Live Chat Now
Give us a call

Send us a text



Ethical Issues in Healthcare

By DeVry University

February 5, 2024

6 min read

Healthcare-focused organizations, from hospitals and recovery facilities to physicians’ offices and insurance plans have an obligation to protect the safety and privacy of their patients. This involves complying with the provisions of HIPAA, the Health Information Portability and Accountability Act. While HIPAA plays a major role, ethical issues in healthcare go beyond safety and privacy, having implications in the access to, and affordability of, quality healthcare in a system with a lot of moving parts.


This discussion will touch on several aspects of ethics in healthcare, including the importance of effective leadership in the institutions that represent milestones along the patient’s journey.

What Are Some Ethical Issues in Healthcare?

Among the primary ethical issues in healthcare, patient confidentiality may come to mind first, but there are several areas where healthcare practitioners and administrators face ethical dilemmas in today’s constantly evolving medical world.

In a recent survey by the medical online community Sermo, physicians named the following as some of the most common ethical concerns:

  • Balancing quality of care and efficiency (21%)

  • Allocating limited medications or support tools (17%)

  • Addressing end-of-life issues (17%)

  • Addressing access to care (15%)

  • Doctor-patient confidentiality (15%)

  • Allocating limited donor organs (13%)

Three of the key ethical issues in healthcare reflect the complexities and challenges of our modern healthcare delivery system, according to Sermo:

  • Do-Not-Resuscitate (DNR) orders:

    The DNR instructs healthcare providers who are trained to save patients’ lives not to perform CPR if the patient’s heart stops or they stop breathing. With 17% of survey respondents naming end-of-life issues as a top ethical issue, there’s little doubt why the DNR and its instructions represent one of the major ethical dilemmas in healthcare.

  • Patient privacy and confidentiality: 

    Identified as one of the biggest legal and ethical issues in healthcare, this concern underscores the importance of a health provider or plan’s obligation to maintain patient privacy as a covered entity under HIPAA’s rules. HIPAA imposes stiff penalties on covered entities who fail to uphold this obligation. Gray areas, however, do persist in situations where withholding aspects of a patient’s medical condition might do more harm than good.

  • Healthcare accessibility:

    In spite of the gains made since the passing of the Affordable Care Act, 9.6% of Americans remain uninsured, limiting their access to emergency and preventative care. The uninsured rate is particularly higher among Black and Hispanic populations, and residents of states that have not expanded Medicaid coverage.

The Importance of Patient Confidentiality in Healthcare Ethics

Patient confidentiality is a cornerstone of the modern relationship between patients, their healthcare providers and industry players. These include insurance companies, pharmacies and various third-party administrators who may not be directly involved in patient care but do have access to patients’ protected health information (PHI).

Penalties for noncompliance with HIPAA notwithstanding, the ethical implications of disclosure of a patient’s PHI are clear. Healthcare practitioners and administrators have an obligation to keep patients’ private information confidential, away from those who would exploit such information for commercial purposes, perpetrate medical identity theft or do harm to a patient, their family, business or career.

If you’ve been to a medical appointment and been asked to fill out paperwork relative to the privacy and confidentiality of your PHI, you’ve experienced the impact of HIPAA’s Privacy Rule. As practitioners comply with the rule, it goes a long way toward building trust between the patient and healthcare provider.

HIPAA’s Role in Ethics in Healthcare

HIPAA was originally introduced as a means of protecting health insurance coverage for employees that lost their jobs or changed jobs. Today’s HIPAA also includes standards for the transmission and protection of PHI by providers and health organizations.

HIPAA plays a major role in regulating the privacy and security of sensitive health information and mandates the steps to be taken when that security is breached. This aspect of HIPAA’s protections has become more significant, with the increased adoption of electronic medical records, which certainly aids in the portability of information, but also represents a potential threat to its security.

HIPAA rules ensure that PHI is only accessed by parties with the proper authorization to do so, and that patients have access to copies of their personal records upon request. The rules also ensure that covered entities (physicians, pharmacies, health plans and others who collect, process or store medical information) safeguard PHI through various physical, administrative and technical measures, and promptly report any breach of the security of this data.

Here's a breakdown of HIPAA’s 3 rules:

  • The Privacy Rule:

    HIPAA’s Privacy Rule outlines standards to protect all individually identifiable health information handled by covered entities or their business associates. This rule is crucial for the protection of consumer data, or PHI, which includes medical history such as procedures, diagnoses and prescriptions, but extends to credit card information and social security numbers as well. The rule requires standard safeguards for information, sets boundaries around the use and release of health records and gives patients more control over their information.

