ifsm 305 assignment case study 4

profileNana21
IFSM305casestudy3.docx

Running Head: Stage 6: ELSI in EHR 1

Ethical, Legal and Regulatory Policy Issues 7

Ethical, Legal & Regulatory, and Social Issues

Alesix Tieku

Professor Wooten

IFSM 305

July 25th, 2019

Table of Contents Introduction 3 Table of ethical, legal and regulatory Policy issues 4 Addressing the most difficult issue – Legal and regulatory requirements 5 Summary 6 References 7

Ethical, Legal & Regulatory, and Social Issues

Introduction

There is a huge amount of confidential information about patients held in Electronic Health Record Systems. Some of these issues revolve about the right to confidentiality of any individual like potential diagnosis and health records in general. Some of these issues are purely ethical and don’t have any legal repercussions if not adhered to. Some are both legal and ethical at the same time; meaning they have legal repercussions if broken but have an ethical explanation. And lastly, some are social as to the general growth of the society and as humanity.

The general inapplicability of today’s laws to PHRs is a concern, especially given the ever-expanding possibilities for PHR data misuse with respect to potentially stigmatizing diseases, conditions and medications. As noted, HITECH does extend some HIPAA requirements to PHRs. Many states as well as HIPAA (modified by HITECH) have instituted “data breach” notification laws. These measures also increase security requirements on organizations that hold identifiable personal data.

Robust functionality for PHRs requires the ability to exchange their data with the parties providing health services to the patient – e.g., physicians in clinics, hospitals, pharmacies. Broad social acceptance of PHRs requires that these exchanges are appropriately protected. It is not irrational to prefer to keep information out of institutional records if one cannot control its use and it can be used in destructive ways – a rationality that applies to PHRs if that content will reappear in institutional backups.

Providing a strong consent model for PHRs is not without costs. The information in PHRs has value, for all the reasons that institutional health records have value. Making PHRs attractive from a personal privacy perspective trades off that value, albeit in ways extremely difficult to quantify. Discrimination and bias fears suggest the need for laws that contemplate broader anti-discrimination and access protections, similar to the Genetic Information Nondiscrimination Act (GINA).

Social networking poses a great and continuing challenge regarding privacy and confidentiality. Online communities and internet service providers are not covered entities under HIPAA, and it is not at all clear whether they should receive such or similar legal coverage. But if not HIPAA or HIPAA-like protections, by what mechanism should the privacy of online community inhabitants be protected?

Table of ethical, legal and regulatory Policy issues

Privacy and confidentiality

· Granular control over PHR disclosure

· Ubiquitous monitoring to generate PHR data

· Cohort effects and vulnerable populations using PHRs

· Social networking reliance of PHRs

· Legal uncertainty regarding non-traditional actors

Data security

· Challenges of PHR data protection in distributed environments

Decision support

· By PHAs using PHR data, provided to patients sometimes without clinical intermediaries and in extra-clinical settings

Legal-regulatory environment

· Multiple federal requirements and state requirements for PHR-based data and new environments, all evolving

Addressing the most difficult issue – Legal and regulatory requirements

Current efforts to revise HIPAA under the auspices of the HITECH present an opportunity to address PHR issues. HITECH offers significant incentives for health care participants to adopt “meaningful use” of EMR technology, and every major vendor’s implementation of EMRs offers a PHR component. The privacy and security elements of HITECH also focus on concerns implicit in wider electronic health data exchange, requiring: an audit trail of disclosure, notification of any breaches, additional authorization for certain uses of identifiable data, and strengthened enforcement of the federal privacy and security rules. HITECH specifically extends some of these HIPAA requirements to PHRs, treating them like “business associates” of entities covered by the law directly. But expanding the conception of business associates’ or vendors’ responsibilities in an EMR-like context only begins to meet PHR concerns. It extends an institutional model that only partly fits the world of PHRs and PHAs.

Summary

Is a PHR best viewed as a complement to the official record – a nice thing to have, with greater or lesser value depending on the PHAs it supports? Or is a PHR a substitute for an official record – required in emergency situations (an electronic form of “medical alert bracelet”) and perhaps even in routine ones as a backup to inter-operable, inter-institutional EMRs? How much reliance during a routine clinical encounter can (or should) a health practitioner place on the data within a person’s PHR? Whatever the legal, professional and social answers to these questions, there are technical and cognitive constraints that limit what can be expected of the average individual.

There is also the question of whether PHRs are a niche product (for particular conditions/diseases) or a more general accessory that “everyone should have”. While everyone ought to have a list of current medications, allergies, and major past illnesses – for themselves and for persons for whom they are responsible – that is a rather minimal collection of data. Given the uncertainties about how institutional PHR providers would use data, it is difficult in good conscience to recommend them to persons who have strong preferences for privacy, instead of a simple printed list on a piece of paper. The balance tilts towards PHRs for particular conditions or diseases – those that are chronic, complex and have hard-to-manage treatment regimes.

In general, the nine projects of Project Health Design have helped make clear that: (a) the novel ways health information can be shared and distributed in a PHR world pose significant risks to privacy and confidentiality; (b) patients themselves play an unprecedented role in helping to safeguard their own health information in this new world; and (c) future PHR design and development must take into account the health aspirations and social and economic fears of patients.

References

Cushman, R. Journal of Biomedical Informatics .Volume 43, Issue 5, Supplement, October 2010, Pages S51-S55 [PDF]. Retrieved from: https://www.sciencedirect.com/science/article/pii/S1532046410000614

Ozair, F. Ethical issues in electronic health records: A general overview. Retrieved from: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4394583/

Cheshire, P. (2016). Ethical Dilemmas: An Integrated Approach to Consultation and Problem-Solving [VIDEO]. Retrieved from: https://www.youtube.com/watch?v=w1WJTu4wOWE.