• About ANA
• FAQs
• Media Resources
• Contact Us
• Site Map

• ANA
  Marketplace
  • ANANurseSpace.org
  • Member Discounts and Benefits
  • Nursesbooks.org
  • ANA Periodicals
  • ANA Cash Rewards Mall
  • Advertising
  • National Nurses Week Products
• Careers &
  Credentialing
  • ANA Nurse's Career Center
  • About Nursing
  • Continuing Education
  • Certification
  • Magnet Recognition Program®
  • Get Accredited as a CE Provider
• Professional
  Nursing Practice
  • Workplace
  • Patient Safety & Quality
  • Ethics & Standards
  • Knowledge & Education
  • Documentation & Informatics
  • Regulation and Accountability for Practice
  • Info for Members
  • Congress of Nursing Practice and Ecconomics
• Health Care
  Policy
  • ANA Reports
  • ANA Position Statements
  • Disaster Preparedness & Response
  • Health System Reform
  • Health of the Public
• Government
  Affairs
  • Federal Government Affairs
  • State Government Affairs
  • Take Action
  • ANA PAC
  • Election 2008 Action Center
  • Capitol Update
• Occupational &
  Environment
  • Occupational Health
  • Environmental Health/RNnoHarm

Silence is Not Enough: Maintaining Confidentiality in an Electronic World

The appropriate management of sensitive information has not been accomplished by the health care industry. A quote from American Nurses' Association President Mary Foley captures the situation:

"In today's complex world, we deal with many strangers in an open and pluralistic society. We no longer live in a world of paper records and logs that are recorded by the individual professional and locked in a private file. We live in the age of computers, faxes, phones, high speed internet lines and other methods of recording and transferring information. This lack of privacy has already undermined patient/provider relationships, especially in the case of sensitive genetic information, and exposure of personal health information."

As a profession, we are subject to the new HIPAA laws. In accordance with the 1996 Health Insurance Portability and Accountability Act (HIPAA), Public Law 104-191 was signed into law on August 21, 1996. It can be found at the Health & Human Services Website: www.hhs.gov/topics/privacy.html site accessed 1/23/02.) Also, QuadraMed (www.hipaa-iq.com/ site accessed 1/23/02), a private company, has established an online Internet forum to assist agencies handling information in preparedness. Their goal is to assist various institutions and providers to come into compliance with this gigantic new piece of Federal legislation. The final rule took effect on April 14, 2001. It is a law with some teeth. The implementation period for providers and agencies to come into compliance with the law is 24 months, although with the distraction of America's New War, there may be some delays.

Confidentiality is sometimes considered as an ethical value or rule separate from fidelity, but the root word, fide is related to it. Its etymologic derivation is Latin: CON from with in and FIDE from loyal. "Loyalty to someone may mean hiding some truth, not telling a truth that could hurt the person. Truth as a secret can be known because the patient believes the nurse to be faithful (loyal)." (Hall, 1996, p. 339). Privacy, by contrast is a notion based on the underlying ethic of keeping the patient's secrets. "...not only physical, but mental or emotional privacy. Revealing the patient's condition or diagnosis may be extremely invasive of the patient's privacy (even to the family)." (Hall, 1996, p. 358). The idea of privacy is protected by the Bill of Rights in the U.S. Constitution.

Both legal and ethical definitions of confidentiality are duty derived, with the legal definitions being distilled from the more broadly defined ethic. The duties of the nurse are based on loyalty to the patient and prevention of harm to third persons. Good practice incorporates protection of confidentiality when protecting that confidence does not harm self or others. Confidentiality is difficult to maintain in cases such as a meningitis outbreak in a school and may have to be broken. Historically, "nurses have always held to the ethical value of confidentiality by keeping secret the information they learn" (Hall, 1996, p. 351) by caring for their patients.

Confidentiality is particularly important when dealing with patients from high risk or vulnerable populations (Burkhardt & Nathaniel, 1998). "Many who work with HIV positive patients believe that disclosure of antibody status would have a Achilling effect", preventing those who think themselves to have risk factors (such as seropositivity, mental illness, alcoholism and drug addiction) from seeking testing and care. Too many have suffered immeasurably from public scorn (Burkhardt & Nathaniel, 1998 p. 55). These values may be in conflict with a nurse's sense of the duty to warn.'

In research, confidentiality "refers to the researcher's assurance to participants that information provided will not be made public or available to anyone other than those involved in the research process without the participant's consent". Confidentiality is maintained by using codes rather than personal identification on data collection forms and restricting access to raw data to those on the research team who need to use the data (Burkhardt & Nathaniel, 1998, p. 224).

