SENG 31343

Health Information
Management
Case Study: Answers
Disclosing health care information to family
Assignment 02

Josiah Prathaban
SE/2017/022
Question 01.

There are four possible outcomes for this scenario

1. Dr. Cohen may disclose the health condition of Miss. Tammy to her father or husband.
To prevent a serious and imminent threat to health or welfare A health service may use or
disclose personal health information if there are reasonable grounds for believing
that this is necessary to lessen or prevent:
• a serious and imminent threat to the life, health or safety of the individual or another
person, or
• a serious threat to public health or public safety

While Miss. Tammy has some sexually transmitted diseases (STDs) it is a threat to her life as well
as her husband’s life. At that point of view Dr. Cohen can disclose the information to her father
or husband.

2. Dr. Cohen may not disclose the health condition of Miss. Tammy to her father or husband.
Miss Tammy is adult so she has a right to not have the doctor tell their families what her
diagnosis or condition is, and the doctors and nurses must follow the patient’s request per
HIPAA law. According to HIPAA Privacy Rule at 45 CFR 164.510(b), a doctor can discuss a
patient’s health status, treatment, or payment arrangements with the patient’s family and
friends if only the patient agrees. But according to the scenario Miss. Tammy didn’t agrees to
disclose the information to her family. So, Dr. Cohen can’t disclose the information to her father.

Miss. Tammy is major (21years old), so she can tell the doctor not to share any information with
his father, and if asked, Dr. Cohen can say to her father, “I’m sorry, I cannot discuss this with
you; please ask the patient yourself.”
And then Miss. Tammy can say whatever she wants. The doctor shouldn’t lie, but they also don’t
have to say anything.

3. Jim may access the information system to find the details of Tammy’s illness.
As a partner Jim will mostly likely have access to his spouse’s medical data under the HIPAA
Privacy Rule. One can ensure access by providing written permission to their healthcare provider
designating their spouse as their personal representative, but oftentimes a spouse will be
informed of patient data with verbal permission by the patient or professional judgement by the
healthcare provider.
But as a software engineer accessing the information system to find the details of Tammy’s
illness is totally non ethical and wrong.

4. Jim may not access the information system to find the details of Tammy’s illness.
The IMIA Code of Ethics for Health Informatics Professionals (HIPs) mention that HIPs have a
duty to ensure that the subjects of electronic health records are made aware of the origin
of the data contained in their records, HIPs have a duty to ensure that electronic health records
are stored, accessed, used, linked, manipulated or communicated only for legitimate purposes.
So as a software engineer involved in development of “Be Healthy Clinic” he can’t access the
information system to find the details of Tammy’s illness.
Question 02.

a. As a Healthcare Staff Member

• Dr Cohen follows The Principle of Autonomy. Respect for autonomy requires that
patients be told the truth about their condition and be informed about the risks and
benefits of treatment in order for them to make informed decisions. In the scenario Dr.
Cohen explains her health condition clearly (truthfully).
• Dr. Cohen follows The Principle of Justice. Justice speaks to equity and fairness in
treatment. In the scenario Dr. Cohen and Miss. Tammy’s fathers are friends. But the
scenario didn’t mention that doctor treat tammy as a special patient or something like
that.
b. As a Software Developer
• As I mention above the IMIA Code of Ethics for Health Informatics Professionals (HIPs)
mention that HIPs have a duty to ensure that the subjects of electronic health records
are made aware of the origin of the data contained in their records, HIPs have a duty to
ensure that electronic health records are stored, accessed, used, linked, manipulated or
communicated only for legitimate purposes. So as a software engineer involved in
development of “Be Healthy Clinic” he can’t access the information system to find the
details of Tammy’s illness.
• So as a software engineer Jim’s decision is wrong and unethical.

Question 03.

a. As a Country
Can implement a law that none of the family planning clinics in the country can provide any
contraceptive pills, condoms, contraceptive injection, without a doctor’s prescription.

b. As a Healthcare Institution
Select or create a proper Ethical Decision-Making Model and make all the health-related staffs
to follow and practice the model. If we take the given scenario as an example, it is a complex
scenario, a doctor or health staff can make more than one decision according to the law and
ethics. Dr. Cohen may or may not disclose the health condition of Miss. Tammy to her father or
husband. There are two possibilities both are correct on its perspective (already mention in
Question 01, 1 and 2). Staffs may get confused, so if Be Healthy Clinic have a unique Ethical
Decision-Making Model there won’t be any confusion.
e.g., Tilt Factor Model, The RIPS Model

c. As a Software Architect
As a software architect we have to focused on the security and access of the medical data. We
have to implement a highly secure architecture for the system. Can implement data encryption,
Utilize multifactor authentication etc.
References:

https://www.health.nsw.gov.au/policies/manuals/Documents/privacy-section-11.pdf

https://www.hhs.gov/hipaa/for-professionals/faq/disclosures-to-family-and-friends/index.html

https://www.amboss.com/us/knowledge/Principles_of_medical_law_and_ethics/

https://healthitsecurity.com/news/protecting-patient-privacy-while-keeping-families-informed

https://www.kolzchut.org.il/en/Disclosing_Medical_Information_to_a_Patient%27s_Family

https://gazelleconsulting.org/does-hipaa-apply-to-family-members/

https://imia-medinfo.org/wp/wp-content/uploads/2015/07/Handbook-for-revised-Code-of-Ethics.pdf

https://www.guttmacher.org/journals/psrh/2004/hipaa-privacy-rule-and-adolescents-legal-questions-
and-clinical-challenges

https://www.atrainceu.com/content/3-principles-healthcare-ethics

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4825228/

https://www.verywellhealth.com/who-has-access-to-your-medical-records-2615502

https://digitalguardian.com/blog/what-health-information-system

https://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/s12911-021-01570-2

https://edepot.wur.nl/551119