The initial policy
The policy is based on the provisions included in the Health Information Technology for Economic and Clinical Health (HITECH) Act. This law specifies the duties of healthcare providers, especially the need to protect patients’ confidential data (McWay, 2009, p. 199). Furthermore, this law identifies those situations when a patient can restrict the accessibility of his/her health information. In turn, one should include the following guidelines:
- Provided that a patient has paid in full for a certain medical service or an item, out of pocket, the employees of a hospital must not disclose this information to the healthcare plan. In particular, the organization should not provide this information to the insurance company.
- If out-of-pocket payment covers only a part of the expenses, the hospital may not agree to the patient’s request.
- Additionally, the organization has a right to disclose this information provided that it can be required for an emergency treatment.
- Furthermore, this information can provided to the insurance company, if it is needed for a follow-up treatment that is not paid out of pocket.
- Employees must not ask patients why they want this information to be restricted. These are the main aspects that can be identified.
Comparison of two cases
It is also possible to review legal cases related to protected health information (PHI). At first, one can refer to the Byrne v. Avery Center for Obstetrics and Gynecology (DeBarge & Erdfarb, 2015). This court decision is important because it implies that unauthorized disclosure of PHI can be compared to malpractice. In this case, the patient’s information was disclosed to her relative, even though this disclosure was not authorized. In turn, this decision was declared to be a form of negligence (DeBarge & Erdfarb, 2015). Thus, one can say that the violations of HITECH Act have already given rise to lawsuits.
Furthermore, one should examine the case tried in the Supreme Court of Iowa. According to this decision, PHI can be disclosed if it is necessary for a child custody hearing (Freeman, 2014). This verdict should not be overlooked because it highlights the idea that a medical institution can have conflicting priorities. Overall, each of these cases is related to the unauthorized transfer of PHI; however, healthcare organizations may be forced to disclose certain information to third parties, especially governmental institutions. The main limitation is that judges focused only on custody hearings, but they did consider other situations when hospitals had to cooperate with governmental organizations. These are the main aspects that can be identified.
The modified policy
Thus, the analysis of these cases can give rise to several recommendations that should be considered by hospital administrators.
- Medical workers should warn patients that their PHI may be transmitted to state institutions such as courts.
- The employees of this healthcare organization should consult legal counselors provided that a patient’s PHI is required by a governmental organization.
- The administration should remind employees that negligent disclose of PHI can be compared to a malpractice. Therefore, medical workers should be aware of this risk.
The provisions which were initially distinguished should be retained. Nevertheless, the guidelines developed at the beginning should be extended by adopting the recommendations identified in this section. These modifications can help the hospital avoid conflicts with patients. Moreover, they can be critical for safeguarding patients’ interests. These are the main changes that should be made.
Reference List
DeBarge, M., & Erdfarb, J. (2015). US State Supreme Court expands potential negligence liability for HIPAA violations. Web.
Freeman, J. (2014). Iowa Supreme Court Upholds Subpoena to Release Privileged Mental Health Communication. Web.
McWay, D. (2009). Legal and Ethical Aspects of Health Information Management. New York, NY: Cengage Learning.