Confidentiality is a professional standard of practice. "Standards are on the higher, macro level of professional organizations who serve as advocates through the organization's sponsorship and support of legislation and social policy affecting rights and welfare" (Bandman & Bandman, 1995, p. 201). Examples of some standards important to understanding confidentiality are the new Code of Ethics for Nurses (ANA, 2001) ratified in June, 2001 by the ANA House of Delegates; American Nurses' Association (ANA) standards of various specialty practice; the various state Nurse Practice Acts or Professional Nursing Laws, and the Legal Codes. The new ANA Code is posted at the www.nursingworld.org website. The code statements most relevant to confidentiality are Provisions 1, 2 & 3. Provision 3 states: The nurse promotes, advocates for and strives to protect the health, safety and rights of the patient. Substatements further explicate the idea:

3.1 Privacy
3.2 Confidentiality
3.3 Protection of participants in research
3.4 Standards and review mechanisms
3.5 Acting on questionable practice
3.6 Addressing impaired practice

In the American Nurses' Association, Legislative & Regulatory Priorities for the 107^th (2001) Congress, Health Records Privacy is a top regulatory priority. The position statement is, "ANA supports a patient's right to privacy, protection of information, and access to records (ANA, 2001, p. 30)." This position statement to Congress and to the public is derived from ANA published standards and guidelines approved by the House of Delegates. Please look up this document on ANA's website (www.nursingworld.org).

Another recent and collaborative attempt at improving knowledge and individual rights simultaneously is The Ethical Force Program (EForce) Report: Domain of Health Care Information Privacy of the American Medical Association. You can read more about this on the AMA web site. Gladys White, PhD, RN and ANA Director of Ethics participated in the drafting of this report, which was introduced in January, 2001. This report stipulates that health care providers, in addition to their specific disciplinary titles, such as nurses or physicians, should additionally be known as Health Information Trustees. Protecting identifiable health care information privacy in 8 content areas for performance measure development is described. The EForce's "work on privacy is distinct from other initiatives in that EForce is interested both in discerning legitimate expectations for the protection of health information privacy and confidentiality and in developing valid, reliable, and feasible performance measures for the attainment of these expectations" (American Medical Association, 2001, p. 12).

Confidentiality: Some Legal Issues and Classifications

Here is an example of how the use of information can go wrong for people. Huntington's Chorea is a degenerative neurologic disorder that strikes in middle age. There is now testing for individuals who may have this gene. The transmission is autosomal dominant, so for each offspring of a parent (male or female) with the disease, there is a one in two chance that the person has the gene and will manifest the disease. The issue with knowledge about genetic diseases such as this one is that employers and insurance companies have been know to use the information to deny coverage. This is likely to happen when an individual just has a known parental history, let alone testing themselves for such a condition. HIPAA addresses the notion of "pre-existing conditions", and genetic diseases or the fact that a well individual carries the gene for a disease has already resulted in refusal to insure or hire.

Certificates of confidentiality may accompany blanket authorizations for release of information signed by patients/parents that state that records will be held in confidence. Such statements have not meant a lot under pre-HIPAA conditions. In addition, when there are agreements with other entities, such as HMOs, health insurers and other stake holders, the agreements cease to have meaning. Duplicating and faxing have made the "need to know" certain specific information that was a former standard, a thing of the past. It is much more likely that a record will be electronically transferred in its entirety. Histories and physicals include family, social and behavioral information, genetic conditions and other risk factors that may have nothing to do with the patient's condition at hand or an organization's need for specific information.

Current Federal Regulations and Implementation Timeline

HIPAA provides comprehensive federal protection for the privacy of individual medical records. Its roots were in the Clinton Health Care Reform proposals of 1993. Its primary intent is to provide better access to health insurance, limit fraud and abuse, and reduce administrative costs. (www.hipaa-iq.com/ site accessed 7/17/01). The Clinton Administration issued final health privacy regulations on December 20, 2000, that will extend coverage to personal records in all forms including paper records and oral communications, require consent for routine use and disclosure of health records; protect against unauthorized use of medical records for employment purposes; and ensure that health care providers have all the information necessary to treat their patients appropriately (ANA, 2001, p. 30).

