Administrative Ethical Issues
There are continuous incidents of ethical issues in the health care
organizations from the administrative today due to his or her behavior. They have
the obligation to themselves, the patients, the facility, and all employees. The
technology of medical information can become an ethical issue concerning the
private and confident information of all patients. The Health Insurance Portability
and Accountability Act (HIPPA) were established to keep all patient information
private unless consent was given otherwise (Crandell D., 2012). The Health
Information Technology for Economic and Clinical Health (HITECH) Act was
established to advocate the acceptance and significant use of health information
An example, data breach of patient’s medical information at South Shore
Hospital (Massachusetts) will be discussed in full. This essay will state the impact
and issues it had on the population, the facts that were used to support the ethical
issue, the legal issues, and support a solution for the breach of patient information.
What were the managerial responsibilities relating to administrative ethical issues?
Data Breach at South Shore Hospital
There was a data breach involving patient information at South Shore
Hospital in Massachusetts. The hospital employed a third-party service provider
in February 2010, to erase 473 unencrypted back-up tapes that contained the
personal information and protected health information of over 800,000 individuals
(Crafts, A., 2012). This third-party was employed before regulations were applied.
The hospital did not inform the service that the back-up tapes contained private
information. The hospital did not obtain any information if the service had
sufficient protections or defenses to protect sensitive information. This service
called Archive Data Solutions job was to delete the tapes and then they could
be resold. It seems that the boxes of back-up tapes were shipped and handled by
The South Shore Hospital was informed in June 2010 that Archive Data
Solutions had only received one box and the remaining boxes were not delivered.
It seems that the other boxes were lost and nobody had any information on where
they were located. To this day the missing boxes were never located. It is like the
boxes vanished into thin air.
Impact on Population
The impact of this data breach pertaining to 800,000 patient’s private
medical information caused a huge amount of stress. The patient’s information
uncovered his or her name, Social Security numbers, financial account numbers,
birth dates, address, insurance information, and medical diagnoses. The patient’s
had to keep a close eye on his or her credit reports to ensure nobody has gotten
into his or her creditability accounts. Seeing how the missing boxes were never
retrieved or found. It was frustrating for the patient’s to know that the hospital had
not secured his or her medical information properly. The hospital did not follow
the rules and regulations of HIPPA and HITECH.
Ethic and Legal Issues
The legal foundation for the implementation of the responsibility for a
breach of personal medical information is common within the ethical rules and
regulations for hospitals. The lawsuit was centered on both federal and state law
violations. The hospital failed to execute applicable safeguards and rules to protect
patient’s information. The hospital was unsuccessful in having or documenting
a Business Associate Agreement with Archive Data. The hospital violated the
HITECH Act and HIPPA that gave the Attorney General the power to bring about
civil actions. Under the hospital guidelines they must inform the 800,000 patients
of the improper realize of his or her private information to Archive Data.
Following a two year investigation by the Massachusetts Attorney General’s
Office (AGO), the hospital has agreed to pay $775,000 to resolve allegations that
it failed to protect the personal and confidential health information (Zick C. J.,
2012). This amount was broken down to certain specifics. There was $225,000 for
civil fine and $225,000 for education fund that can be used or promote education.
The consent judgment credits the hospital $275,000 to reflect security measures
it has taken subsequent to the breach (para. 4). This case of breach is the third
enforcement by the AGO and significantly surpasses in fines then the other two
The managerial responsibilities are to ensure all patient information
is safeguarded properly by a Business Associate Agreement. The managerial
must inform all data services that the information on back-up tapes is personal
and private medical information pertaining to the patients of the hospitals. The
managerial should properly education all employees of HIPPA and HITECH. This
will confirm that the hospital’s rules and regulations are met by the HIPPA and
The hospital should implement and plan safeguards. The hospital should
have the contracts with Business Associates that partake in data service reviewed
by legal representation so no breach of patient information can be an issue again
for the facility. The hospital should make sure the data service meets the guidelines
for HIPPA and HITECH. This will help the hospital to avoid future breaches. The
health care organizations duty of privacy at times must give way to a stronger
community interest (HHS, 2011). The hospital agreed to undergo a review and
audit of certain security measures (Zick C.J., 2012). After the review these results
and any corrective actions must be reported to the Attorney General (Zick C. J.,
There are huge fines and violations associated with breach of patient
information. The managerial needs to make certain that all rules and regulations
are up to code with the guidelines of HIPPA and HITECH. All employees need
to be educated on the rules and regulations pertaining to hospital policies about
Business Associate Agreements with data services. Basically, the technology
of medical information can become an ethical issue concerning the private and
confident information of all patients. The administrator needs to know his or her
responsibilities to the hospital, patients, employees, and other services affiliated
Crafts A. (2012) Massachusetts Hospital Agrees to Pay $775,000 for Security
Breach. Retrieved on July27, 2012.
Crandell D. (2011) Into The Breach… …What to do when patient information
is compromised. PT In Motion, 3(10), 42-43 from EBSCO host database.
US Department of Health and Human Services (2011) HIPPA and HITECH, Retrieved
on July 27, 2012. www.hhs.gov
Zick, C. J. (2012) Data Breaches Continue To Be A Problem For Health Care
Providers: South Shore Hospital (Massachusetts) Pays $775,000 To
Settle Data Breach Charges. Retrieved on July 27, 2012.