Is It Worth the Risk? Social Media and Healthcare Robert Shaw NR360: Info Systems Chamberlain College of Nursing Fall 2015 Is It Worth the Risk? Social Media and Healthcare Social media has taken over the way that we interact with one another. It is leading the way in which we communicate with family, friends, coworkers and strangers. It is also the way we keep up with our favorite celebrities and gossip. Social media and the use of smartphones are becoming more prevalent in business and the healthcare field as well. According to Pew Research Center, “62% of smartphone owners have used their phone in the past year to look up information about a health condition” (April, 2015). Technology, just like all things come with flaws …show more content…
Any unauthorized disclosure of such information is considered a breach of the Privacy Rule (Terry, 2015). Violators may be fined as a penalty or even face jail time depending on the offense. Continuing with the protection of information, HIPAA also has a Security Rule that goes hand in hand with the Privacy Rule. This Security Rule differs from the Privacy Rule as it applies specifically to the safeguarding of information through the electronic protected health information (EPHI). Under this rule there are three types of safeguards mentioned: technical, administrative, and physical (Terry, 2015). Your Actions. Patient’s Privacy. Are You Breaching? In the scenario discussed the nurse working makes numerous decisions that put both her and her patient at risk. She violates the patient’s privacy not only by taking pictures of him while unconscious, but also by sending them to her friend as well as taking pictures of the patient’s demographics. According to the HIPAA standards, any unauthorized disclosure of private patient information, is a breach of the Privacy Rule (HHS, n.d). It would be a completely different story if the nurse were to have asked the patient once he had recovered if she could take a picture and had gotten his authorization. However, that is not the case and the nurse, if caught, could face penalties. Not only is the nurse violating the patient’s privacy, she is also violating
Nurses have ethical and legal obligations to protect the privacy of people requiring and receiving care. This encompasses treating as confidential information gathered for professional purposes only (Privacy Act, 1988), therefore in regards to the case study this registered nurse has failed to uphold her professionalism and failed to comply with her Code of Conduct and has accessed his medical files in order for her to gather his personal information, then proceeded to message the partner of the patient to inform her of his diagnosis therefore, breaching her duty of care to the patient – even though she is not
165). The HIPAA regulations are set as a protection of Personal Health Information (PHI) and all of its areas of concern, i.e. – name, condition, symptoms, etc… Legally, the nurse is not subjected to any clearly defined healthcare related laws, at the federal level, liable under the Privacy Acts of 1974 which protects any personal identification records or information relating to the patient’s privacy. The nurse takes photographs of the patient’s demographic information from his electronic health record which violates the regulations set forth by the Privacy Acts of 1974 (Privacy Act of 1974, n.d.). In many aspects of this scenario, a major concern lies on the nurse’s ethical, unethical, practice. The American Nurses Association (ANA) delineates in Provision Three of the Code of Ethics for Nurses “The nurse promotes, advocates for, and protects the rights, health, and safety of the patient.” (ANA, 2015). The nurse is in many violations enough to end their career in this situation. The privacy of the patient is a right not a privilege. With the increase usage of social media, this invasion of privacy on the patient could potentially be leaked and could lead to jeopardizing the patient’s safety while in the hospital.
“More than three billion people worldwide now use the internet (Time), and 80 percent of them access if from their smartphones” (Smart Insights). A smartphone is a mobile phone that performs many of the functions of a computer, typically having a touchscreen interface, and much more. There is an abundant amount of smartphone brands out there in the world and while they all cost different prices, they all perform the same job. Each person uses their smartphone for various reasons, whether it’s for work or to make calls or texts. Smartphones have changed society in various ways, both good and bad. Although countless individuals think that smartphones have ruined American society, smartphones have actually benefited society because of more safety precautions, information on hand, and entertainment.
