Administrative Ethical Issues

Administrative Ethical Issues

There are continuous incidents of ethical issues in the health care

organizations from the administrative today due to his or her behavior. They have

the obligation to themselves, the patients, the facility, and all employees. The

technology of medical information can become an ethical issue concerning the

private and confident information of all patients. The Health Insurance Portability

and Accountability Act (HIPPA) were established to keep all patient information

private unless consent was given otherwise (Crandell D., 2012). The Health

Information Technology for Economic and Clinical Health (HITECH) Act was

established to advocate the acceptance and significant use of health information

An example, data breach of patient’s medical information at South Shore

Hospital (Massachusetts) will be discussed in full. This essay will state the impact

and issues it had on the population, the facts that were used to support the ethical

issue, the legal issues, and support a solution for the breach of patient information.

What were the managerial responsibilities relating to administrative ethical issues?

Data Breach at South Shore Hospital

There was a data breach involving patient information at South Shore

Hospital in Massachusetts. The hospital employed a third-party service provider

Administrative Ethics

3

in February 2010, to erase 473 unencrypted back-up tapes that contained the

personal information and protected health information of over 800,000 individuals

(Crafts, A., 2012). This third-party was employed before regulations were applied.

The hospital did not inform the service that the back-up tapes contained private

information. The hospital did not obtain any information if the service had

sufficient protections or defenses to protect sensitive information. This service

called Archive Data Solutions job was to delete the tapes and then they could

be resold. It seems that the boxes of back-up tapes were shipped and handled by

The South Shore Hospital was informed in June 2010 that Archive Data

Solutions had only received one box and the remaining boxes were not delivered.

It seems that the other boxes were lost and nobody had any information on where

they were located. To this day the missing boxes were never located. It is like the

boxes vanished into thin air.

Impact on Population

The impact of this data breach pertaining to 800,000 patient’s private

medical information caused a huge amount of stress. The patient’s information

uncovered his or her name, Social Security numbers, financial account numbers,

birth dates, address, insurance information, and medical diagnoses. The patient’s

Administrative Ethics

4

had to keep a close eye on his or her credit reports to ensure nobody has gotten

into his or her creditability accounts. Seeing how the missing boxes were never

retrieved or found. It was frustrating for the patient’s to know that the hospital had

not secured his or her medical information properly. The hospital did not follow

the rules and regulations of HIPPA and HITECH.

Ethic and Legal Issues

The legal foundation for the implementation of the responsibility for a

breach of personal medical information is common within the ethical rules and

regulations for hospitals. The lawsuit was centered on both federal and state law

violations. The hospital failed to execute applicable safeguards and rules to protect

patient’s information. The hospital was unsuccessful in having or documenting

a Business Associate Agreement with Archive Data. The hospital violated the

HITECH Act and HIPPA that gave the Attorney General the power to bring about

civil actions. Under the hospital guidelines they must inform the 800,000 patients

of the improper realize of his or her private information to Archive Data.

Following a two year investigation by the Massachusetts Attorney General’s

Office (AGO), the hospital has agreed to pay $775,000 to resolve allegations that

it failed to protect the personal and confidential health information (Zick C. J.,

2012). This amount was broken down to certain specifics. There was $225,000 for

Administrative Ethics

5

civil fine and $225,000 for education fund that can be used or promote education.

The consent judgment credits the hospital $275,000 to reflect security measures

it has taken subsequent to the breach (para. 4). This case of breach is the third

enforcement by the AGO and significantly surpasses in fines then the other two

Managerial Responsibilities

The managerial responsibilities are to ensure all patient information

is safeguarded properly by a Business Associate Agreement. The managerial

must inform all data services that the information on back-up tapes is personal

and private medical information pertaining to the patients of the hospitals. The

managerial should properly education all employees of HIPPA and HITECH. This

will confirm that the hospital’s rules and regulations are met by the HIPPA and

Proposed Solutions

The hospital should implement and plan safeguards. The hospital should

have the contracts with Business Associates that partake in data service reviewed

by legal representation so no breach of patient information can be an issue again

for the facility. The hospital should make sure the data service meets the guidelines

Administrative Ethics

6

for HIPPA and HITECH. This will help the hospital to avoid future breaches. The

health care organizations duty of privacy at times must give way to a stronger

community interest (HHS, 2011). The hospital agreed to undergo a review and

audit of certain security measures (Zick C.J., 2012). After the review these results

and any corrective actions must be reported to the Attorney General (Zick C. J.,

Conclusion

There are huge fines and violations associated with breach of patient

information. The managerial needs to make certain that all rules and regulations

are up to code with the guidelines of HIPPA and HITECH. All employees need

to be educated on the rules and regulations pertaining to hospital policies about

Business Associate Agreements with data services. Basically, the technology

of medical information can become an ethical issue concerning the private and

confident information of all patients. The administrator needs to know his or her

responsibilities to the hospital, patients, employees, and other services affiliated

Administrative Ethics

7

References

Crafts A. (2012) Massachusetts Hospital Agrees to Pay $775,000 for Security

Breach. Retrieved on July27, 2012.

http://privacylaw.proskauer.com/2012/06/articles/data-

breaches/massachusetts-hospital-agrees-to-pay-775000-for-security-breach/

Crandell D. (2011) Into The Breach… …What to do when patient information

is compromised. PT In Motion, 3(10), 42-43 from EBSCO host database.

US Department of Health and Human Services (2011) HIPPA and HITECH, Retrieved

on July 27, 2012. www.hhs.gov

Zick, C. J. (2012) Data Breaches Continue To Be A Problem For Health Care

Providers: South Shore Hospital (Massachusetts) Pays $775,000 To

Settle Data Breach Charges. Retrieved on July 27, 2012.

http://www.securityprivacyandthe law.com/2012/05/articles/government-

enforcement/data-breaches-continue-to-be-a-problem-for-health-care-

providers-south-shore-hospital-massachusetts-pays-750000-to-settle-

data-breach-charges/2012

Administrative Ethics

8

Leave a Reply