Handling of Health Information
Handling of Health Information
Should clinical and non-clinical healthcare staff have the same permissions for viewing health information? First, we must establish the difference between electronic medical records (EMR) and electronic health records (EHR). According to the National Alliance for Health Information Technology (NAHIT), EMR is the patient record that is created every time a patient is seen at a healthcare organization, i.e., doctor’s office, hospital, etc. Whereas EHR is an accumulation of all patient’s health-related information gathered across more than one healthcare organization and includes substantially more data than commonly found in medical records. Furthermore, it consists of the EMR (as cited in HealthIT, 2011) Non-clinical healthcare staff should not have access to view patient health information to prevent Health Insurance Portability and Accountability Act (HIPAA) violations (Kloss et al., 2018, p. 60). EHRs access by unauthorized users and non-technological factors are sources of concern that could be a threat to data integrity and protection in EHRs (Bani Issa et al., 2020, p. 228). Harman (2012) suggested that the key to preserving confidentiality is ensuring that only authorized individuals have access to information and medical records (p. 714). Additionally, users’ authorization for viewing patients’ data should be limited based on the information needed (Kloss et al., 2018, p. 219). For example, in the behavioral unit where I work, nursing assistants do not have access to patients’ medical records-they only receive pertinent and necessary information needed to care for the patients. Although EHR has been named the backbone of digital health and the leading platform for storing and retrieving patient information, it still represents a threat to the integrity of patient privacy. Consequently, HIPAA states that preserving the integrity of EHR data is a vital duty of medical staff. So, confidentially policies related to IT information should include a contract for accountability and confidentiality – every healthcare provider should be responsible for their actions and commit to protecting patient privacy (Lee, 2017; as cited in Bani Issa et al., 2020, p. 224). Professor Nurkanovich, what a scary situation for both patients and staff! The hospital probably had to turn away patients as part of EMS diversion. A cyber-attack puts things into perspective because nurses and other healthcare workers are forced to switch back to paper charting, which is an inconvenience. Nurses lose the ability to scan medications, which is a huge safety concern. It is very uncomfortable to work under these conditions because there is no way to access radiology studies, old labs, EKGs, etc. References Bani Issa, W., Al Akour, I., Ibrahim, A., Almarzouqi, A., Abbas, S., Hisham, F., & Griffiths, J. (2020). Privacy, confidentiality, security, and patient safety concerns about electronic health records. International Nursing Review, 67(2), 218-230. https://doi.org/10.1111/inr.12585 Harman, L. B. (2012). Electronic health records: Privacy, confidentiality, and security. AMA Journal of Ethics, 14(9), 712-719. https://doi.org/10.1001/virtualmentor.2012.14.9.stas1-1209 HealthIT.gov. (2011, January 4). EMR vs HER-What is the difference? https://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/emr-vs-ehr-difference Kloss, L. L., Brodnik, M. S., & Rinehart-Thompson, L. A. (2018). Access and disclosure of personal health information: A challenging privacy landscape in 2016-2018. Yearbook of Medical Informatics, 27(01), 060–066. https://doi.org/10.1055/s-0038-1667071