Peer review

The growing use of technology in healthcare has improved many aspects of patient care, but it has also introduced new legal and ethical concerns related to privacy and data security. Because healthcare technology often involves collecting, storing, and sharing protected health information (PHI), its use raises important ethical questions related to privacy, confidentiality, and responsible data management. With the negative stigma that is often associated with sexually transmitted infections (STIs), privacy is a major concern for anyone who receives one of these diagnoses. Although reporting requirements may vary depending on your state or local jurisdiction, STIs including syphilis, gonorrhea, chlamydia, and HIV are reportable diseases in every state (Centers for Disease Control and Prevention [CDC], 2021). In many cases, technologies such as electronic health records (EHRs), electronic laboratory reporting systems, and public health reporting systems are used to report STI diagnoses to health departments. While this technology has improved patient outcomes and helped reduce the transmission of STIs, it also poses potential security risks (Pellowski et al., 2016). Technology-driven STI reporting and partner notification systems can accidentally expose highly sensitive STI information through messages sent to the wrong person, general system misconfigurations, or third-party platforms that may be at higher risk for potential security issues. A privacy breach can cause significant harm in a patients personal life due to the social stigma associated with STIs, and it can lead to a loss of trust in the healthcare system, as well as legal and regulatory consequences such as HIPAA violations. Lack of confidence in the security of electronic health systems may cause patients to conceal sensitive health information, which can compromise treatment and hinder public health efforts to control the spread of STIs (Layman, 2020). Protecting patient confidentiality is an ethical obligation grounded in the principle of fidelity, which requires healthcare professionals to safeguard sensitive health information and ensure it is accessed only by authorized individuals for legitimate purposes (Layman, 2020). In order to prevent potential privacy lapses when technology is used to manage sensitive STI data, I would advocate for the implementation of multiple safeguards: communication should be handled through secure systems such as patient portals, phone calls, or in-person discussions. Access to PHI should also be secured so that only authorized personnel are able to view sensitive patient data. In addition, workflow processes should include double-checking information documented into the EHR to catch typos, incorrect phone numbers, or other data entry errors before notifications are sent. Finally, regular audits should be conducted to review access logs and perform risk assessments in an effort to proactively identify potential HIPAA violations or other threats to patient privacy. References: CDC. (2021, July 22). Sexually Transmitted Infections Treatment Guidelines, 2021 – Reporting and Confidentiality. Centers for Disease Control and Prevention. Links to an external site. CDC. (2024, June 26). Duty to Warn for Health Care Settings. Centers for Disease Control and Prevention. Links to an external site. Kachur, R., Hall, W., Coor, A., Kinsey, J., Collins, D., & Strona, F. V. (2018). The Use of Technology for Sexually Transmitted Disease Partner Services in the United States: A Structured Review. Sexually Transmitted Diseases, 45(11), 707712. Links to an external site. Pellowski, J., Mathews, C., Kalichman, M. O., Dewing, S., Lurie, M. N., & Kalichman, S. C. (2016). Advancing Partner Notification Through Electronic Communication Technology: A Review of Acceptability and Utilization Research. Journal of Health Communication, 21(6), 629637. Links to an external site. Woodward, C., Bloch, S., McInnes-Dean, A., Lloyd, K. C., McLeod, J., Saunders, J., Flowers, P., Estcourt, C. S., & Gibbs, J. (2024). Digital interventions for STI and HIV partner notification: a scoping review. Sexually Transmitted Infections, 100(4), 242250. Links to an external site. Reply to post from Marissa OvassapianReply Expand discussion thread from Marissa Ovassapian 2 Replies, 2 Unread 2 Replies (2) LB lashariah Black Mar 4 10:44pm | Last reply Mar 7 1:44pm Reply from lashariah Black As a woman who has worked in multiple hospitals across this country, I have learned that technology can either protect our patients or put them at serious risk. In todays healthcare environment, electronic health records, social media, and digital communication platforms are part of our daily workflow. But with that