Professional Documents
Culture Documents
644
date of birth, medical record number, medical them require patients to provide birth date
information, insurance information, etc. Almost all of information.
Table 1 Review of the HONcode accredited websites for compliance with basic principles of
security and privacy
Criteria
Online Appointment Site 1 2 3 4 5
645
6 of them require Social Security Number along with Including a privacy notice or statement of privacy
birthday. The secure sites require more confidential policy on a site is very important. Even though a site
data than non-secure sites. adopts security procedures and displays a privacy
policy, users might still not trust it or may be misled
4.4. Does it include a privacy notice or unless there is a brief and understandable statement
statement of privacy policy? of security and privacy displayed on the site. In our
study, we regarded the websites that have “https”
12 of 30 websites do not display a privacy notice or within their URLs as secure sites since information
statement of privacy policy, or a link to such a exchanged with any address beginning with https is
statement, on the web appointment request page. encrypted using Secure Sockets Layer (SSL) before
transmission. However, very few lay users realize
4.5. What is the reading level of the privacy the difference between “http” and “https”. It is thus
necessary to show that the website is secure by either
notice or statement of privacy policy?
displaying a secured seal or a brief statement. This is
especially important for the users with lower
Among 18 websites that have a privacy notice or
educational background, particularly when the site
statement of privacy policy on their appointment
requires users to submit confidential data such as
page, 13 of them have a medium or college reading
SSN, date of birth, medical record number, medical
level, 4 of them have a high reading level, and only
information, or insurance information.
one has a low reading level.
5. Discussion 6. Conclusion
There is an obvious need for secure websites to Security, privacy, and confidentiality are major
ensure visitors' privacy and prevent personal health concerns in e-Health services. HIPAA regulations, e-
information. A considerable challenge arises from Health Code of Ethics, HON principles, and other
trying to balance the desire to make information guidelines do not ensure that privacy protection and
freely available to users of the Internet, while at the data security are done appropriately or well. There is
same time protecting people's privacy and a gap between ideal and reality. More attention to the
confidentiality. [11] spirit of existing measures and procedures is needed
to safeguard patients’ privacy rights.
People who use the Internet for health-related reasons
have the right to expect that personal data they To deal with the challenges to manage and ensure
provide will be kept confidential and also have the individual privacy, the following steps should be
right to be informed that personal data may be taken to maintain the e-Health site visitor's rights to
gathered, and to choose whether they will allow their privacy and the confidentiality of personal
personal data to be collected and whether they will information:
allow it to be used or shared.
6.1. Ensure personal data security with user ID and
However, Non-medical professionals involved in password or using SSL Certificate Encryption and
providing online medical services may be unaware of display the Secured Seal to let the user know that his
the unique standards they must adhere to when or her transactions are secure.
dealing with online healthcare consumers and may
need to be educated about the obligation not to 6.2. Provide a statement or a link to the privacy
exploit patients or clients and to respect issues of policy of the e-Health site on the home page or the
privacy and confidentiality. [12] Few healthcare site navigational bar that is easily accessible and
consumers have any idea what is done with their understandable to the user.
personal data and health information on the Internet.
Even though a health website claims it respects 6.3. Do not collect name, birthday, phone number, e-
patients’ privacy and takes steps to protect patients’ mail address, or any other personal information
personal data, a patients’ data may not be safe during unless voluntarily provided by the visitor after the
the transaction process. The study of HONcode visitor is informed about the potential use of such
accredited medical and health websites reveals the information.
gap between ideal and reality. In our sample, one
third of the HONcode accredited sites that provide 6.4. Do not collect SSN, personal medical
online appointment services are not secure. information (medical conditions, health-seeking
646
behaviors and questions, and use of or requests for [updated 2007 Jan 22; cited 2008 Jan 21]. Available from:
information about drugs, therapies, or medical http://www.hon.ch/HONcode
devices) and other sensitive personal information
without the express consent of the site visitor, and [6] The Health On the Net Foundation. HON statistics
information. [updated 2006 Sep 6; cited 2008 Jan 21].
only after explanation of the potential uses of such
Available from http://www.hon.ch/Global/stat.html.
information.
[7] The Health On the Net Foundation. Operational
7. References definition for principle 3 - Confidentiality. [updated 2007
Oct 8; cited 2008 Jan 21]. Available from
[1] J. Marconi, “E-Health: Navigating the Internet for http://www.hon.ch/HONcode/Guidelines/hc_p3.html.
Health Information Healthcare”, Advocacy White Paper.
Healthcare Information and Management Systems Society, [8] The Health On the Net Foundation. HONcode Hunt.
May, 2002, as cited in Broderick M, Smaltz DH. E-Health [cited 2008 Jan 21]. Available from
Defined. E-Health Special Interest Group, Healthcare http://www.hon.ch/HONcode/Hunt/.
Information and Management Systems Society, 2003 May
5. [updated 2003 May 5; cited 2008 Jan 21]. Available [9] Https. Wikimedia Foundation; c2006 [updated 2008 Jan
from 17; cited 2008 Jan 21]. Available from:
http://www.himss.org/content/files/ehealth_whitepaper.pdf http://en.wikipedia.org/wiki/Https.
[2] K.A. Dyer, “Ethical Challenges of Medicine and Health [10] SMOG (Simple Measure of Gobbledygook). Words
on the Internet: A Review”, Journal of Medical Internet Count; c2006 [cited 2008 Jan 21]. SMOG Calculator.
Research. Centre for Global eHealth Innovation, Toronto, Available from: http://www.wordscount.info/hw/smog.jsp.
2001: 3(2). e23
[11] M.A. Winker, A. Flanagin, B. Chi-lum, J. White, K.
[3] H. Rippen, A. Risk. “eHealth Code of Ethics”, Journal Andrews, Kennett RL, et al., “Guidelines for medical and
of Medical Internet Research. Centre for Global eHealth health information sites on the internet: principles
Innovation, Toronto, 2000:2(2). e9 governing AMA websites”, Journal of American Medical
Association, American Medical Association, Chicago,
[4] Public Health Data Standards Consortium [homepage 2000:283(12), pp. 1600-1606.
on the Internet]. The Consortium; c2006 [updated 2006 Oct
11; cited 2008 Jan 21]. Summary of the HIPAA Privacy [12] K.W. Goodman, R.A. Miller. Ethics and Health
Rule. Available from: Informatics: Users, Standards, and Outcomes. In: Shortliffe
http://www.hhs.gov/ocr/privacysummary.pdf EH, Perreault LE, editors. Medical Informatics: Computer
Applications in Health Care and Biomedicine. Springer-
[5] The Health On the Net Foundation. HON Code of Verlag, New York, 2000:Chap. 7.
Conduct (HONcode) for medical and health Web sites
647