nurse may face ethical dilemmas. In contrast, the correctional nurse may face ethical situations daily. The correctional nurse makes ethical decisions about care delivery, caring and patient advocacy in planning and providing safe patient care.

There are six ethical principles that arise frequently for the nurse who works in the correctional setting.

1. Respect for persons (autonomy and self-determination)
2. Beneficence (doing good)
3. Nonmaleficence (avoiding harm)
4. Justice (fairness, equitability, truthfulness)
5. Veracity (telling the truth)
6. Fidelity (remaining faithful to one’s commitment)

These principles serve as a guide to the nurse in making ethical decisions. The correctional nurse can find support for ethical decisions by referring to the American Nurses Association’s code of ethics. The code delineates the ethical standards for nurses across all settings, levels and roles, setting expectations as well as providing guidance.

One of the common ethical concerns that arises for the correctional nurse relates to demonstrating caring in a custody environment. Correctional nurses must find balance in displaying an attitude of care and compassion while recognizing and maintaining safe boundaries.

Another area of ethical concern is the nurse’s responsibility for ensuring that patients have access to care. The values associated with nursing practice include nurse advocacy, respect for humans and eliminating barriers to care. The correctional nurse is in a unique position to evaluate the quality and effectiveness of patient care. He or she works with custody to ensure that the health needs of inmates are respected and responded to in a timely manner.

End-of life care is another ethical concern for the correctional nurse. Patients die while incarcerated and the nurse has a role in helping the patient to die with dignity and comfort. In some prisons, nurse participation in execution may arise as an ethical issue. The correctional nurse should not participate in executions. This position is supported by the ANA’s code of ethics and NCCHC‘sStandards for Health Services in Prisons (standard P-I-07). Participation in execution is inconsistent with nursing values.

Finally, professional practice is an area that can create ethical concerns for correctional nurses. Nurses are encouraged to refer to the ANA’s scope and standards of practice for correction nursing and to their state’s nurse practice act in addressing practice issues.

[Editor’s note: Both ANA books are available in NCCHC's catalog.]

Legal Issues
The legal implications of nursing practice are tied to licensure, state and federal laws, scope of practice and a public expectation that nurses practice at a high professional standard. The nurse’s education, license and nursing standard provide the framework by which nurses are expected to practice. When a nurse’s practice falls below acceptable standards of care and competence, this exposes the nurse to litigation.

The basis for litigation can relate to negligence, failing to exercise the level of care that a reasonable, prudent nurse would under similar circumstances; malpractice; and professional negligence, which means an act of neglect committed in the nurse’s professional role. Acts of omission and commission will also subject the nurse to litigation and professional license review. Both litigation and professional license review can result in reprimand of a nurse’s license or loss of a license.

Correctional nurses can be especially vulnerable to litigation because the correctional patient population has a constitutional right to health care. Compounding this, inmate-patients encounter nurses more than any other type of health care provider. Failure to provide inmates with access to health care to meet their serious medical needs can be litigated under the Eighth Amendment as deliberate indifference or under the 14th Amendment as a civil rights violation.

Inmates have several ways to access health care, such as by submitting a request slip or form. Another way is through oral communication, for example, by telling a correctional officer of a need to be seen by medical, or mentioning a health concern to the nurse during medication administration.

Regardless of the method, the nurse has a legal and ethical obligation to respond to the request for care. In general, the nurse should see the patient to evaluate health needs and determine the level of care required. If the communication is from the officer to the nurse, the nurse has a responsibility to speak to the inmate. A face-to-face discussion would be best, but the nurse could also first speak with the inmate by phone, making sure to ask the right questions, and then determining if the inmate should be moved to the medical unit or if the nurse should go to the inmate’s housing area.

Based on the information provided, the nurse must determine the type and level of nursing intervention required, and then implement an action. The nurse may determine that the patients’ health needs can be managed within his or her scope of practice, or determine that a higher level of care is needed and refer the patient to a midlevel provider or physician, or refer for transfer to a health facility that can provide the care that is needed. It is always appropriate for the nurse to follow up to evaluate the inmate’s response to the intervention.

However the nurse is apprised of an inmate’s health needs, the nurse must document the health needs, how notification of the health need occurred, actions taken and the patient outcome.

Health Information Privacy and Security

The movement towards interoperable electronic health records will create both new challenges and new opportunities with respect to protecting the privacy and security of health information. When protecting Federal information, including personally identifiable information and health information, the Government already has a robust framework in place and numerous policies related to the privacy and security of information, including but not limited to: requirements set forth in the Federal Information Security Management Act (FISMA), the Privacy Act, Office of Management and Budget policies, and guidance and standards put forth by the National Institute of Standards and Technology (NIST). For example, under FISMA, government information (including health information and personally identifiable information) is required to be categorized and protected based on the level of risk associated with that information. Guidance documents and standards exist for agencies to follow - requiring minimum technical, operational, and management controls.