  • The Security Rule:

    HIPAA’s Security Rule establishes standards for protecting electronic PHI that a covered entity may create, use, receive or maintain. While the privacy rule governs the privacy and confidentiality of PHI, the security rule provides standards to secure electronic data. In compliance with the Security Rule, covered entities must ensure the confidentiality, integrity and availability of ePHI they receive, maintain, create or transmit. This is done through various physical, technical and administrative safeguards. They must also identify and protect against threats to the security or integrity of the information, reasonably protect it against impermissible uses or disclosures and ensure compliance by their workforces.

  • The Breach Notification Rule:

    A breach is identified as any impermissible use or disclosure of PHI under the Privacy and Security Rules. In the event of a breach, an organization is required to conduct a risk assessment to determine the breach’s scope and impact, and make certain notifications to the affected populations, depending on how many individuals the breach has affected. Notifications under this rule comprise individual notifications to all those impacted, a notification to the media if the breach affects more than 500 residents of a state or jurisdiction and, in all cases, a notification to the Secretary of Health & Human Services.

Where Ethical Issues in Healthcare Intersect with Cyber Security

The mandates of HIPAA’s Security Rule lay out the ways in which electronic PHI should be safeguarded by all covered entities. The healthcare industry’s adoption of electronic medical records, also called electronic health records, has stimulated the need for robust safeguards to ensure that covered entities maintain compliance with this rule.

The Security Rule’s requirements include physical, technical and administrative measures to safeguard electronic PHI. The rule’s requirements for technical safeguards intersect with a covered entity’s cyber security policies and practices. Due to the rapid pace of advancement in cyber security-related technologies, HIPAA does not specify what applications or technologies must be deployed to comply with this aspect of the security rule. The regulations simply spell out the safeguards that a covered entity must put in place:

  • Access control:

    Ensure that only individuals with the appropriate permissions have access to the electronic PHI stored in a system.

  • Audit controls:

    A system must be implemented to monitor, record and review all activity.

  • Integrity:

    Ensure that electronic PHI has not been altered or destroyed improperly.

  • Authentication:

    A user’s identity must be confirmed before access is granted to the data system in which electronic PHI is stored.

  • Transmission security:

    Access to electronic PHI must be protected through encryption. 

Based on the rule’s provisions, it’s easy to see where covered entities, including hospitals and healthcare systems, medical practices of all kinds and sizes, insurance providers and others who process PHI need to maintain a robust cyber security infrastructure.


These organizations and their business associates should prioritize cyber security by conducting regular cyber security assessments as part of an overall risk management strategy to gain a clear picture of their vulnerabilities, safeguard against data breaches, avoid disruption to consumer-facing applications and avoid penalties. 

Importance of Effective Leadership in Healthcare Institutions

The healthcare industry is an environment of continuous change. For healthcare systems to deliver quality patient care and continue to serve the changing needs of their communities, it is essential for strong and effective leaders to emerge. Leadership in healthcare goes beyond simply delivering positive patient outcomes. The healthcare leaders of tomorrow will need to demonstrate key leadership traits that are essential in the management and policymaking that contributes to the health and sustainability of their organizations. Here are some reasons why strong leadership in healthcare is critical:

  • Anticipate future trends:

    To prepare their organizations for what’s to come, healthcare leaders need to stay current on industry trends, examine data and seek feedback from patients and staff. Adapting quickly to change, the effective healthcare leader is proactive in preparing for advancements as well as challenges and manages resources effectively while navigating unexpected obstacles.

  • Manage stakeholders:

    As an effective healthcare leader, you will be expected to navigate a lacework of relationships with stakeholders such as patients, doctors and other clinicians, families, insurance companies and even government agencies. The ability to listen actively and maintain an openness to new perspectives while practicing empathy and emotional intelligence in your decision-making are all must-have skills here.

  • Create positivity:

    Strong leaders create a positive workplace culture in which every person feels they are part of a team and their work is valued. Good leaders in this area put programs in place that inspire and motivate their teams and create an open and collaborative atmosphere.

  • Make difficult decisions:

    Especially when responding to natural disasters or medical crises, it is crucial for healthcare systems to have effective leaders in place. As a healthcare leader, you may be called upon to establish a chain of command and protocols for emergency situations and make quick decisions that affect the health and well-being of those in your facility and the community it serves.

Prepare to Pursue Your Healthcare Leadership Career here at DeVry and Keller

Develop leadership skills that today’s healthcare organizations need by earning an MBA with a Specialization in Health Services here at our Keller Graduate School of Management. This MBA specialization program dives into the high-level administrative and policymaking issues facing the healthcare industry today, and can help you gain practice examining the legal, practical and ethical issues affecting how healthcare is provided. 

8-Week Class Sessions

Classes Start Every 8 Weeks

Filter Blog Post Category

Related Posts