Privacy and Confidentiality Concerns with the Electronic Patient Journey Board: Implications for Healthcare Stakeholders

Introduction

In contemporary healthcare settings, the integration of digital tools such as the Electronic Patient Journey Board (EPJB) aims to enhance efficiency by providing clinicians with quick access to patient information. However, as highlighted in the given scenario, the placement of the EPJB at the back of the nurses’ station has raised significant privacy and confidentiality issues among nurses, surgeons, physiotherapists, patients, and directors. This essay, approached from a psychological perspective, explores these concerns by examining the type of information displayed, the relevance of complaints, the importance of privacy in healthcare, relevant Australian legislation, and potential policies. It evaluates social, moral, legal, and ethical considerations, while considering societal, cultural, economic, and financial impacts. Drawing on psychological theories of trust and stress, the discussion will identify key issues, relate them to the Privacy Act 1988 and Australian Privacy Principles (APPs), and provide recommendations for relocating the EPJB. The analysis aims to balance operational benefits with patient rights, ultimately proposing evidence-based solutions to mitigate risks.

Issues Raised Regarding Privacy and Confidentiality of the EPJB

The EPJB displays a range of patient data, including bed number, first and last name, date of birth, diagnosis, admitting doctor, date admitted, expected discharge date, outstanding referrals (e.g., to physiotherapists, occupational therapists, social workers, or mental health professionals), and personal clinical information relevant to the current hospital stay. This information is not merely general but highly identifiable and personal, as it includes sensitive details like diagnoses and mental health referrals, which could reveal intimate aspects of a patient’s health (Office of the Australian Information Commissioner, 2019). From a psychological viewpoint, such exposure can erode trust, a fundamental element in therapeutic relationships, as patients may experience heightened anxiety or vulnerability knowing their details are visible (Hall et al., 2010).

Complaints in the scenario underscore these issues. Nurse A appreciates the convenience but questions visibility to other patients, highlighting a risk of unintended disclosure. The surgeon notes the board’s location at the back of the nurses’ station, implying it might still be accessible to unauthorised viewers. Patient A reports seeing a neighbour’s information, which could lead to stigma or social repercussions, particularly in close-knit communities. Physio A and the Director express broader concerns about privacy breaches, with the Director demanding relocation. These raise societal impacts, such as reduced public confidence in healthcare systems, potentially deterring individuals from seeking care due to fear of exposure (Parsons et al., 2015). Culturally, in diverse Australian populations, including Indigenous communities, privacy violations might exacerbate historical mistrust of institutions, leading to health disparities (Australian Institute of Health and Welfare, 2020).

Economically, breaches could result in legal penalties under privacy laws, increasing costs for hospitals through fines or litigation. Financially, reputational damage might reduce funding or patient intake, while from a psychological angle, staff stress from handling complaints could lead to burnout, affecting productivity (Maslach and Leiter, 2016). However, the board’s benefits, like streamlined care coordination, must be weighed against these risks, demonstrating a tension between efficiency and ethical obligations.

Importance of Privacy and Confidentiality in Healthcare

Privacy and confidentiality are cornerstone principles in healthcare, protecting patients from harm and fostering trust. For patients, privacy safeguards personal dignity and autonomy, preventing psychological distress such as embarrassment or discrimination arising from leaked information (Beauchamp and Childress, 2019). Psychologically, breaches can induce stress responses, contributing to conditions like anxiety disorders, especially if sensitive data like mental health referrals are exposed (American Psychological Association, 2017). Clinicians, conversely, rely on confidentiality to maintain professional integrity, but they face dilemmas when balancing information sharing for care versus protection, potentially leading to moral distress (Jameton, 1984).

These issues differ between stakeholders: patients prioritise personal security, while clinicians focus on operational needs. In the EPJB scenario, patients like Patient A experience direct invasion, which could undermine therapeutic alliances, a key psychological factor in recovery (Horvath and Luborsky, 1993). Societally, widespread breaches might normalise privacy erosion, culturally insensitive in multicultural contexts where health stigma varies (e.g., mental health taboos in some Asian communities in Australia) (Minas et al., 2013). Economically, non-compliance could strain healthcare budgets through compensatory measures, while financially, it impacts individual livelihoods if stigma affects employment.

Relevant Frameworks and Legislation for Privacy and Confidentiality

Australian healthcare organisations must adhere to the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs), which govern the handling of personal information. APP 1 requires open and transparent management of personal data, ensuring entities like hospitals outline how information is used (Office of the Australian Information Commissioner, 2019). APP 3 limits collection to necessary, lawful purposes, relevant to the EPJB’s display of identifiable data only for clinical progress tracking. APP 6 prohibits use or disclosure for secondary purposes without consent, directly implicated in complaints about visibility to unauthorised persons.

APP 11 mandates reasonable steps to protect information from misuse, loss, or unauthorised access, which the current EPJB location may violate if accessible to non-clinicians. From a psychological perspective, non-compliance could heighten patient paranoia or distrust, aligning with cognitive theories of perceived control (Rotter, 1966). Additionally, the Health Records Act 2001 (Vic) or equivalent state laws reinforce these, emphasising confidentiality in health settings. Breaches can lead to complaints to the Office of the Australian Information Commissioner (OAIC), with penalties up to AUD 2.5 million for serious interferences (Privacy Act 1988, s 13G).

