Healthcare consumer” is an evolving term that reflects the increasing levels of involvement patients have in their own care. Think of a patient as someone who is currently receiving care. A healthcare consumer can be a current patient. But the term also includes the rest of the population, who are all potential patients who must evaluate the choices they have in using the healthcare delivery system. At three or four stations along the treasure hunt clues are accompanied by sweets and treats.
A patient can have an inpatient or an outpatient status. An inpatient is administratively admitted to the healthcare organization for 24 hours or more. In these cases, a bed is traditionally the unit of measure for occupancy rates. For periods of less than 24 hours, the patient is considered in outpatient status. Outpatient status is also known as ambulatory. In some cases, a patient may be admitted in an observation status, which can last up to 48 hours without formal admission as an inpatient. Many patients enter the healthcare system through the emergency department. Typically, the admission status of these patients is determined once they are stabilized. For example, a patient who visits an emergency room is considered an outpatient status if the patient is released within 24 hours.
Outpatient care is provided in numerous types of healthcare settings, including hospitals, medical clinics, associated facilities, and even their own home environments. Increasingly, many surgical and treatment procedures are safe and possible outside of the traditional hospital setting. Advances in technology have reduced the need for inpatient admissions. This evolution has fostered changes in where care can be provided. Today you can find urgent care centers in shopping centers, and patients can undergo some surgical procedures outside a hospital facility. This evolution has been fostered by changes in favorable regulatory guidance and reimbursement rules.
The patient can also be viewed through the lens of the data that constitutes a healthcare facility’s identity. This is important, because protecting a patient’s identifiable information is significantly different from information protection and other security and privacy concerns applicable and important in other industries. For example, a patient can be identified by his or her name, date of birth, Social Security number, or home address. These identifiers are similar across other data collection activities of personally identifiable information (PII). However, patients can also have unique information referencing genetic code, billing codes, treatment codes, and images, to name just a few data elements. If PII is disclosed in an unauthorized manner or to an unauthorized viewer, the disclosure violates patient privacy and can also be used to fraudulently receive medical services or alter a medical record. Such disclosure can be a problem in terms of identity theft, financial impact to a patient and a provider organization, and patient safety.
Compounding the issue is that, unlike PII, most protected health information (PHI) is difficult to change (if not impossible) if it has been corrupted or misused in some way. For example, a bank account or even a Social Security number can be replaced, although the unauthorized disclosure of this information is a problem. The disclosure of a patient’s medical history, however, is far more difficult to remedy. If the information is spoofed by someone in order to fraudulently receive healthcare services, the actual patient will have difficulty fixing the problem. In some cases, the imposter receives care, and that care is integrated into the victim’s medical record. The addition of this information could result in patient safety and care issues (such as blood type mismatches, drug interactions, and so on). If certain diagnoses such as mental health issues or highly sensitive diseases are disclosed, that element of privacy and confidentiality cannot be regained or remedied.