convenience comes responsibility. Legal and ethical issues tied to healthcare technology are no longer rare, they are common and increasing. One situation I observed involved a staff member accessing a patients electronic health record without being directly involved in that patients care. The access was driven by curiosity rather than clinical necessity. Although no information was publicly shared, the act itself was a violation of HIPAA and organizational policy. This type of issue is not isolated. Reports continue to show that employees are terminated for inappropriate EHR access, even when they claim there was no malicious intent (Semel & Semel, 2023). Additionally, when HIPAA violations cross certain thresholds, they can become criminal offenses, not just workplace discipline issues (Semel, 2022). As nurses, we sometimes underestimate how serious just looking can be. But legally and ethically, accessing a chart without a legitimate care-related reason breaches patient trust and federal law. Some consequences of improper EHR access are: Employment termination Loss of nursing license Civil penalties or criminal charges Organizational fines and reputational damage Healthcare data breaches are rising at alarming rates. In 2023 alone, some of the largest healthcare data breaches exposed millions of patient records (McKeon, 2023). Cyberattacks on healthcare systems are also increasing, disrupting care and putting patient safety at risk (Yousry, 2023). I think about how trust in the healthcare system is already fragile in many minority communities. When privacy is violated, it reinforces fear and hesitation about seeking care. Ethical lapses in technology use do not just break rules, they break relationships. To prevent inappropriate EHR access and other legal/ethical technology violations, I would implement a multi-layered strategy: Mandatory Annual HIPAA and Cybersecurity Education Education should go beyond basic HIPAA modules. Training must include real-world case studies demonstrating how minor violations lead to termination or prosecution. Research shows that increasing awareness of cyber threats and internal vulnerabilities strengthens compliance behaviors (McKeon, 2023). Strict Audit Trails and Transparent Monitoring Organizations should routinely audit chart access logs and communicate that monitoring is active and ongoing. When staff know audits are consistent and not random, they are more likely to follow proper protocol (Semel & Semel, 2023). Reinforce Minimum Necessary Standard Staff education should repeatedly emphasize HIPAAs minimum necessary rule only access what you need to do your job. According to Semel (2022), failure to follow this standard has resulted in criminal investigations. Social Media and Digital Professionalism Policies Given the rise in nurses being disciplined for social media misuse, clear policies must outline boundaries. Even posts without patient names can lead to termination if identifiable details are shared (ABC News, 2014; Nurse.org, n.d.). Annual acknowledgment of social media policies should be required. Organizations must foster psychological safety so employees feel comfortable reporting suspicious links, phishing attempts, or accidental access errors. Cyberattacks are increasing, and quick reporting reduces damage (Yousry, 2023). Punitive cultures discourage transparency. Personal Reflection Technology is powerful, but it is also a responsibility. As a 39-year-old Black woman in nursing, I take patient confidentiality seriously because I understand what it means for communities to feel watched, judged, or exposed. Protecting patient information is not just about compliance it is about dignity. Healthcare organizations must treat data security and ethical technology use as patient safety priorities. When we combine education, accountability, monitoring, and supportive reporting systems, we protect not only our licenses, but also the people who trust us with their most personal information. References ABC News. (2014, July 8). Nurse firing highlights hazards of social media in hospitals. Links to an external site. McKeon, J. (2023, June 29). Biggest healthcare data breaches reported this year, so far. HealthITSecurity. Links to an external site. Nurse.org. (n.d.). Emory Healthcare OB nurses fired after mocking patients on viral TikTok. Links to an external site. Semel, M. (2022). When HIPAA becomes criminal. Healthcare IT Today. Links to an external site. Semel, M., & Semel, M. (2023). Employee fired for inappropriately accessing EHR records. Healthcare IT Today. Links to an external site. Yousry, F. (2023, May 8). Cyberattacks on health care are increasing: Inside one hospitals fight to recover. NPR. Links to an external site.