The Latin phrase “primum non nocere” is a fundamental principle for physicians. It serves as a reminder that the patient’s well-being is the primary consideration in a doctor- patient relationship, regardless of any proposed intervention or procedure. Originally the term was coined to remind physicians to consider the potential harm of treatment therapies compared with taking no action. With today’s heightened focus on privacy, security, and safety, the concept of primum non nocere takes on expanded meaning.
For medical professionals, safety is almost always the number one concern when treating patients: a physician will avoid prescribing a “cure” that has a high likelihood of harming his or her patient. Exceptions are warranted when the patient (and usually the family) is well informed of the risks of “investigational” or unorthodox treatments with the goal of palliation or remission without a likely cure. “End of life” scenarios also encompass this approach.
Patient privacy as enshrined in the 2,500-year-old Oath of Hippocrates, is also a high priority for physicians, which is why providers take proactive measures to ensure the security of patient medical records.
Sometimes privacy, confidentiality, security, and safety concerns collide. If a physician or an organization fails to have adequate security for its electronic health records (EHRs), patient privacy can be easily violated. If too much security is in place, the right people – including the patient, a physician, or family members – can’t access records when they need it.
Protecting privacy while enhancing patient safety
Numerous state and federal regulations exist to protect the privacy of patient record, most notably the HIPAA Privacy rule and its revisions. If a patient is diagnosed with substance use disorder (SUD), privacy laws usually allow the patient to withhold this information from employers, potential employers, or even family members. In some states, however, privacy concerns are at odds with programs designed to keep patients safe.
All but one state currently has a prescription drug monitoring program (PDMP) that is either live or in the process of being implemented. PDMPs help keep physicians well-informed about their patients’ controlled substance prescribing histories based on the collection and analysis of data from prescribers and pharmacists. Each state has its own PDMP laws, and while only a handful require physicians to consult PDMPs prior to prescribing controlled substances, that number is growing.
PDMPs are designed to keep data around what used to be officially termed “Dangerous Drugs” – with considerable abuse and addiction potential – very restricted to only selected individuals. These individuals are usually certain law enforcement officers and treating providers, depending on the particular state regulations. These restrictions help with confidentiality and attempt to aid patient safety by protecting individuals from predatory and unethical practices. In addition, when prescribers have access to PDMP information at the point of prescribing, they are better equipped to assess risk and have meaningful, serious conversations with patients about their controlled substance histories. This is particularly critical with Opioids where accidental overdose deaths are skyrocketing over the past decade. In this way, PDMPs help prescribers – and law enforcement officials – identify individuals who may be “doctor-shopping” as well as physicians who might be “overprescribing” controlled substances.
Despite the benefits of PDMPs, some physicians and patients are concerned about the privacy risks. PDMPs store details about controlled substance prescriptions in statewide databases that could be breached if not adequately secured. Patients who fear having their prescription drug history made public may avoid seeking needed care, or, resort to illicit – and far less safe – alternatives, such as street based fentanyl or heroin.
Many states hesitate when asked to share PDMP information with other states, citing privacy concerns, which can have a negative impact on patient safety and also add to the stigma surrounding both addiction and its treatment. Unfortunately, many people that would benefit from properly authorized prescribers having access to their medication history can easily circumvent these programs by crossing state lines.
Balancing privacy and security risks
Of course, any time clinical data is electronically stored or shared, the risk of unauthorized access increases. Physicians must weigh the privacy and security risks of EHRs, including electronic prescribing of medications and clinical record sharing. Patient safety and outcomes are enhanced when all properly authorized caregivers have access to a patient’s medical records. This is particularly critical when treating patients with known and documented histories of chronic high-dose opioids and/or addiction. E-prescribing of controlled substances (EPCS) further enhances safety when used with clinical decision support tools to alert prescribers and pharmacists of possible adverse drug-drug and other interactions or duplicate therapies. When combined with PDMP data in the same prescribing workflow it enhances provider productivity and makes direct, face to face discussions with patients around medication safety more likely.
Keeping patients free from harm must always be the top priority for physicians. Recent technologies are now available to help medical professionals hold to this ancient promise. However, as we continue to design and implement solutions to boost safety, the patient’s right for privacy must also remain a priority. Safety, privacy confidentiality and security act in balance with each other and changes to one impacts another. To advance adoption of safety-enhancing technologies, physicians and their patients need assurances from health systems, vendors, and the government that confidential clinical information is secure, inaccessible to unauthorized users and enforced with appropriate penalties for those who violate that trust.