Critical Thinking Case study:
Scenario: Security at All Pine Medical Center
All Pine Medical Center is a 250 bed trauma hospital in Indianapolis, Indiana. All Pine is a Joint Commission approved Medicare, Medicaid facility and houses a separate large inpatient, outpatient cardiology building adjacent to the main hospital. Palmer Cardiology Associates manages the cardiology center with Dr. Robert Palmer as the medical director. Dr. Palmer’s group has been affiliated with All Pine Medical Center for the past fifteen years and generates a vast amount of revenue for the facility.
Ten months ago, All Pine moved totally away from paper medical records and implemented an electronic health record (EHR) system. The move was completed in two phases over an eighteen month time span. Dr. Palmer’s group was ecstatic about the move to an EHR and was fully onboard with the change. Today, Dr. Palmer and his colleagues are frustrated over all of the security features associated with All Pine Medical Center’s new EHR. Dr. Palmer wants some of the security features disabled so he can get faster access to his patient’s data and not be limited on the time spent with a patient’s record. The current process in place for all physician’s and hospital employees is to first log on to All Pine Medical Center’s main system with a user name (assigned by the hospital IT department) and password (selected by the physician or employee); second, then log on to the electronic health record using the main user name but a different password along with an access code (again assigned by the hospital IT department).
Dr. Palmer and his associates want to sign on one time and access anything they want within the main system and electronic health record for as long as they want. He has assured the hospital risk management and health information management departments his group will sign off once they have completed what they needed to do or access in the patient record.
Due to the State and Federal rules and regulations in regards to confidentiality and security of patient health information, the health information management department is at a loss as to how to accommodate Dr. Palmer’s request. The Chief Executive Officer (CEO) and the Chief Information Officer (CIO) of All Pine have said, “Just make him happy”. The health information management director along with risk management, quality assurance, and the facilities IT department have formed a task force to find a way to modify Dr. Palmer and his groups access to the hospital’s main system and the EHR. The task force has reviewed the following documents for guidance on confidentiality and security of patient health information.
The task force has reviewed:
1. All Pine’s internal policy and procedures on confidentiality, security, and access to patient health records.
2. Joint Commission Accreditation rules and regulations for confidentiality, security, and access to patient health records.
3. HIPAA rules and regulations on confidentiality, security, and access to patient health records.
They are at a standstill on a concrete resolution for Dr. Palmer’s request. Your task, utilizing the 6 goals of the ARC, is to assess the issue/problem between Dr. Palmer and his group and All Pine Medical Center.