Administrative Ethics Paper HCS/335 November 5, 2012 Administrative Ethics Paper In today’s world of technology patient’s face an ever challenging issue of protecting their privacy. One of the biggest areas infringing on a patient’s privacy would be the prescription health information that is being released by pharmacists and the way in which that information is used.
Information is given to a wide variety of entities and to individuals, which raises enormous concern about the privacy rights of patients, especially considering the fact that the patient has not given consent for the release of this information. Legislative and judicial attention is being given on how to protect privacy identifiable information on prescription data and the harm that can be done by the release of this information. There is a lot of focus on exploring privacy issues with regard to personal health information (PHI), especially with the prescription drugs containing so much information.
The computerized databases in a pharmacy collect a host of patient information including the patient’s address, the patient’s name, the date it was filled, the place it was filled, the patient’s gender and age, the prescribing physician, what drug was prescribed, the dosage, and how many pills. How a patient’s information is used once it is de-identified most likely doesn’t even cross anyone’s mind because most patients don’t realize that anyone other than the pharmacist, the doctor, and the insurance company for processing the claim, are going to see it.
Part 1 basically states why there is a need for federal legislation to step in to help protect both patient prescription PHI, and de-identified patient prescription PHI. Part II shows the process of how the information is collected and used. Part III talks about federal and state laws that are currently in existence to protect a patient’s privacy rights, with a focus on three state statutory attempts that would curb information being used for marketing purposes, and the Supreme Court and circuit court responses.
Part IV looks at the existing laws regarding unauthorized disclosure of patient prescription PHI. This is a more intense look at all of the statutes, ethical guidelines, federal and state statutes and laws, and other option for protecting a patient’s privacy. Part V suggests having a federal statute allowing patients to control the use of their information for both patient prescription PHI, and de-identified PHI. Most people would think that de-identified PHI would be protected because it is encrypted before it is transferred to others not authorized to access the identifiable information.
Unfortunately, there are ways such as geo-coding that allows others to re-identify the information. Even if a company sells the data information that they have and they state that personal information is not to be used by third parties, there is no guaranty that the purchaser will uphold the agreement. In today’s technological society it is difficult to have a program that will continue to make re-identification impossible, especially if an individual’s privacy was once breached by re-identification. Encryptions are codes and codes are broken all the time.
Moreover, encryption requires use of a key or cipher, which is used to lock and unlock the hidden data. Such a key is necessary to allow the hidden data to be viewed in an intelligible manner by those who are authorized to view it. However, there is always a risk that the encryption key might fall into the wrong hands, thereby allowing the information to be accessed by unauthorized viewers. There are many problems that could arise from a patient’s information landing into the hands of a stranger, a boss, an enemy, or any other individual that does not have permission to view that information.
The Health Insurance Portability and Accountability Act (HIPAA) needs to take a hard look at the problems that exist with the identifiable patient prescription PHI, the de-identified patient prescription PHI, and the encrypted prescription PHI. These issues affect the entire population and can have a devastating impact on those that have their personal information get into the wrong hands. If there is an employee who has Aides and they don’t want other worker’s to know, it would be too easy for an employer to obtain that information.
The arguments and facts that are used in the article support the proposed solution by stating the problems that arise without having laws in place to protect the privacy rights of patients. There are many ethical and legal issues when you are dealing with privacy rights, including the chances of getting sued by individuals for letting their information be obtained and used by others. Having privacy information released into the wrong hands can be detrimental to a patient. A manager in a health care environment should be there to support and help bring laws into place that protects both the patient and the organization. REFERENCES
Smith, C. (2012) Somebody’s Watching Me: Protecting Patient Privacy in Prescription Health Information, Vermont Law Review, retrieved from the University of Phoenix Library on November 4, 2012. Kendall, D. Protecting Patient Privacy in the Information Age retrieved from http://www. hlpronline. com/kendall. pdf Thacker, S. , (2003) HIPAA Privacy Rule and Public Health CDC, retrieved from http://www. cdc. gov/mmwr/preview/mmwrhtml/m2e411a1. htm ——————————————– [ 1 ]. David Colarusso, Note, Heads in the Cloud, A Coming Storm: The Interplay of Cloud Computing, Encryption and the Fifth Amendment’s
Protection Against Self-Incrimination, 17 B. U. J. Sci & TECH. L. 69, 78-80 (2011)(describing the details of symmetric key encryption and public key encryption) [ 2 ]. Id. at 789 (describing how a cipher or key renders plaintext unreadable gibberish). [ 3 ]. Robert D. Fram, Margaret Jane Radin & Thomas P. Brown, Altred States: Electronic Commerce and Owning the Means of Value Exchange, 1999 STAN. TECH. L. REV. 2, 15-16 (1999) (outlining the risks of cryptography, including the possibility that encryption keys may not always be kept secret. )