Remote Access of EHRs: Ethical Concerns
Welcome
Objectives
The learner will understand the implications of disregarding ethical considerations in decision making.
The learner will review the violations of the Nursing Code of Ethics in relation to the animation scenario.
The learner will apply the ethical model for ethical decision making to the electronic health record in the last scenario.
Definition of EHR
Authors' Position
Animation Scenario
What are ethics?
"Ethics are conceptual tools used to evaluate situations and guide decision making from a moral perspective" (Simpson, 2005)
The Hippocratic Oath has been the starting point of evaluating the obligations of physicians to maintain patient privacy and confidentiality.
"What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account must be spread abroad, I will keep to myself, holding such things shameful to be spoken about" (as cited in Rothstein, 2010)
As physicians are essential users of EHRs, we thought it relevant to include the concept of the Hippocratic Oath and the challenges EHRs may present regarding privacy and confidentiality.
Nursing Code of Ethics
- Nurses are expected to conduct themselves in accordance to ethical responsibilities
- Compassionate care is demonstrated through speech, body language and efforts to empathize with the client
- Trustworthy relationships are considered to be the foundation of meaningful communication
- Nurses admit mistakes and take necessary actions to prevent harm and future risks
- Question and address unsafe, unethical, or incompetent practices
- Priority of care is directed towards the well-being of the person(s) in care
- Advocate for the rights of the person(s)
- Collaborate with other health-care providers to maximize health benefit for the person(s)
- Provide information in an open, accurate, and transparent manner to person(s) in care to make informed decisions
- Respect wishes of capable person(s) in care to decline to receive information
- Ensure nursing care is provided with a person(s) informed consent.
- Respect decisions made by person(s) in care regarding treatment or lifestyle
- All persons are to be treated with respect and the nurse supports person(s) in care in maintaining dignity and integrity
- Unique values, customs, spiritual beliefs, social and economic circumstances are taken into consideration.
- Respect privacy of person(s) by minimizing intrusions and providing care in a discreet manner
- Nurses maintain appropriate professional boundaries
- Respect the right of all individuals to have control over the collection, use, access and disclosure of their personal information
- Take reasonable measures to prevent confidential information from being overheard
- Collect, use and disclose health information on a need-to-know basis with the highest degree of anonymity possible and in accordance to privacy laws
- Advocate for client access to their own health-care records
- Respect policies that protect client(s) privacy – including safeguards in information technology
- Do not discriminate on the basis of ANY attribute (ex. Race, gender, lifestyle, socio-economic status)
- Refrain from utilizing negative and demeaning behaviours towards person(s) in care
- Advocate for fair treatment and distribution of resources for person(s) in care
- Question the status quo
- Practice in accordance to the Code of Ethics for Registered Nurses
- Are honest and practice with integrity
- Practice within the limits of their competence and maintain their fitness to practice
- Identify and address conflicts of interest
- Share knowledge and provide feedback
Ethical Considerations for Nurse Beatrice
- Accidentally discloses health information regarding a different patient to Maria Gonzalez. (Maintaining privacy and confidentiality)
- Does not know how to correctly utilize her tablet; voices self-incompetency with tablet. (Being accountable)
- Condescending tone “Your chart says you did have urinary incontinence” & “Well, you must have taken pills when you treated your Chlamydia infection two years ago". (Preserving dignity; Promoting justice; Providing safe, compassionate, competent and ethical care )
- Utilizes and discloses information not pertaining to the reason of the current visit. (Maintaining privacy and confidentiality; Promoting and respecting informed decision-making; Preserving dignity)
- Maria then states that she assumes certain aspects of her past medical record would remain private. (Maintaining privacy and confidentiality)
- Discloses information regarding Maria’s BP only to be informed that the information is incorrect. Nurse Beatrice brushes off the incidence – states “Innocent typing errors do happen. All it takes is one slip of the finger”. (Maintaining privacy and confidentiality; Being accountable; Promoting and respecting informed decision-making; Providing safe, compassionate, competent and ethical care)
