Now, health officials and hospital executives have to worry about health providers taking unauthorized forays into protected files and posting the information on the ethernet via social media.
Last week, officials at a large hospital in San Diego County acknowledged that they've moved to terminate five employees and were disciplining a sixth for posting confidential information about a patient on what was reported by one news organization as a Facebook page. It's not clear what they wrote, or whether any patients were identified. Hospital officials say no photos or identifying information was involved.
I can imagine such a posting among co-working friends talking about their challenges in dealing with a patient with, say, severe mental illness or extensive decubitus ulcers or extreme morbid obesity. What if the nurses said something about how difficult or messy or unsightly the patient was to treat? I can imagine that. Providers are only human, and they sometimes call upon their darker sense of humor that just might get them through a more difficult day.
But even if the patient wasn't named, does posting information on Facebook in a general way violate confidentiality? I think it does. Most of all, it indicates a lack of respect.
Billingsley says some hospitals have installed warnings and made technological changes on computers, in effect putting any employee on notice that there are serious consequences for going into medical records without authorization. That goes for the innocently curious too, or the researcher who may have a legitimate, academic, but still unauthorized pursuit.
It also goes for those who had a legitimate reason to know about a patient's intimate medical details, however unique, grotesque, challenging, or prurient. They must realize this information must not be shared in places where unauthorized persons can see or hear it.
Billingsley says that hospital CEOs are taking these new laws, and the ethical and moral reasons behind them, very seriously.
Now, hospital employees, their friends, visiting providers, security guards, and everyone else who may have a chance encounter with a computerized medical record, or any other kind of health information about a patient, should do so too.