Response discussion: Influence of Technology on Confidentiality

The electronic monitoring of people in the workplace and organizations, relates to personal information and is done by so-called electronic eyes and the justification by companies for the use of such technology is to increase productivity. Stair (1992), clearly points out the ethical problem pertaining the use of these technologies on peoples’ privacy in the workplace are threatened by these devices. It can also lead to a feeling of fear and of all ways being watched the so-called panopticon phenomenon (Britz, nd). Another major threat to privacy is the raise of so-called hackers and crackers which break into computer systems and this coincides with the shift in ethical values and the emergence of the cyberpunk culture with the motto of “information wants to be free” (Britz, nd).

There have been numerous security and data breaches in patient data storage, network security and digital communications involving healthcare and organizations. PHI, or protected health information, falls under the HIPAA law that protects the privacy of patients. HIPAA sets the standards for guarding protected health information in digital forms. The HIPAA Security Rule, establishes national standards to protect electronic PHI created, received, used or maintained by covered entities and their associates. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI (ePHI) (U.S. Department of Health and Human Services, 2012).

An incident at the health and human service outpatient practice, involving the loss of protective health information (PHI) on 20 patients with HIV/AIDS was investigation after a patient reported her documents were lost. These documents were lost on March 9, 2009, when an employer commuting to work on a subway left their laptop with the documents of several patients. Under the resolution agreement, the agency agreed to pay a resolution amount and implement a strong CAP that requires: developing and implementing a comprehensive set of written policies and procedures governing: (1) physical removal and transport of PHI; (2) laptop encryption; and (3) USB drive encryption to ensure PHI is protected when removed from the premises (U.S. Department of Health and Human Services, 2012).

While a covered entity can encrypt its end of the email transport, it’s difficult to ensure the security of the email once it leaves the organization’s server, so for a completely encrypted email communication to be achieved, the patient would need to use an email service that supports HIPAA-level encryption (Rodocker, 2015). The Privacy Rule recognizes this, and grants individuals access to ePHI in the format that they wish to receive it, in unencrypted email (Rodocker, 2015). Nowadays, the issue of encryption is becoming less and less of a concern as email services such as Google and Yahoo! are implementing stricter security policies every day. To bridge the gap in information leakage organizations should update their technology systems.

References

Britz, J. J. (nd). Technology as a threat to privacy: Ethical Challenges to the Information Profession. Department of Information Science. Retrieved fromhttp://web.simmons.edu/~chen/nit/NIT%2796/96-025-Britz.html

Rodocker, B. (2015). The facts about HIPAA and Email/SMS Communication with Patients. Retrieved from https://www.bridgepatientportal.com/2017/06/26/the-facts-about-hipaa-and-email-sms-communication-with-patients/

Stair, R.M. (1992). Principles of Information Systems. A Managerial Approach. Boston: Boyd & Fraser. Retrieved from http://web.simmons.edu/~chen/nit/NIT%2796/96-025-Britz.html

U.S. Department of Health and Human Services. (2012). Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance. Retrieved fromhttps://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/enforcement/compliancereport2011-2012.pdf

Debbie,