Introduction
The ideals of patient confidentiality and safety peculiar to accessing and processing medical data are of critical importance. The need to support patients’ right to access their health information might create ethical challenges when it comes to populations with mental health conditions. This paper seeks to explore this issue with reference to my current workplace and propose strategies to address it.
Ethical Issue: Description
My current organization, an inpatient facility for adult and geriatric patients with mental health disorders, uses EMR software from one well-known healthcare IT company to facilitate patient data collection/sharing for care optimization. The collected data might be rather sensitive, including information about substance and alcohol addictions, suicidal intentions, or sexual deviations that may affect the patient’s resocialization (Hategan et al., 2019). Formerly hospitalized patients can access their health information, test results, and appointment-related statistics via the facility’s patient portal that requires having a unique username and an eight-character password, whereas psychotherapy notes remain unavailable. Despite the temporary stabilization of mental health, some discharged patients face memory difficulties, resulting in the inability to create personal passwords that would be sophisticated enough or store information about their log-in details securely. There have not been any large incidents yet, but the issue can definitely make EMRs less protected from unauthorized access. Not all clients wish to share the details of their mental issues and treatments with families or inmates, but their password storage practices might run counter to this need for security.
Potential Liabilities
The AMIA Code of Ethics establishes an ethical framework for data-related activities in the biomedical field, and the guiding principles for AMIA members involved in patient care provision are relevant to the identified issue. Statement A2 creates ethical liabilities for my organization by encouraging care providers to “facilitate patients’ rights and ability to access and review” their EMRs, including the right to manage personal information using diverse platforms (Petersen et al., 2018, p. 1580). Statement A1 prevents providers from misleading clients about “the collection, use, or communication” of their health data (Petersen et al., 2018, p. 1580). Considering these principles, the facility is responsible for establishing and implementing data access policies that would keep patients updated on any data security risks and maximize data protection. At the same time, limiting formerly hospitalized patients’ ability to access their health records, including dissuading them from using the online portal or accessing it from smartphones, would be inappropriate. Instead of restricting patients’ decision-making power when it comes to data management options, the facility can add extra protective measures to prevent unauthorized access or provide patients with security-related recommendations.
Possible Strategies to Address the Issue
The issue could be addressed or at least minimized by means of patient education and innovative security solutions. The first strategy would involve researching and adopting additional security measures for the users of the facility’s online portal, for instance, two-factor authentication (TFA). Diverse TFA schemes, including those based on the use of smart cards, PIN numbers, or any personal facts available only to the customer, are considered promising when it comes to health data privacy (Karthigaiveni & Indrani, 2019). The facility could find and implement multi-factor authentication solutions that would require users to insert one-time authorization codes delivered via SMS or answer security questions prior to accessing the portal. Another strategy would involve producing patient education handouts regarding security measures when using online portals (Kooij et al., 2018). Considering former psychiatric inpatients’ specific challenges, it would be essential to offer education regarding recommended password storage practices and password management solutions for individual users. Explaining the details of password resetting policies could also increase portal users’ IT literacy.
Conclusion
Finally, healthcare clients’ slightly impaired cognitive abilities can affect their data management practices, but their refusal to share confidential data with relatives must be respected. Two strategies are relevant to patients that wish to use online portals but might have difficulties with keeping their log-in details secure from others. They include introducing multi-factorial authentication solutions and offering education on security techniques.
References
Hategan, A., Giroux, C., & Bourgeois, J. A. (2019). Digital technology adoption in psychiatric care: An overview of the contemporary shift from technology to opportunity. Journal of Technology in Behavioral Science, 4(3), 171-177.
Karthigaiveni, M., & Indrani, B. (2019). An efficient two-factor authentication scheme with key agreement for IoT based E-health care application using smart card. Journal of Ambient Intelligence and Humanized Computing, 1-12.
Kooij, L., Groen, W. G., & Van Harten, W. H. (2018). Barriers and facilitators affecting patient portal implementation from an organizational perspective: Qualitative study. Journal of Medical Internet Research, 20(5), 1-16.
Petersen, C., Berner, E. S., Embi, P. J., Hollis, K. F., Goodman, K. W., Koppel, R., Lehmann, C. U., Lehmann, H., Maulden, S. A., McGregor, K. A., Solomonides, A., Subbian, V., Terrazas, E., & Winkelstein, P. (2018). AMIA’s code of professional and ethical conduct 2018. Journal of the American Medical Informatics Association, 25(11), 1579-1582.