LESSON 4:

Ethics, Privacy, and Security

Objectives:
• explain ethics in health informatics; and
• review the privacy, confidentiality, and
security measures in hospitals
Modernization in
healthcare has led to
the tendency of most
practitioners to rely
on the use of
mechanical aids
throughout the
process of providing
patient treatment.
 Ethical questions in medicine,
nursing, human subject research,
psychology, and other related fields
continue to become more twisted
and complex, but some overarching
issues are common among them.
 Privacy and confidentiality might be
the more popular sources of
debates, but the rest of the field is
surrounded with other ethical issues
of significant concern.
 Informatics raises questions about
various legal and regulatory
requirements
a. A computer program should be
used in clinical practice only
after appropriate evaluation;

b. All uses of informatics tools,

should be preceded by adequate
training and instruction;

c. Users of most clinical systems

should be health professionals
Autonomy
a. allowing individuals to make their own
decisions in response to a particular
societal context
b. the idea that no human person does not
have the authority nor should have power
over another human person.

EHR must maintain respect for patient

autonomy, and this entails certain
restrictions about the access, content, and
ownership of records.
Equality and Justice
- All persons are equal as persons and
have a right to be treated accordingly.

Impossibility
- All rights and duties hold subject to
the condition that it is possible to meet
them under the circumstances that
obtain.

Integrity
- Whoever has an obligation, has a
duty to fulfill that obligation to the
best of her or his ability.
Beneficence and Non-maleficence

“do good and do no harm”

beneficence - use of the stored data

in the EHR system

non-maleficence - data protection.

 Deeply-integrated EHR systems will contain substantial amounts
of raw data, and great potential exists for the conduction of
groundbreaking biomedical and public health research.

Similarly, the available consolidated from clinical data

repositories will be able to allow healthcare professionals to provide
the best possible treatments for their patients, further upholding the
principle of beneficence.
Possible Threats

1. Temporary outages might prevent healthcare professionals from

performing necessary procedures.
2. It could even result to significant patient mortality.
3. Total system failure may cause even greater damage.
Informatics Ethics
Seven principles:
• Privacy
• Openness
• Security
• Access
• Legitimate infringement
• Least intrusive alternatives
• Accountability
1.Principle of Information-Privacy and
Disposition
All persons and group of persons have a
fundamental right to privacy

2.Principle of Openness
The collection, storage, access, use,
communication, manipulation, linkage and
disposition of personal data must be disclosed in
an appropriate and timely fashion to the subject
or subjects of those data.
3.Principle of Security
Data that have been legitimately collected about
persons or groups of persons should be protected by
all reasonable and appropriate measures against
loss degradation, unauthorized destruction, access,
use, manipulation, linkage, modification or
communication.

4.Principle of Access
The subjects of electronic health records have the
right of access to those records and the right to
correct them with respect to its accurateness,
completeness and relevance.
5. Principle of Legitimate Infringement
The fundamental right of privacy and of control over the
collection, storage, access, use, manipulation, linkage,
communication, and disposition of personal data is conditioned
only by the legitimate, appropriate, and relevant data-needs of a
free, responsible, and democratic society, and by the equal and
competing rights of others.

.
6. Principle of the Least Intrusive Alternative
Any infringement of the privacy rights of a person or group of persons, and
of their right of control over data about them, may only occur in the least
intrusive fashion and with a minimum of interference with the rights of the
affected parties.

7. Principle of Accountability
Any infringement of the privacy rights of a person or group of
persons, and of the right to control over data about them, must be
justified to the latter in good time and in an appropriate fashion.
Software Ethics
Relies on use of software to store and process information.
As a result, activities carried out by software developers
might significantly affect end-users.

The software developer has ethical duties and responsibilities to

the following stakeholders:
 Society
 institution and employees
 profession.
 Developers should be mindful of social impacts of software
systems. This includes disclosing any threats or known defects in
software.

Developers should strive to build products that are of high

standard, by thoroughly testing and detailing unresolved issues.
Moreover, managers and leaders should prescribe ethical approaches
in software development. Realistic and effective costs, schedules, and
procedures should be encouraged
Privacy, Confidentiality, and Security

Privacy generally applies to individuals and their aversion to

eavesdropping

Confidentiality is more closely related to unintended

disclosure of information.
There are numerous significant
reasons to protect privacy and
confidentiality:
• Privacy and confidentiality are
widely regarded as rights of all
people which merits respect
without need to be earned, argued,
or defended.
• Protection of privacy and
confidentiality is ultimately
advantageous for both individuals
and society.
Privacy and Confidentiality
protection also benefits public health.

When patients trust you and your

health information technology
enough to disclose their health
information, you will have a more
holistic view of patient’s overall
health and both you and your patient
can formulate more-informed
decisions.
 The olden idea that physicians should hold health care
information in confidence should be applicable no matter
what the circumstance.

The protection of privacy and confidentiality is non-

negotiable because it is a duty that does not fluctuate based
on the diseases, or the data-storage medium.
Levels of Security in the Hospital Information System

1. Administrative Level - implemented by the management

2. Physical Level - protect equipment, systems, and locations;
3. Technical Level - protect the software and database access and
control.
 Types of safeguards - may be prescribed or restricted by law.

Cost-benefit principle.

Regardless of the type of safeguard your practice chooses to implement, it is

important to monitor its effectiveness and regularly assess your health IT
environment to determine if new risks are present.
key functions:
1. Availability
2. Accountability
3. Perimeter identification
4. Controlling access
5. Comprehensibility and control