"

Chapter 6: Ethical Issues in Health Informatics

Digital healthcare concept with doctor updating electronic health records, showcasing health information, EMR system, medical data, online documentation, and patient files.

Introduction

Health informatics professionals face a variety of ethical issues similar to those encountered in broader healthcare professions. This chapter focuses on four key ethical responsibilities: accurate representation of credentials, protection of privacy and confidentiality, respectful behavior toward patients and coworkers, and response to unethical practices. It also examines the sources of professional standards and the complex interplay between ethics, professionalism, and the law.

Learning Objectives
  • 6.1 Define the terms medical record, electronic record, and electronic health record (EHR).
  • 6.2 Discuss medical records ownership, retention, storage, and destruction.
  • 6.3 Describe the purpose of obtaining a patient’s consent for release of medical information.
  • 6.4 Identify key aspects of health information technology.
  • 6.5 Summarize current applications of social media in health care.
  • 6.6 Outline various uses of telemedicine in health care today.

 

Medical Records & Electronic Documentation

Medical Records

Medical records are systematic documentation of a patient’s medical history, treatment, and care. They are maintained by healthcare providers to ensure continuity of care, legal compliance, and communication among professionals.

Contents of a Medical Record

Section Includes
Patient Identification Name, date of birth, contact information, insurance
Medical History Past illnesses, surgeries, medications, allergies, family history
Progress Notes Provider observations, assessments, plans
Vital Signs BP, HR, temperature, respiratory rate
Laboratory & Diagnostic Results Blood tests, imaging, pathology
Treatment Records Medications, therapies, surgeries
Consent Forms Informed consent for procedures/treatment
Advance Directives Living will, DNR orders, healthcare proxy
Immunization Records Vaccines and dates
Billing Information Codes and charges

Types of Medical Records

Type Description
Paper Medical Records Traditional handwritten or printed documentation
Electronic Health Records (EHRs) Digital, used broadly for accessibility and sharing
Personal Health Records (PHRs) Managed by the patient via apps/online platforms

Legal and Ethical Aspects

Issue Summary
Confidentiality Protected under HIPAA and similar laws
Access Rights Patients may view and request copies
Retention Varies by state/institution, often 7–10 years
Amendment Patients can request corrections to inaccuracies

Electronic Medical Records (EMRs)

EMRs are digital versions of a patient’s chart maintained by a single provider. They improve efficiency, accuracy, and safety but often have limited interoperability beyond the originating practice.

What EMRs Include

Section Examples
Demographics Name, DOB, contact, insurance
Medical history Diagnoses, surgeries, allergies, family history
Progress notes Observations, assessments, plans
Medications & prescriptions Active meds, e-prescribing
Labs & imaging Results and reports
Immunizations Vaccination history
Billing/coding CPT/ICD codes, charges

EMR Pros and Limitations

Advantage Description
Legibility & efficiency Eliminates handwriting errors; faster retrieval
CDS alerts Allergies, interactions, reminders
Tracking over time Chronic disease monitoring
Secure storage Lower risk of loss/damage than paper
Challenge Explanation
Interoperability May not share easily outside one practice
Cost & maintenance Software/IT investment
Training Learning curve for staff
Privacy Cybersecurity risks if not managed properly

Electronic Health Records (EHRs)

EHRs are comprehensive, digital records designed for sharing across settings (hospitals, clinics, pharmacies, labs). They enable interoperability, real-time updates, and patient engagement via portals.

EHR Features & Benefits

Feature Description
Interoperability Multi-provider access/updates
Patient portals Secure patient access to data
CDS Alerts for interactions and preventive care
Data aggregation Population health and outcomes
Advantage Impact
Patient safety Reduces errors with up-to-date records
Continuity of care Smoother transitions and coordination
Access speed Immediate availability in emergencies
Analytics Supports research and public health
Issue Description
Privacy/security Requires strong HIPAA compliance
Costs Hardware, software, and training
User burden Data entry and screen time
Interoperability gaps Systems may still not communicate fully

EMR vs. EHR (Quick View)

Feature EMR EHR
Scope Single provider/system Multi-provider, cross-institutional
Sharing Limited Broad, near real-time
Patient role Often passive Portals support active engagement
Designed for Internal charting Coordinated care & communication

Use of Photos, Video, and Other Imaging

Photographs, videos, and other imaging are integrated into records to support diagnosis, treatment, monitoring, education, and legal documentation. Strict privacy and consent rules apply.