- Maria repeatedly asks a question regarding her daughter’s lab results. It takes several attempts for Nurse Beatrice to address the question, and when she does, she provides no real answer. (Promoting health and well-being; Preserving dignity; Being accountable)
- Assumes all individuals have the same access to computers and hence, assumes Maria may access her daughter’s results. Comes across as not able to empathize with her client, as Maria had already informed her at the beginning of the visit that she does not have a computer. (Promoting justice; Providing safe, compassionate, competent and ethical care; Promoting and respecting informed decision-making)
- Quotes policies for privacy of information regarding Maria’s daughters’ lab results. Bureaucratic response “Doctor’s office may call our office for the results...Don’t worry...Any other questions?” (Promoting health and well-being; Promoting justice; Preserving dignity; Providing safe, compassionate, competent and ethical care)
Areas of Ethical Concern
Privacy and Confidentiality
Information within EHRs is sensitive as it could result in a continuum of consequences - anywhere from embarrassment to loss of insurance or employment (Mercuri, 2010). The author also cautioned that this risk of a breach in confidentiality when utilizing electronic health records may result in patients not fully disclosing past medical information, or worse, avoiding medical care entirely.
Privacy is also threatened by the fact that information can be easily and rapidly copied, carried, and dispersed; additionally, access controls may be insufficient or absent (Myers, Frieden, Bhenwani, & Henning, 2008).
EHRs have a number of access points that are opportunities for hackers (Conklin & McLeod, 2010). They asserted that the number of people that have access to these records only increase vulnerability and proposed an issue when one organization has sufficient security controls, others that share the same information may not. They also debated the necessity of having measures in place for emergent situations, such as multiple system sign-on, as they can be security weaknesses.
Our animation demonstrated this concept when the nurse revealed the patient's past history of a sexually transmitted infection. The historical illness was not relevant to the care the nurse was providing at the time, and the patient was alarmed that the nurse had access to this information.
Equity
In the literature reviewed, concerns that the implementation of EHRs would put vulnerable populations further at risk were raised. Layman (2008) stated there is potential for disparity not only in the way resources are provided, but also that certain groups may have inequitable public disclosure of health information. She also reported that age is a factor when considering equity as a majority of people over age 65 stated they had never gone online in a U.S. survey. These are the people that often have chronic diseases and would benefit from online communication with healthcare professionals.
Our animation reviewed this disparity when the client voiced concerns about not having money for diapers "let alone a computer". It would be a mistake to assume that technology use in electronic health records would benefit everyone. Our nurse may have made the patient defensive or embarrassed when she had to tell her that she did not have a computer or access to one.
Efficiency
"It is not obvious that PHRs [personal health records] are the most efficient investment...at this time" (Wynia & Dunn, 2010, p. 71). Mercuri (2010) cautioned that outages of the EHR system would at best be an inconvenience to healthcare professionals, at worst, could contribute to morbidity and mortality rates. Worse yet, complete system failures could result in the loss of patient data.
Integrity
As noted in the animation, the nurse validates the lack of integrity of the information compiled within the EHR, as she states that incorrect data – such as the patient’s blood pressure - may accidently be entered into the system. As well, the nurse initially is quick to assume that the information regarding urinary incontinence must be correct, despite the patient’s refusal and then afterwards, realizing that the wrong patients’ data is being discussed. According to Simpson (2005), there is a tendency to assume what is in the computer is correct. CMPA (2009) also asserts that if it is noted by a HCP that information on an EHR is incorrect, the HCP must notify other users of the EHR. All erroneous information should be corrected as soon as possible.
In the animation, the nurse makes no notation of ensuring that the information ought to be corrected, nor does she state that she will follow up with having the information corrected after the visit. Layman (2008) reported studies reviewed indicated variable rates of data accuracy within electronic health records.
