Ethics 4

Question 1

Confidentiality

Answer 1

The practice of keeping harmful, shameful or embarrassing information within proper bounds

• confidentiality is a duty
• confidentiality is an obligation, an ethical issue, self imposed by a profession
• practice* and duty*
• confidentiality is important because someone has confided private information to us -> ability to trust

Question 2

Privacy

Answer 2

A privilege (a right)

• a legal issue invoked (or relinquished) by the patient that requires the professionals to not disclose information
• the right to privacy gives legal standing to the ethical principle of confidentiality
• law that upholds the practice of confidentiality

Question 3

Violations of confidentiality

Answer 3

Involved disclosure of someone’s private information that they voluntarily imparted in confidence and trust when there was an implicit promise not to divulge that information without their permission

Question 4

Violations of privacy

Answer 4

Involve the unauthorized disclosure of someone else’s private information (unauthorized access, use or disclosure of procreated health information)

Question 5

Trust

Answer 5

Always involves a relationship

• confidentiality serves as one cornerstone for building a solid relationship with patient
• breaking the confidence undermines their ability to trust

Question 6

Modern difficulties with maintaining confidentiality

Answer 6

Professional “need to know” other MDs RNs, therapists, etc.

• communication hazards:
• phone/answering machines
• fax
• copy machines
• email
• electronic medical records

Question 7

When can you share private patient information with other health professionals

Answer 7

Need to know basis

• when it is directly related to the patient care
• do they need this information to provide the most caring response to the patient
• different from what a colleague might find interesting or unusual
• has no bearing on the case at all

Question 8

Why do we uphold patients confidence

Answer 8

• build trust in the patient provider relationship
• maintain the patient dignity
• uphold justice

Question 9

How to uphold justice

Answer 9

Through moral choices that measure the rights of the people involved

• seeking to cause the least amount of damage
• is this the right thing to do?

Question 10

Special problems in confidentiality

Answer 10

Confidentiality is likely to be lost in return for:

• Insurance coverage
• an employment opportunity
• your application for government benefits
• an investigation of health and safety at your work site

Question 11

Exceptions to obligation for confidentiality

Answer 11

• patient threatens to harm self
• patient threatens harm to others
• when required by law (state specific):
• communicable disease
• occupational diseases
• wounds of violence
• suspected abuse
• loss of consciousness

Question 12

Special problems in confidentiality

Answer 12

Confidentiality is likely to be lost in return for:

• insurance coverage
• an employment opportunity
• your application for govenremenr benefits

Question 13

HIPPA privacy rule

Answer 13

• health insurance portability and accountability act (HIPPA)
• 1996
• required department of health and human services (DHHS) to issue privacy regulations governing individually identifiable health information

Question 14

who is covered by HIPPA

Answer 14

• applies to covered entities
  1. a health plan
  2. health care clearing house
  3. health care provider who transmits any health information in electronic form in connection with a transaction

Question 15

health plan

Answer 15

means an individual or group plan that provides or pays the cost of medical care

Question 16

health care clearing house

Answer 16

-the term health care clearing house means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements

Question 17

health care providers

Answer 17

every health care provider regardless of size who electronically transmits health information in connection with certain transactions, is a covered entity
-privacy rule covers a health care provider whether it electronically transmits these transactions directly or uses a billing service or other third party to do so on its behalf

Question 18

health information

Answer 18

• term health information means any information, whether oral or recorded in any form or medium, that:
• is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse
• related to the past, present, or future:
• physical or mental health or condition of an individual
• provision of health care to an individual
• payment for the provision of health care to an individual

Question 19

individual identifiable health information

Answer 19

• any information including demographic information collected form an individual that:
• is created or received by a health care provider, health plan, employer, or health care clearinghouse
• related to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and identifies the individual with respect to which there is a reasonable basis to believe that the information can be used to identify the individual

Question 20

individually identifiable health information

Answer 20

• name
• address
• social security number
• phone number
• medical record number
• email address or URL
• diagnosis
• test results
• photographs
• physician notes
• health plan information

Question 21

protected health information (PHI)