Imaging Type Purpose Common Uses
Photographs Document visible conditions Wounds, rashes, surgical sites
Video recordings Capture movement/behavior Gait analysis, seizures, speech
Radiology Internal diagnostics X-ray, CT, MRI, ultrasound
Scope/endoscopy Internal organ visualization Colonoscopy, bronchoscopy
Intraoperative Real-time surgical views Ortho, neuro, robotic
Microscopy Cellular/histologic Pathology, cytology
Dental imaging Oral structures Panoramic X-rays, intraoral photos
  • Consent: Obtain informed consent for non-diagnostic images, especially photos/video.
  • HIPAA: Store and share images in HIPAA-compliant systems; limit access to authorized personnel.
  • De-identification: Required for education/publication unless explicit authorization is obtained.

Modifications of Medical Records

Any changes to a legal medical record must be transparent and traceable. Never erase or delete original entries.

Proper Procedure Description
Dated, signed amendment New entry with date/time and credentials
Clear labeling “Late Entry,” “Addendum,” or “Clarification”
Explain reason Why the change is necessary
Use approved systems Secure, authorized EHR workflows only
Improper Action Risk
Unexplained alteration Falsification/tampering allegation
Backdating Fraudulent and unethical
Deletion Seen as hiding negligence
Post-request edits Illegal if after legal/HIPAA request
Modification Type Description
Correction Fix factual error
Addendum Add information after original entry
Late Entry Document earlier care not entered timely
Clarification Supplement prior entry for clarity

Ownership, Storage, Retention & Destruction

The employee’s hand searches documents stored in filing cabinets.

Ownership of Medical Records

Providers generally own the physical/electronic record; patients own the information and have rights to access, copy, and request amendments under HIPAA.

Party Record Ownership Information Ownership
Healthcare Provider Owns the chart/EHR system Must maintain and secure
Patient Does not own the file Owns the information; may access/correct
Third Parties No ownership Access only with legal authorization

Patient Rights (HIPAA)

Right Description
Access Inspect/get copies (typically within 30 days)
Amend Request corrections
Restrict Request limits on sharing
Electronic Copies Provide electronically if feasible

Storage & Retention

Storage Method Best Practices
Paper Locked, fireproof, restricted access
EHR Encryption, backups, role-based access
Cloud HIPAA-compliant vendors; audit logs
Off-site/Archive Secure vendors; BAAs in place

Retention Periods (General)

Record Type Typical Retention
Adult records 7–10 years from last visit/discharge
Minor records To age of majority + 1–10 years
Deceased patient 5–7 years after death
Immunizations Indefinite (recommended)

Always verify state law and facility policy.

HIPAA Safeguards

Safeguard Requirement
Physical Secure rooms, restricted access
Technical Encryption, access logs, MFA
Administrative Training, policies, role-based access
Audit controls Track access and changes

Destruction of Medical Records

Destruction is the final step in the record lifecycle and must be secure and compliant.

When General Rule
After the retention period Typically 7–10 years for adults; longer for minors/special cases
After death + period Often, 5–7 years after death
After business closure Meet all legal/ethical requirements
Approved Methods Examples
Paper Cross-cut shredding, incineration, and pulping
Electronic Overwriting/wiping (NIST), degaussing, and hardware destruction
Vendors HIPAA-compliant, BAA, certificate of destruction
Best Practice Description
Destruction log Date, method, records, personnel, witness
Confidentiality Destroy privately; secure chain of custody
Training Staff know procedures and policy
Audits Periodic review for compliance

Release, Confidentiality & Special Protections

Release of Medical Records

Releases are regulated by HIPAA, state law, and institutional policy to protect privacy and ensure proper authorization.

