P. 1
The Regulation of Privacy and Data Protection in the Use of Electronic Health Information

The Regulation of Privacy and Data Protection in the Use of Electronic Health Information

|Views: 116|Likes:
Published by rodrigur8036

More info:

Categories:Types, Reviews, Book
Published by: rodrigur8036 on Dec 03, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/06/2013

pdf

text

Implementation of reliable, secure, and private computer-based
records is not an easy task. By their very nature there is an inherent high
security and privacy risk in healthcare organizations due to the nature of
distributed environments and large number of professionals and clerical
staff with a variety of need to know privileges and authority.
Interdisciplinary activities, multiprofessional care, remote storage and
access to clinical and administrative health record data, and right to use
by clerical staff (payers, controllers, insurers) require unencumbered
access to identifiable individual patient data.

Health data transmitted over national and international networks
offer unprecedented opportunities for better patient care and community
health interventions by facilitating data exchange among professionals
but pose difficult new challenges to confidentiality. An illegitimate user
could attempt to gain access to a computer system connected to a
network or illegally intercept a transmission. Although systems can be
made more secure by restricting access to sites and encrypting
information, any security solution will have to be a compromise between
the need to protect information and the need to allow access to it.

Legal and Regulatory Issues

28

Health practice, by itself, has specific needs that may create
conflicts in the implementation of reliability, security, and privacy
measures:

Reliability and privacy require security, but the
implementation of many data security solutions may
impair privacy.

Patients may be unable to consent to information
disclosure due to their health condition. This may be
especially critical in acute situations.

In some cases, such as diseases of compulsory
notification, it may be in the interests of public health to
record disease incidence notwithstanding the refusal of
consent by the patient.

Clinically anonymous information is useless to direct
healthcare professionals dealing with a specific patient.

Differently than in other areas (e.g., national security
and defense) where it is more acceptable to lose
information than to risk exposure, in the health sector it
is preferable to expose information, even running the
risk of violating privacy, rather than miss information
that is critical for appropriate healthcare.

In the healthcare sector the responsibility is widely
distributed among different stakeholders.

While it is important to establish a complete audit trial of
medical records, it may also be desirable in some
cases to be able to correct a record leaving no visible
trace of the previous data or related data entry event.

Security is a multidimensional problem that must be
solved for each specific situation, not as a generic
technical add-on.

Legal and Regulatory Issues

29

Although it is acceptable that data in transit should be
encrypted, data in use must be decrypted and may
reside as such in systems with minimal access control
and security.

The implementation of high-level security procedures and
technological solutions in the healthcare environment must be
unobtrusive and should be balanced to the operational requirements of
health professionals – for example, in many clinical circumstances
timely access is essential; whereas cumbersome security and privacy
routines may impair patient care. Most security violations are
unintentional and most damaging violations are internal to the
organization, operator’s error being the most frequent reason. Finally,
health professionals, healthcare organizations, and the society in
general must address the issue of how to balance the need for access,
integrity, and privacy issues of individual rights versus the collective
needs of public and community health.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->