Professional Documents
Culture Documents
ResearchProposal 1
ResearchProposal 1
Course
Name
School
2
Security and Privacy Health Data
Introduction
The research proposal on the security and privacy of health data aims to know the
classified as health data and who are the sources and keepers of health data. It also would like to
know the value of security and privacy of one’s health information from the health care provider
and the patients. How important is it for them is ensuring the security and privacy of health data?
This will also look at the legal background of ensuring the security and privacy of health data.
Who are the governing bodies that ensure the health data are secure and the privacy of
information is being checked? Further, the research would want to know the current practices
implemented to support the security and privacy of the data. Finally, the research would like to
find out what challenges have been experienced concerning the implementation of the related
rules and regulations or laws covering the subject. A conclusion and recommendation for the
There have been several researches conducted on the different aspects of Heath Data. One
such research focused on the value and importance of health information privacy based on the
perspectives of the public, the health care providers and the patients. Health research that utilizes
health information is very important to progress the general health of the community and the
health care is provided. Ethical research needs to preserve the rights of their patients. However, it
is also a well-known fact that the collection of health information in researches will eventually
benefit society when results have been tested. However, privacy should be top-most priority
because the disclosure of someone’s health record could affect his dignity (Institute of Medicine
digital systems that aim to facilitate the recording and filing of patient’s records. Together with
this issue on how digital information security and privacy have been enforced by the users of the
systems still arises. Current literature on techniques in implementing the security of records for
health care providers using systems to store health data is analyzed and compared (Appari &
Johnson).
According to the McGraw-Hill Concise Dictionary of Modern Science (2002), health data
is any type of data that is related to “health conditions, reproductive outcomes, causes of death,
and quality of life” for a certain population. The General Data Protection Regulation (GDPR)
defines health data as a personal information that reveals information about the health status of
To further differentiate health data from other types of data, health data are clinical metrics
health and wellness. These data are usually collected by health workers such as doctors and
nurses and these would consist of records of services that were received in a specific hospital or
health institution, the conditions of those services, and the clinical outcomes that concern the
While a lot of people would think that the primary owners or holders of health data are the
patients themselves, this is not actually the case. Any medical record would belong to the
4
Security and Privacy Health Data
physician as well as the health facility, institution, or hospital, or clinic where it was created.
This is the main reason why original copies of medical records are usually kept by the health
facility. Moreover, health facilities are mandated by the law to safeguard all original medical
records from damage, loss, or unauthorized use since these are considered legal documents.
Aside from physicians and health facilities, there are other institutions that are considered
holders of health data. This includes insurance companies, pharmaceutical companies, and
academic institutions.
Insurance companies would usually hold claims data which would tell them about their
beneficiaries. Claims data would include patient information such as diagnosis and treatments, as
well as billing codes that pharmacies, physicians, hospitals, and other health care providers
would forward to their payers such as insurance companies (Wilson & Block, 2012).
Pharmaceutical companies are also holders of health data since these health data contain
significant information that would help track how their medicines work. According to Hirschler
(2018), these health data would serve as real-world evidence which manufacturers consider to be
The conduct of health researches as well as the protection of health data of individuals are
both important to our society. To improve human health and the health care industry, health
researches needs to be conducted. For health researchers to conduct researches they need to
collect specific health data. On the other hand, patients have the right to protect their personal
health information to avoid prejudice. However, it can’t be denied that individuals benefit for
health researches. Take for example when results of these researches facilitated the access new
5
Security and Privacy Health Data
health technologies and diagnostics or more effective ways of preventing or curing an illness
(Institute of Medicine (US) Committee on Health Research and the Privacy of Health
Information).
If it is that important for ethical researchers to collect health data, then why is health data
privacy important? There are several reasons why it is important to protect the confidentiality,
security and privacy of health data. Different theorist has different views on why there is a need
for privacy. Some says that it is a basic right of a person and as such it is an it forms part of the
human well-being. Respecting the privacy is one characteristic of moral uniqueness of humans
that differentiates them to other living creatures (Harris Interactive, 2005). Personal autonomy,
respect, individuality and dignity and worth as human beings are the major reasons why privacy
What is the public view, health care provider’s point of view and patient’s point of view
about the value of privacy and security of health data? A study conducted by Forrester Research
in 1999 found out that three out of four persons says that the confidentiality and privacy of their
medical records is very important to them. In a more recent research conducted by the same
agency, 67 percent of the respondents say that the Health Insurance Portability and
Accountability Act (HIPAA) Privacy rule is not yet fully implemented and that they are have
concerns regarding the privacy of their medical records (Institute of Medicine (US) Committee
Another research conducted by Harris Interactive in 2007 showed that the respondents
believed that there has been a lot of improvement in the handling of medical records of
individuals in different organizations holding health data. However, the privacy and
confidentiality of their health records remains to be a concern because more that half of their
6
Security and Privacy Health Data
respondents thought that “Patients have lost all control today over how their medical records are
obtained and used by organizations outside the direct patient health care such as life insurers,
Based on these different studies, it seems that the public is concerned that their health records
will be accessed companies or organizations working in the various heath care industries without
them knowing it and utilized the data for their own benefit or even service discrimination.
On the part of the patients themselves, a study conducted in 2018 found out that the
respondents (who are patients) preferred that they be given access to their medical data and
would not want their data to be shared to both health insurance and pharmaceutical companies.