When Records Can Be Released

Scenario Requires Patient Authorization? Notes
To the patient No Document the request
To another provider Depends Often no consent for treatment
To insurers Yes (often) Payment/coverage reviews
To legal authorities Yes or court order May require notice or protective order
Public health reporting No Required by law (e.g., communicable diseases)
Research Yes or IRB waiver De-identify when possible
Minors Guardian Exceptions by state for sensitive services

HIPAA Authorization Requirements

  • Date and expiration
  • Recipient name/entity
  • Description of information to be released
  • Purpose of release
  • Patient signature/date and right to revoke
  • Retain authorization forms for 6 years.

Privacy & Security Rules (Key)

  • Minimum Necessary: Disclose only what’s needed.
  • Verify Identity: Before releasing to anyone other than the patient.
  • Secure Transmission: Encrypted portals, secure fax/email.
  • Track Disclosures: Log non-treatment releases.

Routine Releases

Standardized disclosures that occur for treatment, payment, or healthcare operations (TPO) without a new authorization each time.

Recipient Purpose Authorization Required?
Another provider Continuity of care No
Insurer Billing/reimbursement Often not for routine claims
Internal QA Quality/compliance No
Public health Mandatory reporting No

Routine to Insurers (Payment)

Category Examples
Patient identifiers Name, DOB, insurance ID
Diagnosis codes ICD-10
Procedure codes CPT/HCPCS
Dates of service Admission/discharge/visit dates
Documentation Notes, operative reports (if required)
Medical necessity Labs, imaging, prior auths

Routine Transfer to Another Physician (Treatment)

Included Records Examples
Demographics & insurance Name, DOB, contacts
Progress notes Assessments, diagnoses, plans
Medications Current/past list
Allergies & immunizations Reactions; vaccine history
Test results Labs, imaging, pathology
Referral/surgical reports Consults, operative notes

Releases for Legal Proceedings

Not a routine release. Requires a HIPAA-compliant authorization, court order, or proper subpoena with patient notice/protective order. Disclose only the minimum necessary, verify requests, notify the patient when required, and log the disclosure.

Subpoena Duces Tecum

A legal order to produce documents/records.

Requirement Details
HIPAA compliance Subpoena alone may be insufficient
Patient authorization Needed unless judge-signed order or valid exception
Patient notification Required if no authorization/order
Minimum necessary Limit to what’s requested

Confidentiality of SUD Records (42 CFR Part 2)

Federally assisted substance use disorder (SUD) program records receive stricter protection than HIPAA. Part 2 generally requires explicit, detailed written consent for disclosures and has specific standards for court orders.

Situation Allowed? Conditions
Patient consent Yes Specific content, recipient, purpose, expiration
Medical emergency Yes Only if necessary to address immediate risk
Court order (Part 2-compliant) Yes Strict criteria; not a general subpoena
Internal use Yes Within same program/organization
Research/audit Yes De-identified or approved with safeguards
Law enforcement (no consent/order) No Except limited crimes on premises

Health Information Technology & Regulation

Health Information Technology (Health IT)

Health IT encompasses systems and tools to manage, store, retrieve, and share PHI (e.g., EHRs, HIE, eRx, CDS, telehealth, portals, mHealth). It improves coordination, safety, access, engagement, and administrative efficiency.

Component Function
EHR/EMR Digital patient charts
HIE Secure sharing across organizations
e-Prescribing Direct to pharmacy
CDS Alerts/guidelines during care
Telehealth Remote care
Patient portals Patient access/communication
mHealth Apps/devices for health
Benefit Description
Coordination Real-time access for multiple providers
Error reduction Legible records; alerts
Faster information Timely diagnosis/treatment
Engagement Reminders, secure messaging
Efficiency Billing, scheduling, coding

Key Laws Influencing Health IT

Law Purpose/Impact
HIPAA (1996) Privacy/Security Rules; electronic transactions
HITECH (2009) EHR incentives; breach enforcement
ARRA (2009) Stimulus, included HITECH
21st Century Cures (2016) Interoperability; anti-information blocking; API access
ACA (2010) Coordinated care models leveraging HIT
MACRA (2015) MIPS; Promoting Interoperability (PI)
Telehealth Expansion Acts (2020–2021) Temporary telehealth coverage expansion

Meaningful Use → Promoting Interoperability

Meaningful Use (HITECH) progressed through three stages (data capture/sharing; advanced processes; improved outcomes) and evolved into CMS’s Promoting Interoperability (PI) Program, emphasizing interoperability, patient access, and reduced burden.

