The situation. Healthcare providers need access to patient personal health information wherever patients are present for care. Systems that standardize electronic medical records provide such access, but the risk to privacy that accompanies that access is real, and breaches often make the news. At the Federal level, the HIPAA Privacy Rule protects personal health information gathered by healthcare providers, but most agree that information needs more protection than HIPAA currently affords. Some believe added protection may be found in the forming and keeping of codes of ethics.
A scenario. Mary works in a hospital health information management department, and Maureen, her friend, comes one day to pick up the medical records of a patient who is a client of the lawyer Maureen works for. Maureen, however, has forgotten to bring the client’s signed authorization form, though she assures Mary the form, which she saw the patient sign, is at her office. Since Maureen’s need for the form is urgent and there isn’t enough time to return with the form today, Maureen hopes to take the records and return with the form another day.
Read the iHealthCoalition’s eHealth Code of Ethics, the Summary of the HIPAA Privacy Rule, and with the above scenario in mind, consider the following questions:
- In light of what the Code and HIPAA say, how might Mary and Maureen best resolve the problem?
- How might a code of ethics provide personal medical information more protection than HIPAA?
- In what ways, if any, does HIPAA protect personal medical information where codes of ethics do not?