Recommendations
Privacy & Confidentiality
- Creation and adherence to public and institution policy on the protection of remotely accessed health records. This includes policy prohibiting the long-term storage of sensitive data on remote access devices and policy on the expunging of data appropriately (Myers et al., 2008)
- Establish routine disclosure protocols and verification processes (Myers et al., 2008)
- Employee education, including technical training and empowerment around the importance of privacy and confidentiality (Myers et al., 2008; Wynia & Dunn, 2010)
- Encryption of data with time limited passwords or biometric technology for authentication (Layman, 2008;Myers et al., 2008)
- Inventory control procedures and automatic deactivation policy for lost, stolen or security compromised remote devices (Myers et al, 2008)
- Adopt the use of wallet sized “smart cards” which activate a particular remote device (according to Myers et al., 2008 there is less likelihood of misplacing these compared to the standard remote technology)
- Multifactor authentication process (Eg. require a PIN password and smart card; Myers et al., 2008)
- Education for employees and clients who use or receive information from the EHR (Myers et al., 2008; Simpson, 2005; Wynia & Dunn, 2010)
- Targeted subsidies for those less likely to have access to EHR linked technology such as those with low literacy and socioeconomic status as well as new immigrants (Wynia & Dunn, 2010)
- Data should never be exposed in such a way that social discrimination could result (Layman, 2008)
- Initial and continued education and technical support to ensure staff are utilizing the technology optimally and appropriately (Myers et al., 2008; Simpson, 2005)
- Continued research to confirm the health benefits of using EHRs and techniques to reduce the costs of using EHRs (Myers et al., 2008)
- Multiple, easy to restore back-ups of all electronic information are necessary to prevent the partial or total loss of patient records during temporary outages or program errors (Mercuri, 2010)
- Continued critical assessment of the data to identify human error or compromised data(Myers et al., 2008)
- Enhanced security networks, intranets and firewalls etc., to ensure the fidelity of the information (Layman, 2008)
- Patient access to EHR to identify errors (Patients might pick up errors in their data if they had access; Wynia & Dunn, 2010)
- Healthcare professionals are concerned with being held accountable and making appropriate decisions based upon the data accessed in the EHR (Wynia & Dunn, 2010)
- Following an ethical model for decision making, as identified by McGonigle & Mastrian (2009), facilitates health care professionals to take the best ethical action
Ethical Model for Ethical Decision Making (McGonigle and Mastrian, 2009)
Examine the ethical dilemma
- Comprehensively understand both sides of the ethical dilemma by collecting as much information as possible. Understand what needs to be decided and who the key players in the decision should be and what their views on the issue are. Examine these views and implement a plan of action that achieves the greatest good.
- Brainstorm all possible alternatives available and the consequences of these decisions. Automatically rule out any alternatives that have rules that make it impossible to achieve. For all other scenarios, weigh out the best and worst case possible outcomes and decide if the risk of potential benefit outweighs any harm that could come to anyone involved.
- Decide which of the five approaches apply to this situation and if any of the moral principles identified will support decisions that have been done in similar circumstances.
- Ensure that any ambiguous information is addressed and that all arguments have been explored. Rate the significance of the ethical reasoning for each choice.
- 4 = extreme significance
- 3 = major significance
- 2 = significant
- 1 = minor significance
- Relate each of these outcomes to the values of the key players and decide which one provides the greatest good or the least harm.
- Decide if your professional code ethical conduct supports your decision.
- Make a decision about the best alternative and reflect on the inclusion of the considerations of all of the key players. Look at your decision with a critical eye and try to predict what opponents might have to say.
- Implement the choice you have made. Make sure you account for all required resources to execute this plan
- Always go back and analyze your plan and the outcome to ensure it is accomplishing what you intended. Review as necessary.