Patient Portals

Secure online platforms for patient access to PHI and communication.

Functionality Description
View records Summaries, diagnoses, labs, immunizations, allergies
Message providers Secure questions/follow-up
Appointments Schedule or request visits
Refills Request renewals; track meds
Billing View/pay balances
Download/share Transmit to other physicians
Reminders Screenings, vaccines, follow-ups
  • Security: HIPAA compliance, authentication, and audit logging.
  • Benefits: Access, communication, engagement, and administrative efficiency.
  • Limitations: Digital literacy, language barriers, data lag, and not for urgent issues.

Social Media in Health Care

Social media platforms (e.g., Facebook, X/Twitter, Instagram, LinkedIn, YouTube, TikTok) are used for education, public health messaging, professional collaboration, promotion, crisis communication, and patient support.

Uses, Benefits, Risks

Use Case Examples
Patient education Prevention, healthy living, treatment options
Public health Outbreaks, vaccines, alerts
Collaboration Case discussions, research sharing
Practice promotion Services, events, new providers
Crisis comms Real-time updates (e.g., COVID-19)
Patient support Peer groups for chronic/mental health
Benefit Description
Reach Broad audiences, younger demographics
Speed Real-time communication
Cost Lower than traditional media
Education Evidence-based information sharing
Networking Connect with peers/experts
Risk Explanation
HIPAA violations Accidental PHI disclosure
Misinformation Unverified claims spread quickly
Unprofessionalism Personal content undermining credibility
Liability Posts construed as medical advice
Boundary issues Patient DMs/friend requests

Best Practices

  • Protect patient privacy; never post identifiable info without written consent.
  • Use disclaimers: educational only, not medical advice.
  • Follow employer policy and verify sources.
  • Maintain professionalism; avoid offensive or highly personal posts.
  • Monitor engagement; report abuse/spam.

Telemedicine

Telemedicine uses digital communication (video, messaging, apps) to deliver clinical services remotely, improving access, convenience, and continuity of care.

Core Types

Type Description Example
Live (synchronous) Real-time video/audio consultations Virtual urgent care visit
Store-and-forward Transmit images/data for later review Dermatology image review
Remote patient monitoring Ongoing device-based data capture Home BP/glucose monitoring
mHealth Apps/mobile devices for self-management Reminders, symptom tracking

Benefits & Considerations

For Patients For Providers
Convenient access from home; reduced travel/wait time; lower costs; comfort for sensitive issues Expanded reach; improved follow-ups; better chronic management via RPM; efficient time use

Privacy, Legal, and Operational

  • HIPAA-compliant platforms; protect PHI during virtual care.
  • Obtain informed consent (verbal/electronic) as required.
  • State licensure rules apply to location of the patient (with limited exceptions).
  • Reimbursement varies by state and payer; verify coverage.
  • Limitations: not for emergencies/complex exams; depends on internet access and digital literacy.

Common Telemedicine Platforms

Platform Use
Doxy.me, Zoom for Healthcare Secure video visits
Amwell, Teladoc Consumer-facing telehealth services
Epic, Cerner (EHR-integrated) In-platform video and messaging
MyChart, Healow Portal apps with telemedicine features

Adapted from Oregon Health & Science University, funded by the U.S. Department of Health and Human Services

Media Attributions

  • Digital healthcare concept with doctor updating electronic health records, showcasing health information EMR system, medical data, online documentation and patient files.
  • Financial documents stored in filing cabinets.

License

Health 1010 Copyright © by Wyatt Slauson. All Rights Reserved.

Share This Book