When asked if they want to add lifestyle data to their medical records to supplement what data is
regularly recorded, majority of them does not want to. In addition, the patients wanted to access
and control to their data, but they have limited knowledge to the concern on privacy and
confidentiality of their data (Wetzels, 2018). The last finding that the patients have limited
knowledge to privacy and confidentiality of their health data could be a concern. An enhanced
I. In another study, it shows that there have been limited studies on patient perspectives in
relation to the Privacy Rule. However, surveys conducted also reveals that patients are not
comfortable when their health information is used for health research with the exception when
necessary notice or consent is given. In contradiction, a separate survey conducted reveals that
63% of the respondents says that consents can be forgo when it is for specific health researches
and the researcher can ensure that no personally identifiable information would be released. In
yet another study, 70% of the respondents says that they trust the health researches to keep their
health data confidential and private when used in health researches. (Westin, 2007).
7
Security and Privacy Health Data
To summarize, there have been limited studies to access the effectiveness or the value of the
HIPAA Privacy Rule, although some studies have revealed that privacy and confidentiality of
health data has improved since its implementation. Generally, the patients do not oppose that use
of personal health records in conducting ethical heath researches, however, the researchers
should ensure the privacy and confidentiality of the data they collected. On the other hand, the
patients are not amendable to the idea of giving their health data to insurance and
pharmacological companies. However, the ultimate decision of the patient to provide health data
sometime depends on the patient’s trust to the researcher that the privacy and confidentiality of
Legal Background
There have several laws that tries to regulate privacy and confidentiality of health data.
Although some of the laws offer patient protection, most of them are implemented to ensure that
the health care industry has the information they need rather than making sure that health data of
The main law that governs the privacy of health data is the Privacy Law of the Health
Insurance Portability and Accountability Act (HIPAA) which was implemented staring April 14,
2003. Basically, the privacy law “creates a structure for how personal health information may be
disclosed and establishes the rights individuals have concerning their health information, sets out
security standards for maintaining and transmitting electronic patient information, and requires a
common format and data structure for the electronic exchange of health information” (Electronic
It was updated in 2013 with the introduction of the HITECH Omnibus Rule which extended
the protection and control of protected health information (PHI). It specifically extended the
8
Security and Privacy Health Data
“disclosure requirements and associated liabilities under HIPAA to business associates” (HIM
Body of Knowledge, 2020). It consolidated the state and federal rules and “strengthened the
privacy and security requirements and broadened patient rights to accessing and restricting the
The Health Information Technology for Economic and Clinical Health Act (HITECH)
Omnibus Rule is a defined section of the American Recovery and Reinvestment Act (ARRA)
that is focused mainly on health information communication and technology. Its main content
focused on the strengthening of privacy rules protection. Among the highlights of the Omnibus
Rule are the provision of limitations on the use and disclosure of health information used in
marketing and fund-raising purposes, barring the sale of protected information without consent
of the owner, and the expansion of an individual’s rights to access ones electronic health data
Another law that touches on the privacy and confidentiality of data is the Privacy Act of 1974
which was primarily enacted to provide some sort of control of the information collected from
the people by the government agencies. However, only health care institutions under the federal
The Patriot Act or the Uniting and Strengthening America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism Act is used by the US Government to enhance its
ability to monitor activities that are terrorism related. It does not particularly focused of the
protected health information, however, a demand for PHI data maybe made during investigation
for “additional privacy provisions for records of the identity, diagnosis, prognosis, or treatment
of patients maintained in connection with a federally assisted drug of alcohol abuse program”
(HIM Body of Knowledge, 2020). However, if the rules are less severe that those found the
There are still several “smaller” laws that may not directly affect the privacy and security of
health data but are relevant to, however, with the HIPAA and HITECH, anything that does not
conform with the set rules of these two will not prevail.
References
Appari, Ajit & Johnson, M. (2010). Information Security and Privacy in Healthcare: Current
314. 10.1504/IJIEM.2010.035624.
Electronic Frontier Foundation. (2020). “The Law and Medical Privacy.” Retrieved from
https://www.eff.org/issues/law-and-medical-privacy
10
Security and Privacy Health Data
Institute of Medicine (US) Committee on Health Research and the Privacy of Health
Information: The HIPAA Privacy Rule; Nass SJ, Levit LA, Gostin LO, editors. Beyond
the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research.
Washington (DC): National Academies Press (US); 2009. 2, The Value and Importance
https://www.ncbi.nlm.nih.gov/books/NBK9579/
Hirschler, B. (2018). "Big pharma, big data: why drugmakers want your health records." Reuters.
data-why-drugmakers-want-your-health-records-idUSKCN1GD4MM
April 3, 2007]. http://www.harrisinteractive.com/news/printerfriend/index.asp?
NewsID=849 .
Harris Interactive. Many U.S. adults are satisfied with use of their personal health
2007]. http://www.harrisinteractive.com/harris_poll/index.asp?PID=743 .
HIM Body of Knowledge. (2020). “Laws and Regulations Governing the Disclosure of Health
oid=300245#.XoCVsYgzaUk
11
Security and Privacy Health Data
Tzourakis, Melissa (1996). Richard Y. Wang (ed.). The Healthcare Industry and Data Quality
Wetzels, Mart et. al. (2018). “Patients Perspectives on Health Data Privacy and Management:
http://downloads.hindawi.com/journals/ijta/2018/3838747.pdf
Westin A. How the public views privacy and health research. Institute of Medicine; 2007.
2007]. http://www.iom.edu/Object.File/Master/48/528/%20Westin%20IOM%20Srvy
%20Rept%2011-1107.pdf
Wilson, J. and Block, A. (2012). "The benefit of using both claims data and electronic
https://www.optum.com/content/dam/optum/resources/whitePapers/Benefits-of-using-
both-claims-and-EMR-data-in-HC-analysis-WhitePaper-ACS.pdf