Legal and Ethical Considerations in Healthcare
A. Evaluation of the policies in the attached “Health Record Policies”
- Additional information that should be included pertaining to a shadow chart is the electronic
details that are not covered in the shadow chart. The healthcare provider may copy
information found in the electronic record and add it to the shadow chart. Shadow charts
require proper maintenance similar to the safety and security accorded to primary charts, and
their access must be limited to authorized personnel.
- Information technology staff can help decrease incidences of security breaches by educating
the clinical personnel on ways of diminishing the breaches and securing their electronic
equipment when not in use. The whole staff should be taught the significance of securing
their workstations and not sharing passwords. The IT staff should explain the policy to other
clinical personnel and the legal consequences of violating company policy or the HIPAA
B. Criminal liability under the Montana Code 41-1-402 (2a through d)
- HIPAA criminalizes the act of using or disclosing confidential health information of a patient
by an individual or an institution for any other purposes other than health care operations,
payment, or treatment. Such violations result in fines and/or imprisonment.
- The Montana Code 41-1-402 stipulates that the healthcare professional may secure legal
consent from a minor to prevent, diagnose, or treat the minor without the supervision of an
adult. This is possible if the minor is from high school, stays alone and supports
himself/herself, has a child, is pregnant, or is suffering from any reported communicable
disease, or needs emergency care. Criminal liability may arise from the failure to follow the
C. A legal claim may result under the Montana Code 50-16-603x if a health professional
negligently handles private and confidential information of a patient and a third party gets
access to the same. A health confidentiality policy statement may read that: All patient-
professional relationships must be kept private and confidential except in circumstances
where the patient chooses to waive his consent or where a minor is involved.
D. A medical professional is required to avail the patient’s recorded healthcare information to
the patient, ten days after receiving the patient’s written request (Harman, 2006). In case
the information is not available, the health care professional should inform the patient. The
professional may deny the patient’s request, whole in part under 50-16-542. A release of
information policy statement may read this way: Any release of health information
requests must be processed in line with Hospital Policy and the HIPAA Act.
A. The HIIM professional has several ethical obligations. First, he/she is charged with
advocating, upholding, and defending a patient’s right to privacy and confidentiality while
using and disclosing information. Second, a HIIM professional must make the welfare of
professionals a first priority before self- interests to bring honor to oneself, colleagues, and
the whole profession health information management. Third, the professional must ensure the
preservation, protection, and security of personal health information obtained in his official
capacity, while considering the applicable regulations and statutory provisions. The fourth
responsibility is not to engage in or hide any unethical procedures or practices, and to report
such practices to relevant authorities. Lastly, the professional must constantly improve his
knowledge and practice of health information management through continuing presentations,
publications, research, and education (Harman, 2006).
The areas can pose danger because they are vulnerable to abuse by the professionals. Without
any control measures, health professionals may abuse the information given to them by patients.
This is capable of destroying the reputation of the institution and individual professionals by
chasing away customers. A professional can effectively meet these challenges by using the
principles and guidelines provided under the AHIMA Code of Ethics, which are both aspirational
and enforceable (Harman, 2006).
A. Compliance management scenario
- The compliance officer would go through Denise and hear her out regarding what happened.
They will then call Mr. Stevens and apologize to him. He will also ask Denise to call
Steven’s family members and tell them that the information was not intended for them.
Denise would be given a warning to avoid negligent acts while recording relevant patient
- The problem was a violation of the HIPAA Act which provides for the protection of private
and confidential information of patients. The information was disclosed to the family of Mr.
Stevens due to the negligence of the hospital employees, yet there is an implied duty for
hospital practitioners to maintain privacy with their clients.
- The first mistake was the hospital’s failure to supply its patient with a Notice of Privacy
Practices. The second mistake was the interchange of the contact information of the patient
and his son. Third, when Denise called on the contact and did not find Mr. Stevens, she
revealed so much information on voicemail while scheduling the patient for chemotherapy.
- The first step is to educate the staff on the privacy rights of the patients. Second, the teach its
staff about the contents of an appointment call, so that the employees making a voice call do
not give too much information concerning the health status of the employee because any
family member may bump into the information (Wallace, 2013).
B. Health informatics and information management department staff can assume a leadership
role in educating clinical staff on compliance behavior by giving the staff adequate lessons
on the use, maintenance, and release of patient information. The staff should also be taught
on the significance of professional-patient relationship, the extent of the relationship, and the
breach the confidentiality of the relationship (Petronio, DiCorcia & Duggan, 2012).
C. The first step in teaching the clinical staff on ways to improve documentation is by
introducing them to different ways of documenting patient files. Second, the staff is taught on
how to keep the documents safe and secure. Third, the staff is taught on the extent of the
confidentiality of the patient’s information. Fourth, the staff is taught of the concept of
informed consent and circumstances where the consent may be waived (Petronio, DiCorcia
& Duggan, 2012; Wallace, 2013).
Harman, L. B. (2006). Ethical Challenges in the Management of Health Information. Jones &
Petronio, S., DiCorcia, M. J., & Duggan, A. (2012). Navigating ethics of physician-patient
confidentiality: a communication privacy management analysis. The Permanente
Journal, 16(4), 41.
Wallace, H. (2013). Data sharing: Don’t compromise on informed consent. Nature, 501(7466),