The Tension Between Confidentiality and Accessibility
Download
Report
Transcript The Tension Between Confidentiality and Accessibility
The Tension Between
Confidentiality and Accessibility
Edward B. Goldman, J.D.
Deputy General Counsel
University of Michigan
October 10, 2007
Michigan Confidentiality Law
Any information acquired to treat a
patient may not be disclosed to any
third party.
Except: To defend a malpractice action,
avoid injury to a child, vulnerable adult
or identified third party, obtain payment,
respond to a court order, protect the
public health, etc.
Federal Confidentiality laws
Substance abuse information.
HIPAA Privacy (Health Insurance
Portability and Accessibility Act of
1996): Any patient information can only
be used for treatment, billing or normal
operations. Any other use requires a
specific patient authorization except...
04/03
HIPAA Privacy
Requires a Notice of Privacy Rights.
Confidentiality exceptions for public
health purposes, child or vulnerable
adult abuse,law enforcement, and many
many other listed exceptions.
Use and disclosure law.
Issue: Proper balance?
Case Example 1
A child is transported from Rural to
Academic Hospital. Rural wants to know
the outcome of the case. The child did
well and does not need further care.
Can Academic tell Rural the medical
details? Can they say anything? (Issue:
Is there an ongoing treatment
relationship? QA rational?)
Case Example 2
Hospital has an electronic medical
record. It is password protected. Nurse
signs on to document care for a patient
then is called away for a patient
emergency. The computer is left on and
a visitor uses the computer to look up
his neighbors medical record.
Who is responsible? (Time out or
biometrics needed?)
Case Example 3
It’s May 1, 2003. New mother gives birth
to New Baby. There is a chart for both
mother and child. Father wants to see
both charts. Is that allowed?
Is the information about mom in the
babies chart protected? i.e. Must mom
give consent to allow it to be seen?
Can the information be used for care?
Case Example 3 Continued
Can the treating staff use the data for
QA? For Grand Rounds? For a
seminar? For a paper in JAMA?
Can other staff use the data? For what
purposes?
What if the Hospital hires an outside
firm to help put information on line; can
the firm see this data? (BA agreement)
Case Example 4
You work at Wireless Hospital where all
medical data is computerized and can
be retrieved by any computer or PDA in
the Hospital (with proper access). What
restrictions should exist for hospital
personnel? Can they take the PDA’s or
lap tops out of the hospital? Password
protection, encryption needed?
Case Example 5
Dr. Sue Fentanyl is seeing a 19 year
student who is non-compliant with
medications. Can she inform the
parents?
What if the medications are for
depression and Sue believes the
student is suicidal?
Which case would you rather defend?
Case Example 6
Kindly Dr. Jones has been the sole
general practitioner in a small town for
40 years. He is seen by his eye doctor
and found to have early macular
degeneration and possible early signs
of dementia. Must the Licensing Board
be told?
Case Example 7
Dr. Vera Fib takes her elderly mother to
the hospital for a check-up. While her
mother is sitting down Vera asks at the
desk about other appointments and is
told that information cannot be provided
since it is confidential. Is that right?
Case Example 8
You see a patient with a work related
eye injury and provide treatment.
What can the employer be told?
45 CFR 164.512(l) says: You may
disclose information “as authorized by
and to the extend necessary to comply
with laws relating to workers’ comp.”
The Goals of Confidentiality
Encourage patients to trust and freely
communicate with care givers.
Provide a “shield” to protect care givers
from having to disclose information.
Promote an environment of patient
privacy.
Promote a “just” society.
The Goals of Accessibility
Allow care to be provided efficiently and
appropriately.
Provide access for public health
purposes. Ex: HIV data; cancer
registries; birth information, protection of
the public.
Provide data for research and
advancement of health care.
The Balance Point
Confidentiality exists to protect the
patient.
Disclosure exists to protect society.
Easy access should exist to allow staff
to do their jobs (patient care, risk
management, data management,
billing) and protect the public
(disclosures as mandated by law).
The Challenge
Continued privacy in the electronic age.
Issue: patient electronic access to
medical information, renewal of
prescriptions, update/change visits,
access to their physicians versus
continued need for privacy and security
of medical information.
Questions?
Answers:
1. It’s too soon to tell.
2. Just why do you want to know?
3. That’s true but on the other hand…
4. I’ll have to check and get back to you.
5. That’s too specific so please ask your
own attorney.