HIPAA is governed by 2 entities, the Privacy Rule and the Security Rule. These two rules dictates to outline what the Health and Human Services (HHS) requires to handle Protected Health Information (PHI) in all forms. The Office of Civil Rights (OCR) enforces HIPAA and can leverage
The privacy rule applies to personal health information in any form, electronic or paper, which includes the entire medical record. Individuals have full access to their information, can limit who can gain access to his or her records, can request changes to their medical record if there’s any reason they suspect that the information isn't accurate. In addition, the private information shared is kept to the minimal amount needed. Also, the patients have the privilege to decide whether or not to release their protected health information or PHI for purposes unrelated to any treatments or payment issues, such as research project. (Krager & Krager, 2008) HIPAA implemented specific code sets for diagnosis and procedures to be used in all transactions. Covered entities must adhere to the content and format requirements of each standard. (Center for Medicare and Medicaid Services, n.d)The security rule supplements the privacy rule; it deals specifically with electronic PHI or ePHI. It applies to covered entities that transmit health information in electronically. The Security Rule requires covered entities to keep appropriate
The other major part of HIPAA is the Security Rule. The purpose of the Security Rule is to ensure that PHI is secure and requires that certain types of safeguards be put in place. This rule has three different types of safeguards put in place. The first category has to do with administrative safeguards. These are as follows, security management process, assigned security responsibility, workforce security, information access management, security awareness training, security incident procedures, contingency plans,
HIPAA privacy law set rules and regulations within healthcare. Many of the processes were changed. Now there are security standards in place that protect the confidentiality and privacy of the patient health record. Patients have more rights and privacy protection to access their own PHI. The HIPAA Privacy Rule contains provisions relating to the prevention of medical malpractice, fraud, and abuse.
HIPAA - (Health Insurance Portability and Accountability Act), was enacted by Congress in 1996 which included the Security Rule which established a national set of security standards for protecting (ePHI) otherwise known as electronic protected health information. The HIPAA security rule is subdivided into three types of safeguards (physical, technical, and administrative). Following the safeguards there are the organizational requirements, policies and procedures, and documentation requirements, each having their own subset of requirements. The HIPAA security rule was created to provide healthcare organizations such as small practices to large hospitals a way to address specific risks
The nurse in this scenario missed the concert she was eager to go because she had to work. Instead of providing focused care for her ill patients, she was fixated on her friends, who texting her from the concert. After realizing her newly admitted patient turned out to be the lead singer in the concert she missed, she failed to listen to the patient status report and neglected providing the care he needed. The nurse violated the patient’s privacy by taking inappropriate pictures of him while he was unconscious. She spent her day off bragging on her
The four general requirements of Security Rule are designed to use technology and security policies to protect the health records in issues as changing passwords procedures, ensuring correct management of ePHI, protect ePHI against any anticipated threat, or ensure its workforce complies with the HIPAA Security Rule.
On February 20th 2003 the HIPAA security rule was published by (HHS) the Department of Health and Human Services. Entities with small health plans were given over three years to comply with the security rule, while the larger entities had two years from the publications original date to comply. The HIPAA security rule is the same as it has been since its implementation more than 10 years ago. On January 25, 2013 the act was amended by the Omnibus Rule to add the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HIPAA Security Rule defines all of the administrative, physical, and technical safeguards that must be incorporated into an organizations HIPAA security compliance plan. There are five categories in which the HIPAA security rules are grouped in. Those five groups include three safeguards categories: administrative; physical and technical safeguards. Along with organizational standards and finally documentation requirements followed by policies and procedures.
To be HIPAA compliant, organizations must understand the rules and implement best practices regarding anyone who comes in contact with patient sensitive information (ePHI). They must also deploy products and services that will help accomplish this. A good overall strategy includes implementing administrative, physical, and technical safeguards.
The medical professionals who were supposed to be caring for this dying patient failed to concentrate on his thoughtful care, and instead took a few photos of this gentleman and posted them on Facebook. Several of the staff lost their job and others disciplined for this cruel lack of integrity. In another incident in California at Tri-City Medical Center, nurses discussed patients on Facebook. While no job losses were reported, those involved were reported. Five nurses lost their employment by simply taking digital photos on their phones of a suicidal person and even snapping images of patient x-rays. Several reports have been made of nurse’s curiosity getting them in trouble by looking up records of celebrities. A contract nurse wound up seeking new employment for looking into records on patients not assigned to them at the University Medical Center in Tucson, Arizona, seeking information on those hurt in the shooting that injured congresswoman Giffords. A nursing student examining a placenta – if in the scope of the day’s assignment and thus presumed appropriate, is one thing, but crossed a huge threshold when photographed and posted on Facebook. The consequence was large, kicked out of nursing school and a subsequent lawsuit.
HIPAA Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information.
Radio frequency identification, also known as RFID, is a breakthrough in technology and could just be the next big step in surveillance. Yet, how far is one willing to go to be sure that all of their past history is accurate? This sounds a little like George Orwell’s 1984; a chip inserted into one’s skin, embedded with data that can be transferred to a reading device and be read? Someone could be able to know every little thing about another person just by transferring data; sounds a little scary.