HHS has promulgated several rules that establish critical foundations of Federal confidentiality, privacy, and security protections for health information across the health care system, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the HIPAA Security Rule, and the Confidentiality of Alcohol and Drug Abuse Patient Records Regulation. Taken together, these Rules establish the foundational principles of, and form the context for, the comprehensive privacy and security approach HHS continues to take as part of our national health IT agenda. Furthermore, HHS believes the current HIPAA statute provides an appropriate amount of flexibility to protect health information exchanged by HIPAA covered entities in the health IT environment while allowing best practices to emerge. However, there are differences between Federal laws, State laws and business practices, which can provide additional challenges for the sharing of health information in a private and secure manner, an issue that is currently being examined.

The number, type, and sophistication of tools that protect electronic information are growing at an ever-increasing rate and provide the opportunity to offer health privacy protections beyond those in the paper environment. For example, implementation of role-based access controls and auditing, when implemented electronically, can limit access to a patient’s record to only those individuals who need the information for treatment. Audit trails can automatically record who viewed the health record and can be used after the fact to identify any unauthorized access, leading to improvements in training or, if warranted, corrective action.

HHS is very committed to privacy and security as it works toward the President’s goal of widespread interoperable electronic health records. Ultimately, the effective coordination of health IT activities will help create an environment in which the health status of the American public is improved while information remains private and secure.

Ensuring Privacy and Security Protections through Health IT

Protecting health information in an interoperable electronic environment requires a coordinated effort by all stakeholders. At HHS, we’ve leveraged existing foundations; created new public-private collaborations; and partnered with other federal departments, states, health care organizations, and consumers to continue this critical dialogue. Privacy and security policies must be coordinated and developed openly – with abundant public input – in order to ensure a high degree of trust. Many privacy and security frameworks are in existence, and we need to leverage the work that has been done as we apply these principles in the area of health IT. Further, this is both iterative and informed. Technological solutions are being advanced to support the confidentially of patient data and to accommodate current and future policy decisions.

To that end, HHS has initiated several projects focusing on the development and harmonization of privacy and security standards. HHS directed the establishment of the Healthcare Information Technology Standards Panel (HITSP), which has focused on the harmonization of standards, including those related to privacy and security. ONC continues to work closely with the Certification Commission for Healthcare Information Technology (CCHIT) to develop certification criteria for electronic health records and networks. The Department has also been actively advancing the Nationwide Health Information Network (NHIN) Initiative, which will ensure consumers have an active role in determining the uses of their health information while supporting local and state policies.

We are working to achieve a balance between our technical capabilities to exchange health information and the privacy and security policies that protect it. Appropriate privacy and security policies must account for available technologies and anticipate technological improvements, without being outpaced by innovations developed for the NHIN and interoperable health IT. At the June 12, 2007, American Health Information Community meeting, I described the process HHS is undertaking to develop a privacy and security framework that will meet the expectations of health care consumers and foster the adoption of practices that promote trust in this new environment. One of our first steps will be to engage public and private entities, including the general public, to refine and build consensus around a set of privacy and security principles to protect individuals’ health information in an interoperable electronic environment applicable to both the public and private sectors.

HHS has invested significant resources and efforts in our nationwide strategy for protecting health information. Our national health IT agenda approaches privacy and security through a full suite of activities that both inform current work and prepare for future needs.

Privacy and Security Solutions for Interoperable Health Information Exchange

The Privacy and Security Solutions contract awarded to RTI International (RTI), co-managed by the Office of the National Coordinator for Health Information Technology (ONC) and the Agency for Healthcare Research and Quality (AHRQ), has fostered an environment for states and territories to: (1) assess variations in organization-level business policies and state laws that affect health information exchange; (2) identify and propose practical solutions, while preserving the privacy and security requirements in applicable Federal and state laws; and (3) develop detailed plans to implement solutions to identified privacy and security challenges. States and territories – through the participation of many volunteer stakeholders including physicians, pharmacists, consumers, health IT vendors, laboratories, attorneys, insurers, etc. – have focused their work on an analysis of eighteen health information exchange scenarios which expose challenges their state or territory may face in an electronic environment. The scenarios, which touch on issues such as treatment, payment, research, and bioterrorism, provided states and territories a framework within which to map their variations in business practices and policies to the nine supplied “domains” of privacy and security:

