USA: +1 508 290 1604 
Sign in
QUESTION
Access and Specialized Patient Records
You are the director of health information services in a major medical center that maintains both a psychiatric and substance abuse units in addition to general medical and surgical units. Your facility, under the direction of the CIO, plans to join a computer network with 15 hospitals throughout the state, which will allow online access to records, regardless of which facility they were generated. None of the other 15 facilities offers psychiatric or substance abuse treatment, and you have been asked to provide HIM analysis as the subject matter expert.
- Identify access and confidentiality issues that may be present with such a network in the light of the statutory, regulatory, and accrediting requirements governing patients treated in these units.
- What specific organizational recommendation(s) would you make to the CIO to ensure she has considered specialized records in her support of the network for all departments, including the HIM department?
- Discuss psychotherapy notes as defined by HIPAA and how they are treated differently.
ANSWER
Access and Specialized Patient Records
Access and Confidentiality Issues
Inappropriate data sharing
Inappropriate release of patient data entails authorized staff members intentionally or unintentionally accessing and disseminating patient data without patients’ consent or violating organizational policy. The inappropriate release also involves outsiders illegally gaining access to the computer system to manipulate data, render the system inoperable, or access data for malicious activities, e.g., viewing records of targeted individuals and leaking data to the press or rendering the system.
Systemic flows in the network system.
Systemic concerns refer to having an open disclosure policy that gives the other 15 hospitals access to identifiable patient information. The parties might leverage this privilege to act against the patients’ or organizations’ interests.
Recommendations
- Implement and enforce policies that sanction or impose disciplinary action on internal agents who violate organizational policies.
- Install data security and privacy features, such as firewalls, to prevent (e.g., cyber-security intrusions), alarm systems, antivirus, auto-time outs, user control features, spyware detectors, user authentication, and log-in features to restrict access to medical records.
- Systemic concerns stem from perception differences regarding fair information practice. Thus, the medical center should create a public policy that explicitly indicates what constitutes acceptable use of patient information and liability issues and reduce the incentive for wholesale sharing of patient information. The policy must cover the whole network.
- Instead of sharing identifiable patient information, the medical center should adopt an encrypted universal patient identifier to mitigate privacy concerns. Other measures to prevent parties from data violation include secure multiparty computation, strong trust distribution techniques, trusted hardware, and advanced cryptographic mechanisms (e.g., homomorphic encryption) (Argaw et al., 2020).
Psychotherapy Notes
HIPAA defines psychotherapy notes as “notes recorded in any medium by a mental health professional documenting or analyzing the contents of conversation during a private counseling session” (Holloway, 2003, para. 2). Unlike other medical records, HIPAA does not mandate disclosure of the notes to patients. Psychologists cannot be subjected to a review process if they deny patients access to this information.
References
Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M.-V., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J.-M., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1). https://doi.org/10.1186/s12911-020-01161-7
Holloway, J. D. (2003). HIPAA’s psychotherapy notes provision safeguards sensitive patient information. Apa.org. https://www.apa.org/monitor/feb03/hipaa
To get your original copy of this paper, please Order Now
Related Questions
Dealing with Difficult Patients (ANSWERED)
