Please find the attachment below before you start the Reply for the following Discussions.

Discussion 1 :

Harman LB, Cornelius FH. Ethical Health Informatics: Challenges and Opportunities. 3rd ed. Kindle ed. Burlington, MA: Jones & Bartlett Learning; 2017.

Tue Sby KBLon. Ethics Codes Collection. AHIMA Code of Ethics (2011) | Ethics Codes Collection. https://ethics.iit.edu/ecodes/node/6469. Accessed February 6, 2020.

Good evening,

Privacy and confidentiality before the adoption of HIPAA laws was relegated to the state government that is associated with the healthcare organization. This in turn meant that information that was protected within one healthcare organization and state did not make it privileged information for other healthcare providers outside the state. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) implemented privacy restriction on data on the federal level. HIPAA protected information includes records that are contained within Covered Entities (CE) or Business associates (BA). Protected health information (PHI) is individually identifiable health information that relates to an individual’s past, present, or future in regards to physical or mental condition and/or payment for provision of healthcare. Another note in regards to PHI is that it must be in the custody of or be transmitted by a CE or BA. HITECH imposes significant penalties for HIPAA breaches forcing the HIPAA restrictions to become a top priority.

These laws stated above and the procedures that have been put in place through AHIMA are all to uphold the first ethical principle within the code of ethics of the AHIMA states that all members are to “Advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality in the use and disclosure of information.” For both the laws regarding information use and ethics and the AHIMA ethics code, the HIM professionals and students are to be in effect the patients advocate for privacy and confidentiality with the threat of retaliation from HIPAA and HITECH if ethics generated from AHIMA are not followed.

Electronic medical records (EMR) are created when a patient uses any form of medical service. Medical services can be formatted into both structured and unstructured data. Structured data is data that can be easily formatted into the confines of a database, while unstructured data is such that it does not easily fit into the confines of a database. Data that is used for data analytics should not have any personally identifiable information and should not be able to be tracked back to a patient. Data that is kept within the healthcare organizations data warehouses should maintain the CIA triad that maintains confidentiality, integrity and availability. Confidentiality is maintained by setting up security policy within the healthcare organization for internal professionals and encryption for external threats. The data should also maintain integrity such that it will not be changed, and the data should be available to medical professionals that require the use of the information.

Discussion 2 :

In previous discussion posts we have discussed the AHIMA Code of Ethics and the Four Core Principles of Biomedical Ethics, both providing HIM professionals ethical guidance towards making the right decisions for the patients and patient privacy. Through HIPAA (Health Insurance Portability and Accountability Act of 1996) and HITECH Act (Health Information Technology for Economic and Clinical Health Act) policy initiatives, HIM professionals have federal law as a guide and force towards patient advocacy (Harman & Cornelius, 2017). Under the HIPAA privacy rule, HIM professionals have more control over patient information in order to protect it. Different types of disclosures and authorizations required can control how much private or confidential information is disclosed, who the exact recipient of the information will be, justification for disclosing the information, and even an expiration date for the disclosed patient data. All of these aspects of HIPAA help safeguard protected health information or PHI by making every little detail regarding sharing patient data clear. The HITECH Act provides incentives for HIM professionals to serve as patient advocates. Financial incentive payments are given to HIM professionals for proper use of certified electronic health records (EHS’s) and heavy penalties and enforcement are applied to those not in compliance, varying in amount of dollar penalty per violation up to a cap of $1.5 million (Burde, 2011). With the addition of the HITECH Act, HIM professionals following current ethical practices and standards set by HIPAA can be rewarded for protecting patient data.

Patient health data repositories have come a long way from paper documents stored in basements rarely to be looked at again. Now that data can be easily stored and accessed there are more ethical issues to consider. A benefit of modern health data repositories is that patients have better access to their own information. However, the convenience comes at a cost as the same information could easily fall into the hands of someone else, whether intentionally through medical identity theft or unintentionally from mistakes made by HIM professionals (Harman & Cornelius, 2017). It is up to HIM professionals and others involved with data repositories to ensure that the data is properly collected, stored, maintained, and protected. In terms of data collection and storage, the same pieces of information can be stored in different ways. Without insight and planning for future use, data can be stored in an unstructured way with no rhyme or reason in how it is organized or presented. On the other hand, structured data is organized, easily readable and is useful for future data analysis (Pickell, 2018). Think of data in an Excel sheet, it is easier to read patient data if their name, day of birth, blood type, and other attributes were under different columns rather than all in one column.

Burde, H. (2011, March 1). THE HITECH ACT: An Overview. Retrieved February 7, 2020, from https://journalofethics.ama-assn.org/article/hitec…

Harman, L. B, and Cornelius, F. (2017). Ethical challenges in the management of health information (3rd ed., pp. 75-94). Burlington, MA: Jones and Bartlett Learning.

Pickell, D. (2018, November 16). Structured vs Unstructured Data – What’s the Difference? Retrieved February 7, 2020, from https://learn.g2.com/structured-vs-unstructured-da…

Discussion 3 :

Health Information Management (HIM) professionals in many ways serve as patient advocates in relation to the Health Insurance Portability and Accountability (HIPAA) Act and the Health Information Technology for Economic and Clinical Health (HITECH) Act. It is directly stated in the American Health Information Management Association (AHIMA) Code of Ethics, that members shall “advocate, uphold, and defend the individual’s rights to privacy and the doctrine of confidentiality in the use and disclosure of information” 1. While all HIM professionals should strive to uphold this principle, HIPAA and HITECH set the legal standard for how protected health information (PHI) can be collected and handled. It is the responsibility of the HIM professional to safeguard all data and information that is collected from patients. Steps to ensure patient privacy and confidentiality can be taken when the data is collected. This can be done by identifying what specific and meaningful information needs to be disclosed to the healthcare team to provide care, while intentionally not collecting unnecessary information. The HIM professional should also prevent access to this data to non-authorized personnel. If the HIM professional does not adhere to these standards, then patients may become reluctant to share their personal information. This distrust could lead to problems that would propagate through the healthcare system regarding properly caring for the patient.

There a plethora of ethical considerations related to management of healthcare data repositories. One of which is using a patient’s data for predictive analysis. While steps can be taken to turn PHI into de-identifiable information, potential risks of data breaches and re-identification of patients are possible 1. Therefore, the patient must be informed of these risks prior to collecting their data and getting their consent to use it for predictive analysis. This supports the ethical principle of respect for autonomy, by allowing the patient to make their own decisions about their healthcare. This applies more to structured data (data that can be stored in data base with each column corresponding to individual data points of a patient, and can easily be analyzed by an algorithm 1) rather than unstructured data (physician’s notes, medical imaging, etc., that can’t be easily analyzed by an algorithm 1). This is because structured data is much more likely to be used in predictive analysis. Although, the patient should also be informed of these risks regardless of the data type, because unstructured data has potential to be misused as well. While data analysis and predictive modeling can provide many benefits to the healthcare system 2, there are important ethical dilemmas to consider.

1. Harman L, Cornelius F. Ethical challenges in the Management of Health Information, 3rd Edition. 2017: 75-118.
2. Dataversity. “Top Benefits of Big Data in the Healthcare Industry” 12 February 2018. <https://www.dataversity.net/top-benefits-big-data-healthcare-industry/ (Links to an external site.)>