The 34 states and territories that are part of the Health Information Security and Privacy Collaboration (HISPC) under the Privacy and Security Solutions contract participated in ten regional meetings in the fall of 2006 and one nationwide meeting in March 2007, where they exchanged experiences with regional counterparts and discussed the appearance of common themes such as differing applications and interpretations of HIPAA regulations, state consent laws, and state variations in protections provided to sensitive information, such as HIV/AIDS information and mental health records. This summer, RTI will publish three reports that describe the variations in organization-level business policies and state laws which pose challenges to private and secure electronic health information exchange; state plans to implement solutions to address those challenges; and recommendations for the federal government to consider. Starting in July, the states and territories that are part of the HISPC will begin operationalizing their implementation plans as well as preparing collaboration strategies with all states and territories for regional and multi-state solution development.        

State Alliance for E-Health

ONC contracted with the National Governors Association Center for Best Practices to create the State Alliance for e-Health (State Alliance). The State Alliance is an initiative designed to improve the nation's health care system through the formation of a collaborative body that brings together key state decision makers. This body, led by Governors and other high-level executives of states and U.S. territories, is charged with: (1) identifying, assessing and, through the formation of consensus solutions, mapping ways to resolve state-level health IT policy issues that affect multiple states and pose challenges to interoperable electronic health information exchange; (2) providing a forum in which states may collaborate so as to increase the efficiency and effectiveness of the health IT initiatives that they develop; and (3) focusing on privacy and security policy issues surrounding the use and disclosure of electronic health information. The Health Information Protection taskforce, one of three taskforces under the State Alliance, is responsible for examining privacy and security issues. With coordinated input from HISPC participants and testimony from experts in health privacy and security, this taskforce will recommend to the State Alliance policies for states and territories to adopt (and vehicles to facilitate adoption) that will encourage, where appropriate and without diminishing protections, uniformity in their health IT privacy and security practices.

Development of Best Practices for State HIE Initiatives

ONC has awarded a contract to the Foundation of Research and Education (FORE) of the American Health Information Management Association (AHIMA) to gather information from existing state-level Health Information Exchanges and define, through a consensus-based process, best practices, including privacy and security practices, that can be disseminated across a broad spectrum of health care and governmental organizations. FORE derived the information from health information exchange policies and other sources on governance, legal, financial and operational characteristics, and health information exchange policies. From their findings, they developed guiding principles and practical guidance for state-level health information exchanges. AHIMA also developed a workbook and final report to disseminate guiding principles, and recommendations on how to encourage conformance with best practices and coordination across state and federal initiatives.

American Health Information Community: Confidentiality, Privacy, and Security (CPS) Workgroup

In September 2005, the Secretary established the American Health Information Community (AHIC), a federally-chartered advisory committee made up of key leaders from the public and private sectors, charged with making recommendations to HHS on key health IT strategies. On the basis of a recommendation issued jointly by three of its workgroups (Chronic Care, Electronic Health Records, Consumer Empowerment), the AHIC created a workgroup in the summer of 2006 specifically focused on nationwide privacy and security issues raised by health IT activities and the findings of the other AHIC workgroups. Privacy and security are one of the most consistent threads between each of the workgroups and their breakthrough projects. The members for this Confidentiality, Privacy, and Security workgroup were carefully selected to assure that there was sufficient privacy and security expertise, sufficient consumer input, and representation of relevant health care stakeholders that may be affected by any recommendations developed. The workgroup’s first set of recommendations to the AHIC on patient identity proofing were advanced and accepted after deliberation by the AHIC on January 23, 2007, for recommendation to HHS. In the next phase of the NHIN Initiative, selected contractors will be required to meet privacy and security functional requirements and specifications derived from NCVHS and relevant AHIC recommendations (including the CPS recommendation above) as well as other health IT initiatives. Additionally, on June 12, 2007, the AHIC accepted a recommendation from the workgroup that expressed how and to whom privacy and security protections should apply in an electronic health information exchange environment. Its letter to the AHIC (available at http://www.hhs.gov/healthit/community/meetings/m20070612.html) describes in greater detail the work undertaken thus far and the workgroup’s next steps.

In addition, the ONC is currently working to ensure that the AHIC CPS workgroup works collaboratively with the National Committee for Vital and Health Statistics, to address the challenges posed by secondary uses of health information in an electronic environment including those related to non-HIPAA covered entities.

