Within the context of healthcare, what are managerial responsibilities related to administrative ethical issues, such as patient confidentiality (HIPAA)? How might health care managers become sensitive to administrative ethical issues?
Often, legislation is introduced to address a problem that has come to the attention of one or more members of the United States Congress. The problem may be isolated, or it may be systemic, but elected representatives seize upon such opportunities to advance legislations that they hope will become law. When the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed, it was, in part, a reaction to growing concerns among the public and its representatives. The passage of HIPAA was a reflection of concerns regarding the sanctity of personal medical information as patients move through the medical system and their personal information passes over more and more desks of unseen bureaucrats and insurance company employees, an increasingly important consideration as medical networks and insurance companies are more tightly connected in cyberspace through computer networks vulnerable to hacking and abuse. Title II of HIPAA is the relevant section for the law’s protections against abuse. Known as "the Privacy Rule," the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights enforces HIPAA's provisions. These privacy protections continue to expand, including as recently as September 2013 when HHS issued new rules intended to address the growing vulnerability of medical records to electronic intrusions. Health care managers are expected to know what HHS is doing, and to implement its requirements according to established timelines.
Medical ethics has been a concern at least since Hippocrates established his principles in the 5th Century B.C. The purpose of the discussion on HIPAA is to emphasize that health care managers have not only an ethical obligation to protect the privacy of patients, but a legal one as well. The Hippocratic Oath is just that: an oath. The law, however, carries very concrete and substantial requirements and penalties for failing to comply with its codification of ethical principles. Health care managers know the importance of ethics; it is drilled into them as they prepare academically and professionally for their responsibilities. Among those responsibilities is ensuring that their staffs are properly versed in their ethical and legal responsibilities. Protection of patient confidentiality is among the most basic and sacred of those responsibilities, and if they aren’t sensitive to that requirement, they ought not be vested with the authorities for which they are being paid. Accountability, needless to say, begins at the top of the organizational structure. Managers must take those steps they deem necessary to protect the confidentiality of patient information and to prevent abuse of the medical billing processes, where opportunities for such abuse abound. That means issuing clearly-written guidelines to all employees and requiring that those guidelines be read, and then enforcing prohibitions by penalizing infractions.