3. Non-malfeasance: duty to prevent harm
Integrity: duty of health care providers to fulfill
obligations to the best of their abilities
Beneficence: duty to do good
4. Privacy and Confidentiality: Everyone – famous or not-
has right to privacy of health information; caregivers
have a duty to protect this right and do no harm;
patient’s health information protected under the Health
Insurance Portability and Accountability Act (HIPAA)
(Kopala & Mitchell, 2011)
Security: Collected data must be protected – electronic
medical records must be secured; it is a caregivers
duty to fulfill the obligation to protect patient information
Covered entities (any organization that receives private
health information as part of business activities) must
ensure confidentiality and integrity of PHI (Kopala &
Mitchell, 2011)
5. Privacy and confidentiality at
heart of patient/provider
relationship (World Medical
Association, 2013)
Electronic health records
(EHR’s) shared between
many parties (health care
providers, research
organizations, patient
representatives, insurance
companies, etc.)
Potential for breach in
security and privacy exists
General HIPAA violations
(Kopala & Mitchell, 2011)
6. Studies show privacy breaches affect patient
autonomy and break down patient provider
relationships (Winkelstein, 2013)
HIPAA violations often related to medical
research as well as caregiver failure to protect
patient information, securing paper and
electronic medical records (Jaret, 2013)
7. Health care organizational leaders must develop
awareness of potential ethical issues with HMIS
Leaders must select quality programs (Tan, 2010)
Leaders must incorporate adequate security
measures to protect HMIS systems (Tan, 2010)
Leaders must enforce data stewardship (Tan,
2010)
Leaders must ensure caregiver and patient
education as to patient privacy rights and
ramifications of HIPAA violations
8. Commitment to awareness and education
Need to balance benefits vs. risks
Need for provider “champions” of ethical HMIS
use
9. Patient safety
Provider/patient relationship jeopardized
Legal issues related to lawsuits, HIPAA violations
(McGrory-Dixon, 2013), Medicare fraud
Violating HIPAA has criminal and civil penalties- up to
$50,000 fine and one year in jail for knowingly disclosing
or obtaining patient health information in violation of
HIPAA
Up to $100,000 fine for doing the above under false
pretenses
Up to $250,000 fine for doing the above with the intent to
harm or profit from the information (for example,
disclosing celebrity information for a profit)
10. Kopala, B., Mitchell, M. (2013). Use of digital health records raises ethics concerns. Retrieved
from http://www.nursingcenter.com/lnc/CEArticle?an=00128488-201107000-
00004&Journal_ID=260876&Issue_ID=1213557
McGrory-Dixon, A. (2013). HHS toughens HIPAA violation penalties. Retrieved from
http://www.benefitspro.com/2013/04/09/hhs-toughens-hipaa-violation-penalties
Nickel, P. J. (2011). Ethics in e-trust and e-trustworthiness: The case of direct computer-
patient
interfaces. Ethics and Information Technology, 13(4), 355-363.
doi:http://dx.doi.org/10.1007/s10676-011-9271-9
Samuel, H. (2011). Towards a definition of health information ethics. Retrieved from
http://www.academia.edu/503995/Towards_a_Definition_of_Health_Informatics_
Ethics
Tan, J., & Cobb Payton, F. (2010). Adaptive health management information systems (3rd
ed.).Sudbury: Jones and Bartlett.
Winkelstein, P. (2013). Ethical and social challenges of electronic health information.
Retrieved from
http://ai.arizona.edu/mis596A/book_chapters/medinfo/Chapter_05.pdf
World Medical Association. (2013). WMA declaration on ethical considerations regarding
health databases. Retrieved from http://www.wma.net/en/30publications/10policies/d1/
