In the current world, information is shared with ease, and it is a bit difficult to protect the privacy of a patient. According to Sage (2014), case of data security breaches has been increasing at a frightening rate, calling for the need to update the HIPAA guidelines by the government on a regular basis. The magnitude of the issue under discussion has also warranted the simplification of the HIPAA guidelines and the fines that the violations attract (Shay & Gosfield, 2013). Violation of HIPPA guidelines by an Advanced Practice Nurse leads to moral distress. This paper discusses the HIPAA guidelines in relation to an ethical-legal dilemma case study.

Mr Johnson is an advanced nurse informaticist at Exter Hospital. Mrs. Edwards comes to Mr Johnson, and requests for information regarding a Mr. Laban, a 70 year old male patient, intubated, in a comma, and with a unique disease. Mrs. Edwards needs the health information for Mr. Laban for study purposes. She will need to examine the patient, and collect all information regarding the patient. She, however, does not belong to this hospital. She came across Mr. Johnson at a hotel and introduced herself as a nurse in charge of research in the Medical school that is linked to Mr. Johnson’s hospital. As the nurse informaticist, Mr. Johnson is in a dilemma. Since the patient cannot talk to give consent, the nurse if torn between releasing her information without consent, and releasing the information, since research may even help in the diagnosis of the unique disease that the patient is suffering from.

If Mr. Johnson releases the information, he will have violated the law because of disclosing health information to an unauthorized individual. HIPAA guidelines knowingly, and the hospital is classified as a covered entity (AMA, 2014). One ethical principle that would be violated is the principle of fidelity (Pojman, 2010). The fidelity principle requires that a nurse be truthful to the patient throughout the process of care. By releasing the patient information without consent, the nurse would have gone against the agreement to keep the promise of confidentiality.

To prevent violation of the ethical principle and the violation of the law, the nurse ought to make a decision based on sound legal and ethical reasoning. First, the nurse has a duty to protect the patient’s privacy, both ethically and legally (Banafield, Ashkanazi & Rozensky, 2006). The nurse should explain to Mrs. Edwards that he cannot release information without the patient’s consent, or approval from the hospital, in cases of medical research. It would warrant that Mrs. Edwards waits for the patient to recover so that the nurse can seek his consent to release his health information. With such a decision, the nurse will not violate the law or the ethical principle of being true to the patient.

Many legal principles and laws apply to the ethical dilemma presented. A major legal principle that applies in this case is informed consent. The nurse should not release information concerning a patient without consent (Advance Health Network, 2014). In addition, the nurse would have breached the legal principle of malpractice since they have a duty to protect patient’s privacy (Jones-Levett et al., 2010). Also, the law requires that a nurse should not misuse confidential patient information for personal gain. The nurse, Mr. Johnson may have been tempted to release information to Mrs. Edwards since they had met before and became friends. Further, the HIPAA guidelines require that a nurse protects the patient’s confidential information. This law applied to this case.

The legal issues in this case study are justifiable. The HIPAA guidelines outline clearly that the nurse has a duty to protect the patient’s privacy (Sage, 2014). An example of a case supporting the legal implications of HIPAA violations is the one involving Tammy Wynette and Farah Fawcett, whose medical records were viewed and sold to the media. In the case “Tammy Wynette Vs. A Major Health Provider,” the health practitioner was charged with malpractice for selling the health information of the patient to the social media (Deloitte, 2011). Another example is that of Huping Zhou,who was sentenced for four months for releasing information from files of high-profile people like Elizabeth Banks (Advance Health Network, 2014). If Mr. Johnson released the information to Mrs. Edwards, there is no doubt he would have faced similar charges.

Legal reasoning is different from ethical reasoning. In this case, Mr. Johnson would have completely refused to release information to Mrs. Edwards if he reasoned on the basis of legal reasoning. However, considering it ethically, Mr. Johnson would have released information to (Jones-Levett et al., 2010). As such, there is a need to employ ethical-legal reasoning in order to provide sound decisions in such dilemmas. Considering the ethical and moral issues in this case, the nurse would have first sought the consent of the patient. Since the patient is in a comma, and cannot talk, relatives can provide the consent. This will help avoid ethical and legal violations.

Recommendations

1. The nurse should consider getting informed consent from the patient or relative
2. The nurse should also consider the importance the patient information for medical research
3. Considering the law and ethical behavior, the nurse should not release any information if the consent is not given.

In conclusion, the law and HIPAA guidelines that concern patient apply in this case. As a nurse informaticist who abides by the law and ethical practice, Mr. Johnson cannot release medical information to Mrs. Edwards without the consent. By applying the ethical-legal reasoning model, the nurse would only release the information after getting the consent from the patient or the hospital.

References

Advance Health Network. (2014). Electronic medical record and HIPAA violations. Retrieved from http://nursing.advanceweb.com/continuing-education/ce-articles/electronic-medical-record-hipaa-violations.aspx?CP=2

American Medical Association (AMA). (2014). HIPAA violations and enforcement. Retrieved from http://www.ama-assn.org/ama

Benefield, H., Ashkanazi, G., & Rozensky, R. H. (2006). Communication and records: Hippa issues when working in health care settings.Professional Psychology: Research and Practice, 37(3), 273-277.

Deloitte. (2011). Privacy and security in healthcare: a fresh look. Washington, DC: Author.

Jones-Levett, T., Hoffman, K., Dempsey, J., Jeong, S. S., Noble, D., Norton, A. C.,… & Hickey, N. (2010). The five rights of clinical reasoning: an educational model to enhance nursing students’ ability to identify and manage clinically “at risk” patients. Nurse Education Today, 30(6),515-520.

Pojman, P. L. (2010). Ethical theory:classical and contemporary readings (5^th ed.). Florence, KY: Cengage Learning.

Sage, A. (2014). Physical security, HIPPA, and the HHS wall of shame.International Association for Hospital Security, 30(1), 85-90.

Shay, D. F., & Gosfield, A. G. (2013). HIPPA AGAIN: Confronting the Updated Privacy and Security Rules. Family Practice Management, 20(3), 18-22.