Many health care managers would argue that their greatest ethical challenge these days lies in the problem of ensuring patient confidentiality. Not just a moral obligation among medical practitioners but a legal one as well, protecting the privacy of doctor-patient interactions and patient medical records is an important and high-profile issue, more so as computer networking and the explosion in computer crime have become normal components of conducting business. With the advent of networked systems for storing and transmitting medical data, the threat of both criminal and inadvertent breaches of patient confidentiality has increased astronomically. Useful government sources for information on patient confidentiality include the U.S. Centers for Disease Control website [www.cdc.govtb/education/ssmodules/module7/ss7reading4.htm] and the U.S. Department of Health and Human Services website section on “Health Information Privacy,” particularly the discussion of “Understanding Patient Safety Confidentiality,” at www.hhs.gov/ocr/privacy/psa/understanding/.
Protecting medical records from computer hackers may not seem like an “ethical” issue, but it is considered one by the medical industry and the federal government alike. And it’s not just medical records that need to be protected; computer hackers have demonstrated their ability to manipulate medical equipment from remote locations by invading a hospital’s computer network, thereby threatening the lives of patients. A June 2013 report by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team stated that researchers
“have reported a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. According to their report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware.” [ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01]
From an ethical standpoint, the issue of patient confidentiality is more relevant, but criminal who are able to penetrate sophisticated networks and manipulate equipment settings are more than capable of accessing patient records. Consequently, the biggest, and newest, challenge to health care managers is the protection of patient confidentiality in the age of the computer.