Electronic health records (EHR) system was envisioned as a way of addressing the many challenges associated with paper-based records in a bid to improve the quality of care and patient outcomes. However, this system comes with numerous limitations that may affect the quality of care delivered to patients hence negative outcomes. This paper discusses one of the challenges associated with EHR in contemporary times – the issue of patient data privacy.
The first section outlines the topic selected for this study and the rationale that was used to choose the topic. The second section entails detailed arguments about how the topic will impact practice positively or negatively by citing the associated cons and pros. In the third section, a discussion of how informatics skills and knowledge were used in the process of developing this assignment will be given. The last section is a conclusion where the key points gained throughout the assignment are summarized.
Topic
The relevant IT topic selected for this assignment is patient data privacy in EHR systems. The topic was selected based on a story appearing on FierceHealthcare titled “Decatur County General Hospital Warns 24K Patients of Data Breach Involving EHR Server” which could be accessed through this link. According to the story, Decatur County General Hospital is a community hospital in Tennessee and its EHR system was hit by a cyber-attack, which might have led to the exposure of health records for over 24,000 patients served by the facility (Sweeney, 2018).
This story raises the question of patient data safety and privacy when using EHR systems to improve patient outcomes through timely and quality care provision. This issue underlines the rationale used to select this topic.
Patient data safety and privacy are some of the core requirements that any EHR system should ensure. According to Aldosari (2017), data privacy underscores how data is collected and disseminated without being exposed to unauthorized third parties. Similarly, data security encompasses measures taken to ensure privacy by preventing access by unauthorized parties like hackers, and it also prevents data corruption. The issue of data confidentiality also arises, which is the degree to which data is accessed by specific individuals. Such data has to be sensitive and protected from public access. Therefore, the rationale for choosing this topic was based on the importance of understanding how EHR systems should function to protect patient data by ensuring security, privacy, and confidentiality.
Arguments
The topic studied for this assignment involves the breach of patient data in EHR systems through cyber-attacks. All EHR systems should be designed to ensure patient data privacy, security, and confidentiality under the ethical, legal, and regulatory framework of electronic health usage in care provision. However, the 24,000 patients involved in the Decatur County General Hospital’s data breach had their personal information accessed by third parties.
According to Anthony and Stablein (2016), patient privacy refers to the right of patients to decide when, how, with whom, and to what extent their personal health information should be shared. In other words, patients have the right to control access to personal information. Therefore, EHR systems should have the necessary mechanisms put in place to ensure the security and safety of such information to prevent access by unauthorized parties. In the case of the Decatur County General Hospital, this fundamental requirement of EHR systems was not met, and the implications of such a breach are damaging to the quality of care provided.
Impact on Practice
Once patients learn that their personal health information has been accessed by unauthorized third parties, they normally become disgruntled and resort to different actions. Some may initiate lawsuits, and thus hospitals spend the few resources they have on settling court cases instead of focusing on improving the quality of care offered to patients. Additionally, when such breaches occur, the involved hospitals are normally fined heavily by regulatory bodies, thus affecting the capacity to offer quality patient care. Ultimately, the quality of care given to patients deteriorates, thus affecting patient outcomes (Rezaeibagha, Win, & Susilo, 2015).
Hospitals and other healthcare facilities are burdened by the ever-increasing patient needs and numbers, a problem compounded by the lack of enough resources for infrastructural development and insufficient workforce. Therefore, the available limited resources should be channeled towards addressing these problems as a way of improving the quality of care. However, when data breaches occur, hospitals are forced to spend money on non-essential activities, such as fines and settling lawsuits, which affects the quality of care negatively.
Additionally, even if hospitals are not sued or fined by regulatory bodies for data breaches, they have to spend resources on identity theft repair, credit monitoring, notification expenses, investigations, and remediation. These unplanned expenses affect the capacity to provide timely and quality care due to the lack of enough resources. Besides, hacking EHR systems may disrupt or cripple operations, thus affecting the ability to offer the required patient care services.
Similarly, dissatisfied patients may decide to seek care services in other facilities, which increases the burden of disease on the affected individual’s finances. Ultimately, some patients may opt to avoid seeking care services due to skepticism associated with EHR or lack of finances. These aspects converge to create an unfriendly environment for patients to access quality and timely care services from different providers. The only benefit associated with a data breach is the opportunity for the affected facilities to tighten the security of their systems to ensure the privacy and confidentiality of patient data and avoid future incidences.
Informatics Skills
When dealing with this assignment, my informatics skills were useful in different ways. For instance, when selecting the topic, I used my skills in healthcare informatics to identify a relevant issue that might have serious ramifications to the quality of care offered to patients. Additionally, through my skills on the subject of healthcare informatics, it was easy to gather scholarly information concerning the issue of a data breach on EHR systems. As such, I managed to complete the assignment using relevant research articles as indicated in the references. My knowledge about how EHR systems operate and the requirements for their functionality within ethical, legal, and regulatory framework also played an important role in completing this assignment.
Conclusion/Recommendations
The topic identified for this paper is the issue of a data breach on EHR systems based on a story carried in FierceHealthcare about the same subject involving a community hospital in Tennessee. This topic was selected because it affects the quality of care offered to patients. Data breach violates patients’ privacy and confidentiality of personal health information submitted through EHR systems. The impacts of such an occurrence on the quality of care are severe as hospitals are forced to spend resources on non-essential activities instead of focusing on the core duties of enhancing patient outcomes.
My informatics skills and knowledge played a central role in identifying the topic and gathering the available relevant literature to complete this assignment. In the future, hospitals should ensure the safety of patient data by taking the appropriate measure to avoid data breaches. According to Kruse, Smith, Vanderlinden, and Nealand (2017), technical safeguards, such as using advanced firewalls and encryption techniques could be applied to enhance patient data security. These measures will ensure patient data privacy and confidentiality.
References
Aldosari, B. (2017). Patients’ safety in the era of EMR/EHR automation. Informatics in Medicine Unlocked, 9, 230-233.
Anthony, L. D., & Stablein, T. (2016). Privacy in practice: Professional discourse about information control in health care. Journal of Health Organization and Management, 30(2), 207-226.
Kruse, C. S., Smith, B., Vanderlinden, H., & Nealand, A. (2017). Security techniques for the electronic health records. Journal of Medical Systems, 41(8), 127-136.
Rezaeibagha, F., Win, K. T., & Susilo, W. (2015). A systematic literature review on security and privacy of electronic health record systems: Technical perspectives. Health Information Management, 44(3), 23-38.
Sweeney, E. (2018). Decatur County General Hospital warns 24K patients of data breach involving EHR server. Web.