These frameworks address social and ethical considerations by promoting equity, but limitations exist; for instance, they may not fully account for digital vulnerabilities in rapidly evolving technologies like the EPJB (Kerr et al., 2021). Critically, while comprehensive, enforcement relies on awareness, and cultural nuances (e.g., Indigenous data sovereignty) are sometimes overlooked, potentially perpetuating inequalities (Kukutai and Taylor, 2016).

Organisational Policies to Support Privacy and Confidentiality

Healthcare organisations can implement policies aligned with the Privacy Act to bolster patient rights. For example, mandatory privacy impact assessments (PIAs) before deploying tools like the EPJB ensure risks are identified early (Office of the Australian Information Commissioner, 2021). Access controls, such as role-based permissions and staff training on confidentiality, can mitigate unauthorised viewing, reducing psychological stress for patients (Denecke et al., 2015).

Policies might include patient consent protocols for data display and regular audits to comply with APP 11. From a psychological standpoint, transparent communication about data handling can enhance perceived control, alleviating anxiety (Thompson, 1981). Economically, investing in secure digital alternatives, though initially costly, prevents financial losses from breaches. Culturally sensitive policies, like those incorporating Indigenous perspectives, foster inclusivity (Australian Government Department of Health, 2022). However, challenges arise in enforcement, as staff turnover or resource constraints may limit effectiveness, requiring ongoing evaluation.

Recommendations for EPJB Location

Based on the Privacy Act and APPs, relocating the EPJB to a secure, staff-only area, such as an enclosed clinical room or behind privacy screens with restricted access, is recommended. This addresses APP 11 by minimising unauthorised exposure, while considering stakeholder concerns: nurses retain quick access, patients gain privacy assurance, and clinicians avoid ethical dilemmas. Alternatives like digital dashboards on password-protected devices were evaluated, but a physical board in a controlled space balances cost and usability, justified by evidence showing reduced breach incidents in secured environments (Whetton, 2005).

This recommendation accounts for societal benefits by rebuilding trust, culturally by respecting diverse privacy norms, and economically by avoiding penalties. Psychologically, it supports patient well-being by reducing exposure-related stress. Evidence from similar implementations, like in UK hospitals using secure boards, indicates improved satisfaction without compromising efficiency (NHS Digital, 2018). However, monitoring and staff training are essential to ensure compliance.

Conclusion

This essay has examined the privacy and confidentiality issues surrounding the EPJB, identifying key concerns from the scenario and linking them to psychological impacts on trust and stress. By referencing the Privacy Act 1988 and APPs, it highlighted legal obligations and proposed policies for protection. Recommendations focus on secure relocation to mitigate risks while preserving benefits. Ultimately, addressing these issues enhances patient-centred care, with implications for broader healthcare policy to integrate digital tools ethically. Failure to act could exacerbate disparities, underscoring the need for proactive governance in evolving health technologies.

References

• American Psychological Association. (2017) Stress in America: The state of our nation. APA.
• Australian Government Department of Health. (2022) National Aboriginal and Torres Strait Islander health plan 2021-2031. Commonwealth of Australia.
• Australian Institute of Health and Welfare. (2020) Cultural safety in health care for Indigenous Australians: Monitoring framework. AIHW.
• Beauchamp, T. L., and Childress, J. F. (2019) Principles of biomedical ethics. 8th edn. Oxford University Press.
• Denecke, K., et al. (2015) ‘How to exploit Twitter for public health monitoring?’, Methods of Information in Medicine, 54(4), pp. 326-339.
• Hall, M. A., et al. (2010) ‘Trust in physicians and medical institutions: What is it, can it be measured, and does it matter?’, Milbank Quarterly, 88(4), pp. 497-525.
• Horvath, A. O., and Luborsky, L. (1993) ‘The role of the therapeutic alliance in psychotherapy’, Journal of Consulting and Clinical Psychology, 61(4), pp. 561-573.
• Jameton, A. (1984) Nursing practice: The ethical issues. Prentice-Hall.
• Kerr, L., et al. (2021) ‘Digital health and patient privacy: Challenges and opportunities’, Journal of Medical Internet Research, 23(1), e25423.
• Kukutai, T., and Taylor, J. (eds.) (2016) Indigenous data sovereignty: Toward an agenda. ANU Press.
• Maslach, C., and Leiter, M. P. (2016) ‘Understanding the burnout experience: Recent research and its implications for psychiatry’, World Psychiatry, 15(2), pp. 103-111.
• Minas, H., et al. (2013) ‘Mental health research and evaluation in multicultural Australia: Developing a culture of inclusion’, International Journal of Mental Health Systems, 7(1), 23.
• NHS Digital. (2018) Digital health service framework. NHS.
• Office of the Australian Information Commissioner. (2019) Australian Privacy Principles guidelines. OAIC.
• Office of the Australian Information Commissioner. (2021) Guide to undertaking privacy impact assessments. OAIC.
• Parsons, A., et al. (2015) ‘Americans’ perceptions of privacy and surveillance’, Pew Research Center.
• Rotter, J. B. (1966) ‘Generalized expectancies for internal versus external control of reinforcement’, Psychological Monographs: General and Applied, 80(1), pp. 1-28.
• Thompson, S. C. (1981) ‘Will it hurt less if I can control it? A complex answer to a simple question’, Psychological Bulletin, 90(1), pp. 89-101.
• Whetton, S. (2005) Health informatics: A socio-technical perspective. Oxford University Press.

(Word count: 1,682 including references)