The Certification Commission for Healthcare Information Technology (CCHIT)

In September 2005, ONC directed CCHIT to advance the adoption of interoperability standards and reduce barriers to the adoption of interoperable health information technologies through the creation of an efficient, credible and sustainable product certification program. The CCHIT membership includes a broad array of private sector representatives, including physicians and other health care providers, payers and purchasers, health IT vendors, and consumers. An important part of CCHIT’s work is to set criteria for, and certify the security of, health information systems. The certification process CCHIT has developed promotes well-established, tested, security capabilities in health IT systems and helps make certification a major contributor to protecting the privacy and confidentially of the data these systems manage.

CCHIT has set criteria for the certification of ambulatory EHR systems, including twenty-nine security criteria that EHRs had to meet to achieve certification in 2006. As of May 2007, CCHIT has certified over 80 ambulatory EHRs that meet these security criteria and several additional criterion for functionality and interoperability. As new privacy and security standards are harmonized, they will be incorporated into future versions of the certification criteria.

Healthcare Information Technology Standards Panel (HITSP)

Pursuant to a contract with ONC, the American National Standards Institute (ANSI) convened the HITSP in September 2005, to identify standards for use in enhancing the exchange of interoperable health data.

A part of the HITSP mission is to harmonize the standards necessary to allow for the protection of the privacy and security of health data. The panel guides the collaboration of its member organizations through a standards harmonization process that leverages the work and membership of multiple standards development organizations along with the expertise from the public and private sector. The panel engages in a consensus-based process to identify the most appropriate standards, to identify overlaps and gaps in standards where they are inadequate or unavailable and specifies the use of those standards to advance interoperability.   

On October 31, 2006, HITSP presented and the AHIC accepted and subsequently recommended to the Secretary, three “Interoperability Specifications” that include 30 consensus standards and over 800 pages of implementation guidance for recommendation to HHS. Recently, HITSP formalized the workgroup it created to focus on privacy and security by establishing a technical committee to identify, evaluate, and select standards for privacy and security to support the current suite of Interoperability Specifications and 2007 use cases.

Nationwide Health Information Network (NHIN)

In November 2005, ONC awarded contracts to four consortia to develop prototypes capable of demonstrating potential solutions for nationwide health information exchange. This initiative is foundational to the President's vision for the widespread adoption of secure, interoperable health records within 10 years. The NHIN’s vision is to become a “network of networks” where state and regional health information exchanges and other networks that provide health information services work together, through common architecture (services, standards and requirements), processes, and polices to securely exchange information. In particular the NHIN will: provide consumers with capabilities to help manage the flow of their information; allow health information to follow the consumer; provide critical information to clinicians at the point of care; and improve healthcare, population health, and prevention of illness and disease.

The first year of the NHIN initiative produced four prototype architectures and a number of architectural products that will be used in the second year of this initiative. A critical portion of the required NHIN prototype deliverables was the development of security models that directly address systems architecture needs for securing and maintaining the confidentiality of health data. The NHIN prototypes included the development of architecture that would provide consumers with the ability to manage disclosures of their electronic health information. Furthermore, each participant was required to comply with security requirements established by HHS and Federal laws, where applicable, to ensure proper and confidential handling of data and information. Each delivered important architecture capabilities that will be used in the next steps of the NHIN to address the complex issues of authentication, authorization, data access restrictions, auditing and logging, consumer controls of information access and other critical contributions.

This second year of the NHIN initiative will involve the demonstration of trial implementations in real-world healthcare environments while maximizing the use of existing infrastructure. The trial implementations will be functional across healthcare markets in the service area selected as well as with other participants in the NHIN cooperative and specialty networks involved in use case activities. Moreover, trial implementation sites will be required to demonstrate “core” services, including a suite of consumer services. These services will, in a demonstrable way, empower consumers with knowledge and choice. For certain interactions within a trial implementation, consumers will be given an increased role in determining the confidentiality, privacy, and security of their health information.

Conclusion

Health IT privacy and security policies and their associated technological solutions cannot be developed in a vacuum. A key component for assuring that appropriate privacy and security protections are in place is to assure that these efforts develop in tandem and that coordination is consistent throughout these efforts. This is the role of ONC. We have a conscientious, experienced, and passionate staff that works together closely on these activities and other privacy and security related activities throughout HHS and the other Departments and Agencies to ensure that health IT policy decisions and technology solutions are appropriately coordinated and addressed.

Protecting health information is of the utmost importance and essential to the success of interoperable electronic health information exchange. Proper policies that instill confidence and trust must evolve with technology advancements and vice versa. Not letting one get too far ahead of the other is a concern we share and are working hard to continue to manage. As a leader in this area HHS has invested in multiple coordinated initiatives to ensure health information will be protected as we enter this new era of health and care.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.