HIPAA was a culmination of a decade of Congressional attempts to fashion legislation on this issue. Not all stakeholders agreed on the aspects of all issues. The U.S. Department of Health & Human Services issued the standards and requirements for maintenance and transmission of health information that identifies individual patients (www.hipaa-iq.com/ site accessed 7/17/01). The standards are designed to:

• Improve the efficiency & effectiveness of the healthcare system by standardizing the interchange of electronic data for specified administrative and financial transactions; and
• Protect the security and confidentiality of electronic health information.
  The requirements outlined by the law and the regulations promulgated by DHHS are far reaching all healthcare organizations that maintain or transmit electronic health information must comply. This includes health plans, healthcare clearinghouses, and healthcare providers, from large integrated delivery networks to individual physician offices. After the final standards are adopted, small health plans have 36 months to comply. Others, including healthcare providers, must comply within 24 months (www.hipaa-iq.com/summary.htm, p. 1, site accessed 7/17/01, ).

The law provides for significant financial penalties for violations such as:

• General penalty for failure to comply: each violation $100.00 with a maximum penalty for all violations of an identical requirement not to exceed $25,000.
• Wrongful disclosure of individually identifiable health information: Wrongful disclosure offense: $50,000, imprisonment of not more than one year or both; Offense under false pretenses: $100,000, imprisonment of not more than five years or both; Offense with intent to sell information: $250,000, imprisonment of not more than 10 years or both (www.hipaa-iq.com/summary.htm, p. 1 site accessed 7/17/01).

HIPAA will have a major, ongoing impact on healthcare providers in several areas:

• Significant resources will be required.
• Some degree of Informational Technology retooling will be required, as well as major operational and procedural changes.
• Transactions will become more standardized, resulting in eventual savings for electronic data interchange.
• For transaction standards, code sets, and identifiers, implementation will be the most expensive. Ongoing costs will involve obtaining and implementing updates to the standards.
• Security and privacy regulations will be the most difficult and costly to implement and maintain because they are broad in scope, less definitive and require constant vigilance for ongoing compliance (www.nursingworld.org/, p. 2 site accessed 7/17/01).

Implementation has its own issues, including the use of a digital signature that only an individual can own; biological markers as a digital signature, such as iris pattern, finger prints, voice prints or retinal scan; double check systems to make sure that the transmitted, encrypted information has not been altered in any way; audit trails that record every time a site has been accessed; assessment for duplicates and overlays - a massive job!

Conclusion

Is the idea of confidentiality as a "jaded ideal" or a "relevant aspiration" right for nursing? We are currently involved in an information revolution that is a similar leap in world development to the development of Gutenberg's press. The volume, velocity and variety of information to be transmitted is akin to the impact that the dissemination of the Gutenberg Bible had on Western Civilization 500 years ago. We are coping with the knowledge explosion in the information age. Ryan White's case, an HIV positive school child in the 1980's, was a national precedent, where school nurses and others had to deal with the idea of protecting the confidentiality of students versus the public's insistence on knowing. There are everyday issues in confidentiality that we tend to pay less attention to than the "spectacular" event of a new deadly disease among our patients. The breach of confidentiality may be life-transforming for our patients and ourselves.

References

American Medical Association (2001). The Ethical Force Program Creating Performance Measures for Ethics in Health Care. Chicago: author.

American Nurses' Association (2001). Legislative and Regulatory Initiatives for the 107^th Congress. Washington, D.C.: author. Hall

Burkhardt, M.A. & Nathaniel, A.K. (1998). Ethics & Issues in Contemporary Nursing. Albany, NY: Delmar.

Hall, J.K. (1996). Nursing Ethics and Law. Philadelphia: W.B. Saunders.

Health Privacy Project (2000). The state of health privacy: an uneven terrain. www.health-privacy.org/resources.

National Committee for Quality Assurance and the Joint Commission on the Accreditation of Health Care Organizations (1998). Protecting Personal Health Information: A Framework for Meeting the Challenges in a Managed Care Environment. Oak Brook Terrace, IL.: Joint Commission on the Accreditation of Health Care Organizations.

National Task Force on Confidential Student Health Information (2000). Guidelines for Protecting Confidential Student Health Information. Kent, OH: American School Health Association.

American Nurses' Association, (See  ANA Code for Nurses with Interpretive Statements Below)

U.S. Department of Health & Human Services (2000). HHS proposes security standards for electronic health information. http://waisgate.hhs.gov/cgi-bin/waisgate.

www.hipaa-iq.com/

www.hipaa-iq.com/summary.htm

www.nursingworld.org

Related Documents

• Code of Ethics for Nurses