American Health Information Management
Ann Smith worked in the Information Services department for Douglasville Hospital. The hospital is a small 75-bed acute care facility in a town of 6,400. Ann’s mother, Janice had multiple health issues, she lives in Douglasville town gossiping and collecting news to share with her young-at-heart group at church.
One day, Ann heard her mother screaming for help, Ann quickly ran to her mother’s aid, finding that her husband had collapsed, fallen down the stairs, and was unconscious. Ann called 911, and the paramedics thought that her husband had suffered a myocardial infarction. Ann followed the ambulance to the hospital, leaving her mother at home. She had completely forgotten that she was still signed into the VPN and EHR system.
While Ann was at the hospital with her husband, her mother wandered into Ann‘s office and noticed that the computer was still logged into the hospital system. Janice opened the record to read it, and as she read through the details of her pastor’s record, she learned that he had lung cancer with brain metastasis.
Janice called one of the friend parishioner. The following day, Mildred’s pastor received a call from a member of the prayer chain, expressing concern about his cancer and asking if there was anything she could do to help. Pastor Martin had no idea how any of his parishioners found out about his condition because he had not shared details with anybody. He called the hospital to find out whether they could track who had accessed his records. A report was run and tracked that Marissa’s log-on was the most recent to access the record.
Ann was still at the hospital and had spent the night in intensive care unit (ICU) at her husband’s bedside. Not only had her husband suffered a massive myocardial infarction, but he also had a traumatic cerebral hemorrhage from falling down the stairs. The doctors had just informed her that the damage was irreversible, and he would be unable to survive without dependence on life support. They had discussed the alternatives, and a decision was made to take him off of the ventilator.
1. What could have been done to prevent the security breach?
2. What are the legal issues addressed in this case?
3. What are the ethical issues addressed in this case?
4. How are the ethical issues in this case covered in the American Health Information Management Association Code of Ethics?