International Media Reports of Breaches in Electronic Health Records and Other Ethical Concerns
- UNC's health record breach raises questions about the safety of EHR
- October 02, 2009
- http://www.dotmed.com/news/story/10377/?lang=en
- Griffin Hospital reports breach of dozens of patient medical records
- Virus blamed for EHR breach in Canada
- Canada fumbles health data in security breach
- Disgruntled hacker sentenced to five years
- June 20, 2008
- http://www.scmagazineus.com/disgruntled-hacker-sentenced-to-five-years/article/111506/
- Personal health information privacy
- Provides many examples of international breaches of both paper and electronic health records
- http://www.phiprivacy.net/
- Digital health records open ethical issues
Benefits of EHRs
- support patient care and improve its quality;
- enhance productivity of health care professionals and reduce the administrative costs associated with health care delivery and financing;
- support clinical and health service research;
- accomodate future developments in health care technology, policy, management, and finance
- expanded reach of effective health care
- more secure information
- improved sense of well-being
- access to information about how the healthcare system works
- improved healthcare and decreased risks (e.g. adverse drug reactions)
- integrated health services
- do not have to repeat basic information such as name and address
- increased confidence knowing that all health care professionals have access to all relevant parts of their medical history
- access to their own health records help patients to make informed decisions about their health
- avoidance of duplicate, invasive, and/or expensive tests
- reduced waiting lists
Benefits for Health Professionals (The Office of Health and Information Highway, 2001):
- integrated view of patient data
- increased access to other related and integrated patient information
- improved access through a portal to related health services
- improved decisions with up-to-date patient information on an as-needed basis
- improved seamless care through coordination of multi-professional and multi-agency care
- improved development of decision support systems
The Canadian Nurses Association (2002) Discusses EHRs' Potential Benefits for Nurses:
- availability of comprehensive information on the care of clients/patients covering the continuum of health service delivery, across health professionals, and over time
- convenience and ease of access, transfer, and retrieval of information
- ability to view and display data from different views to support clinical, administrative, and research functions
- provision of a dynamic approach to nursing research and to the development of new nursing knowledge
Canadian Media Reports of the Positive Use of EHRs
Canadian Factoids
1. Personal information being accessed for mischevious/malicious reasons (45% of respondents)
2. Information may be accessed for information not pertinent to their health in the future (42% of respondents)
3.Those who access the information will not follow security and privacy protocols (37% of respondents)
4. The information may not be accurate (26% of respondents)
5. One in two Canadians are aware of the existance of EHRs (49% of respondents)
6. Canadians' comfort level with EHRs would increase if the ability to determine who was accessing their record was known. (77% of respondents)
7. Public acceptance of EHRs would grow if legislation existed making unauthorized access of records a serious criminal offence (74% of respondents)
8. Canadians would be more open to adopting the EHR if they had direct access to ensure its accuracy and mask sensitive information (68% and 55% of respondents respectively)
9. Canadians believe that recieving high quality healthcare is linked to healthcare professional's timely accessibility to patient health information (87% of respondents)
10. Public optimism in the EHR is growing! 9 in 10 support the ongoing development of the EHR (89% of respondents)
Given these survey results, healthcare professionals have a duty and responsibility to calm the concerns of the public by demonstrating ethical use when accessing the EHR. Health care professionals can demonsrtate ethical, sound decision-making when accessing EHRs to illustrate how EHRs can successfully improve the patient care experience and ultimately improve health outcomes.
Canada Health Infoway (2007). Electronic health information and privacy survey: What Canadians think-2007. Retrieved from http://www2.infoway-inforoute.ca/Documents/EKOS_Final%20report_EN.pdf
Discussions
How would you feel after Nurse Bea's visit if you were patient Maria Gonzalez in the first scenario? Maria's verbal and nonverbal language illustrated her displeasure with the ethical breaches in regards to her electronic health record.
What could Nurse Bea have done differently?
Does electronic information technology change the concept of this oath? Despite not actually voicing information, the risk of security breaches is a major concern of remote access of electronic health records as the information is still at risk for dissemination.
While the authors' position is that EHR’s benefits outweigh its cons, what is your opinion?
References
Owen, B. (2010, October 27). Manitoba pushes clinics to switch to electronic records