Answer 21

• any individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media whether electronic, paper, or oral
• privacy rule excludes from protected health information:
• employment records that a covered entity maintains in its capacity as an employer
• education and certain other records subject to, or defined, in the family educational rights and privacy act (FERPA)

Question 22

de-identified health information

Answer 22

there are no restrictions on the use or disclosure of de-identified health information

• neither identifies nor provides a reasonable basis to identify an individual
• there are two ways to de-identify information:
• 1. formal determination by a qualified statistician
• 2. removal of specified identifiers of the individual and of the individuals relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual

Question 23

18 elements to de-identify elements

Answer 23

1. names
2. social security numbers
3. telephone numbers
4. fax numbers
5. all geographic subdivision smaller than state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code,
6. all elements of dates (except year)
7. electronic mail addresses
8. medical record numbers
9. health plan beneficiary numbers
10. account numbers
11. certificate/license numbers
12. vehicle identifiers and serial numbers, including license plate numbers
13. device identifiers and serial numbers
14. web universal resource locators (URLs)
15. internet protocol (IP) address numbers
16. biometric identifiers, including finger and voice prints
17. full face photographic images, other comparable images or image which can readily identify the individual
18. any other unique identifying number, characteristic or code

Question 24

general principle for uses and disclosures

Answer 24

-A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s PHI may be used or disclosed by covered entities.
-A covered entity may not use or disclose PHI, except:
▪ As the Privacy Rule permits or requires
▪ As the patient or the patient’s representative authorizes in writing

Question 25

required disclosures

Answer 25

- a covered entity must disclose protected health information in only 2 situations: - to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosure of, their protected health information - to DHHS when it is undertaking a compliance investigation or review or enforcement aciton

Question 26

permitted uses and disclosures

Answer 26

- a covered entity is permitted, but not required, to use and disclose protected health information, without an individuals authorization, for the following purposes or situations: - to the individual (unless required for access or accounting of disclosures_ - treatment, payment, and health care operations - public interest and benefit activities - limited data set for the purposes or research, public health or health care operations

Question 27

facilities directories

Answer 27

- it is a common practice in many health care facilities, such as hospitals, to maintain a directory of patient contact information - a covered health care provider may rely on an individuals informal permission to list in its facility directory the individuals name, general condition, religious affiliation, and location in the providers facility - the provider may then disclose the individuals condition and location in the facility to anyone asking for the individual by name, and also may disclose religious affiliation to clergy

Question 28

for notification and other purposes

Answer 28

A covered entity may rely on an individual’s informal permission to disclose to the individual’s family, relatives, or friends, or to other persons whom the individual identifies, PHI directly relevant to that person’s involvement in the individual’s care or payment for care.

Question 29

public interest and benefit activities

Answer 29

-The Privacy Rule permits use and disclosure of protected health information, without an individual’s authorization or permission, for 12 national priority purposes. -These disclosures are permitted, although not required, by the Rule in recognition of the important uses made of health information outside of the health care context

Question 30

HIPPA notice of privacy practice

Answer 30

-The Privacy Rule provides that an individual has a right to adequate notice of how a covered entity may use and disclose protected health information about the individual. -Covered entities must develop and provide individuals with this notice of their privacy practices -the notice of privacy practice must be available to patients upon request -the notice must be posted in a prominent location of the facility

Question 31

enforcement and penalties for noncompliance

Answer 31

-Compliance- The Department of Health and Human Services, Office for Civil Rights (OCR) is responsible for administering and enforcing the Privacy Rule and may conduct complaint investigations and compliance reviews. -Covered entities that fail to comply with the standards may be subject to civil monetary penalties. In addition, certain violations of the Privacy Rule may be subject to criminal prosecution

Question 32

HITECH Act

Answer 32

- 2009 - created to promote the use of electronic health records (EHR) by covered entities - expanded the requirements for: - data breach notification - protection of electronic PHI

Question 33

breach notification rule

Answer 33

-requires covered entities and their business associates to notify the OCR and patients impacted of a breach of unsecured PHI

Question 34

what is a breach

Answer 34

-a breach is an impermissible use or disclosure oh PHI that compromises the security or privacy of the data