Privacy Protection in Personal Health Information and Shared Care Records

Roderick L B Neame

Abstract


Background The protection of personal information privacy has become one of the most pressing security concerns for record keepers. Many institutions have yet to implement the essential infrastructure for data privacy protection and patient control when accessing and sharing data; even more have failed to instil a privacy and security awareness mindset and culture amongst their staff. Increased regulation, together with better compliance monitoring has led to the imposition of increasingly significant monetary penalties for failures to protect privacy. 

Objective  There is growing pressure in clinical environments to deliver shared patient care and to support this with integrated information.  This demands that more information passes between institutions and care providers without breaching patient privacy or autonomy.  This can be achieved with relatively minor enhancements of existing infrastructures and does not require extensive investment in inter-operating electronic records: indeed such investments to date have been shown not to materially improve data sharing.

Requirements for Privacy  There is an ethical duty as well as a legal obligation on the part of care providers (and record keepers) to keep patient information confidential and to share it only with the authorisation of the patient.  To achieve this information storage and retrieval, and communication systems must be appropriately configured. Patients may consult clinicians anywhere and at any time: therefore their data must be available for recipient-driven retrieval under patient control and kept private. 


Keywords


Information Privacy; Medical Record Sharing; Electronic Medical Records; Shared Care

Full Text:

HTML PDF

References


Kellermann AL, Jones SS. What It Will Take To Achieve The As-Yet-Unfulfilled Promises Of Health Information Technology. Health Affairs, 2013; 32 (1): 63-68

Medical Protection Society. Access to Health Records. (Internet. Cited 07 February 2013) Available from: http://www.medicalprotection.org/uk/england-factsheets/access-to-health-records

Harrison J and Booth N. Applying new thinking from the linked and emerging fields of digital identity and privacy to information governance in health informatics. Informatics in Primary Care (2003) 11: 223-8.

Neame R., Privacy and Health Information: health cards offer a workable solution. Inform Prim Care. 2008;16(4):263-70.

Schoenberg R, Safran C. Internet-based repository of Medical records that retains patient confidentiality. BMJ 2000; 321.

Anderson R. Security in Clinical Information Systems. Ver 1.1 1996 (Internet. Cited 26 July 2012). Available from: http://www.cl.cam.ac.uk/~rja14/policy11/policy11.html

Wiech D. Identity and Password Management in Healthcare. Identity Management Solutions. (Internet. cited 26 July 2012) Available from: http://identitymanagementsolutions.blogspot.fr/2011/04/identity-and-password-management-in.html

UK Privacy Debacles. Open Rights Group. (Internet. cited 26 July 2012) