The Health Insurance Portability and Accountability Act (HIPAA) has caused much controversy within our society. To directly deal with medical professionals releasing patient information illegally, HIPAA was created to protect patient privacy. HIPAA has been updated to ensure that medical professionals promote security and confidentiality regarding all patient information. HIPAA ensures patient security and that nationwide standards are followed appropriately. Medical professionals should always respect their patients and their privacy. Though legality is an important factor, HIPAA promotes good medical care by staying consistent with ethical practices. Following HIPAA regulations will provide quality physician and patient relationships, ensuring that society keeps trust with the healthcare system. Though, there are arguments that HIPAA needs to update their regulations and make sure proper practice of HIPAA policies are performed. Healthcare professionals have an obligation to support and follow the guidelines to protecting a patient’s privacy.
The Health Insurance Portability and Accountability Act, or HIPAA, is made up of regulations that are used by all healthcare professionals regarding basic patient privacy rights. Medical professionals should always respect their patients and their patient’s privacy. Physicians are responsible for the well-being of people. Following patient privacy and the regulations of HIPAA will protect the physicians, the patients, and will ensure society’s confidence and trust with healthcare professions. HIPAA was created in the hopes of improving the efficiency and effectiveness of the health care system that enforces the United States Department of Health and Human Services to accept national standards of adopting new Federal privacy protection laws for an individual’s health information.
Before the Health Insurance Portability and Accountability Act was passed in 1996, our healthcare system was not well regulated. Privacy was not valued until HIPAA was introduced and then finally enacted in 2003, even though medical professionals were aware of the Hippocratic Oath (Shindell). The patient’s right to control where their medical information is shared and kept confidential refers to the policy of medical privacy. HIPAA was enacted to protect the patient’s rights of privacy and security of oral, written, and electronic health information (Codington-Lacerte). The overall goal of HIPAA was to create nationwide health information standards. In order to ensure the privacy and security of patients and their medical information, HIPAA requires administrative, physical, and technical safeguards to be completed. Determining the status of the health care professionals and their staff, positioning of computers, printers, and other office equipment must be positioned carefully, and access controls must be managed by passwords, firewalls, or anti-virus software to track changes in records and who can read them (Codington-Lacerte). Though HIPAA requires these complicated regulations, there are still ethical issues that become apparent.
Ethically, medical professionals should know what actions they must take and what they should and should not do. We make ethical decisions every day; we just do not recognize them as often. Health care providers must weigh HIPAA regulations into ethical decision-making (Shindell). The main reason HIPAA was established was to focus on protection of patient’s privacy rights. Healthcare providers are expected to value that; it should be known that any healthcare professional has an ethical obligation to follow HIPAA guidelines of patient privacy.
Medical professionals should always respect their patients and their patient’s privacy. When creating HIPAA, its regulations were made to follow medically accepted ethical principles. Therefore, any medical professional has an ethical responsibility to follow these regulations and protect privacy. Healthcare professionals should exemplify common decency and respect for the patients to whom they provide care. When following regulations of HIPAA, all physicians and healthcare providers can adhere to high ethical standards and strive to decrease the dilemmas with physician and patient relationships. This forced medical professionals to look at the legal and ethical responsibilities they have when disclosing confidential information. By requiring medical professionals to be aware of confidentiality, it also allows them to use professional judgment to provide good quality medical care (Angelos, 514). Overall, HIPAA regulations stay consistent with ethical practices of medicine and surgery. These ethical standards of HIPAA guidelines are why HIPAA regulations should be commonly practiced and obeyed.
When HIPAA regulations are followed–as they should be–healthcare systems flourish. However, inappropriate behavior towards patients and violations of HIPAA are disrespectful and infringe on a patient’s privacy. This can cause discord between physician and patient relationships, and, in addition, societies trust in the healthcare system. HIPAA violations are what cause this topic to spark moral dilemmas. Recent events like the “Dancing Doctor” involving Dr. Windell Boutte, have reminded us that there are healthcare professionals who are capable of abusing trust. In addition to breaking the trust of patients, civil rights of those patients are violated when information is breached. Breached information involves the realizing of information to someone that does not have the right to view it (Brody, 87). Though no legal action can come from a violation of civil rights, lawsuits can be sought if a patient demonstrates damages from improper disclosure from a breach of their protected health information (Brody 87). With the risks of lawsuits, there are also risks of receiving fines from violating HIPAA.
Violating HIPAA can come at a costly price. Any healthcare professional that exercises a violation of HIPAA can expect to acquire fines anywhere from $100 to $50,000 (Brody, 87). This can be for each violation. For any identical provisions occurring within the same calendar year there can be up to a maximum of $1.5 million in fines (Brody, 87). Though a fine might seem like the worst of the punishments, it might be the easiest one to get around. Many physicians are now having their medical licenses suspended for HIPAA violations and are also at risk of possible jail time. The reason for a healthcare professional to not violate HIPAA and not disrespect the patient’s privacy should not be because of the possible consequences they might face, but rather because it is morally and ethically wrong. The patient is almost indefensible and has no control over the situation once violated (Silberman, 314). The trust should be ensured, and it is a healthcare professionals’ job to advocate and protect the privacy rights of their patients.
Like previously mentioned, Dr. Windell Boutte, also known as the ‘Dancing Doctor’, has very recently been involved with improper disclosure lawsuits and records of malpractice and HIPAA violations. Though she practices in Georgia, headlines of her violations have made nationwide news, expanding from local news channels to CNN and Good Morning America. Ethical issues began when videos of Dr. Boutte dancing to music in the operating room while performing surgeries were released on YouTube. Though many surgeons listen to music in their operating rooms, this situation was different. Dr. Boutte was exhibiting reckless tactics by waving her scalpel and dancing while cutting into a patient and rapping her own lyrics of popular songs (Ellis et. al). Though deeper investigations have been conducted concerning Dr. Boutte’s malpractice issues, the main focus sparked when Dr. Boutte’s patients felt as if their HIPPA and privacy rights were violated. Dr. Boutte’s patients claim that they were unaware of the videos being recorded and never gave consent to have their naked bodies be filmed and uploaded to the Internet for everyone to see. Dr. Boutte showed unethical conduct by violating HIPAA that protects patients even when they are in the operating room (Silberman). As of July 1st, 2018, Dr. Windell Boutte signed an order agreeing to give up her medical license by being indefinitely suspended in Georgia, but after two and a half years she can petition to lift her suspension to practice medicine again. Dr. Boutte has lost trust of many of her patients because she violated their HIPAA and privacy rights. In addition to damaging her reputation by violating HIPAA, Dr. Boutte impaired her employees work status and ruined her physician and patient relationship.
Though Dr. Boutte has ruined her physician and patient relationship, whole hospitals are capable of doing this as well. St. Luke’s-Roosevelt Hospital Center Incorporated has paid a $387,000 fine for a violation of HIPAA penalty. Investigation of the hospital started when a complaint came from a patient about impermissible disclosure of personal health information. It involved a patient of St. Luke’s Spenser Cox Center for Health who alleged that a staff member of St. Luke’s hospital had violated their privacy by faxing protected heath information to the patient’s employer. The violation of highly sensitive information included the patient’s sexual orientation, HIV status, sexually transmitted diseases, mental health diagnosis, details of physical abuse suffered, medical care and medications (HIPAA Journal). The patient had requested that the medical information be sent to their personal mailbox instead of it being sent via fax. As the investigation went on, it was revealed that this was not the first time that the hospital had violated HIPAA in this particular way. It disclosed that another patient’s information was sent via fax instead of the preferred mailing address. Because the information was classified as highly sensitive, the privacy rules in both cases were seriously violated. As the investigation revealed, St. Luke’s Hospital had failed to protect the health information of the patient’s involved, the hospital was fined $387,200 to pay to the Department of Health and Human Services’ Office for Civil Rights, or OCR. They were also required by OCR to adopt a corrective action plan to review and update policies, procedures, and the training of staff members with these new updates (HIPAA Journal). Only one of the many HIPAA violations that happen, this situation is just another example of why individuals and society cannot trust a healthcare system that does not do its best to appropriately protect a patient’s most sensitive personal health information.
Healthcare professionals have an ethical obligation to follow the guidelines and regulations of HIPAA to protect a patient’s privacy. However, following these regulations of HIPAA can be difficult to keep up with. For example, there are mass amounts of paperwork involved with risks of violations. Though it is not required by HIPAA, many physicians prefer that their staff provide a patient consent form to all patients. This consent protects the physicians if a patient were to complain that their privacy rights had been violated. The Patient Consent form is one of three main forms. The other two are the Notice of Privacy Practice form and the Authorization form. These forms give the physicians an extra layer of protection if they or their practice was to be investigated for a HIPAA violation (Bush, 32). Another difficulty that medical practices or physicians might have is the strain of sharing medical information, when not over the phone. Important medical records can be shared with patients over the phone. There is more paperwork for options if the patient allows the medical staff or physicians to leave a voicemail. Mobile texting has exploded in this generation, being used as an easy tool to get in contact with someone quickly. But, while it may seem harmless to text even general health information, like vital signs or test results, it is risking the chance that cyber criminals get access to this information (Zabel). Any medical practice is at high-risk for HIPAA violations. Failure to update regulations can make practices more vulnerable to HIPAA violations.
Since 1996, HIPAA has gone through many revisions. However, more ethical issues seem to be brought to attention. With more issues being made aware, HIPPA should continue to update their regulations often. To start, HIPAA regulations can be strengthened and made stricter to protect the privacy and the personal health information of patients. Many believe that the United States’ HIPAA regulations have become increasing relaxed because they are not up to date. Even minor updates can be made to update HIPAA guidelines to achieve other goals, like improving our healthcare system. In situations that involve sharing medical information, new technologies and programs can be invented to allow safe communication through cellular or Internet contact. This can allow for texting or emailing to be an option for healthcare professionals and their staff to convey medical information to their patients and ensure that it remains confidential. HIPAA compliance officers and security officers are responsible for monitoring medical practices and solving issues regarding current documents, training, and compliance (Sterling, 54). To guarantee that health information is protected, HIPAA needs to assure that all officers are properly trained and possibly even reeducated with new updated training procedures. These officers are important figures because they are responsible for staying informed with updated policies in the healthcare industry and changes in individual practices (Sterling, 55). To make sure that patient’s keep their trust in the healthcare system, good communication and patient care must be practiced by healthcare professionals at all times. But ultimately, to resolve HIPAAs most concerning ethical issues, more attention needs to be directed by physicians at using good judgment in deciding how to disclose private information confidentially (Angelos, 518). These are only a few ideas that can help resolve ethical issues regarding HIPPA. And, if acted upon, there should be an improvement by having a decrease in HIPAA violations.
Any medical professional has an obligation to protect a patient’s personal health information. Any violation and disrespectful actions towards a patient’s information or their privacy should be sanctioned. They should be sanctioned not only because it is illegal, but also because it is ethically wrong. With the examples of Dr. Windell Boutte and St. Luke’s-Roosevelt Hospital Center Incorporated, each displayed instances where penalties and fines were administered because of the violation of HIPAA and privacy laws. HIPAA violations are very common, though they should not be. However, if resolutions are made to the regulations and guidelines of HIPAA, improvements should be exhibited with the overall general protection of physicians, their practices, patients, and their privacy rights. Nevertheless, medical professionals should always strive to respect and protect their patient’s privacy.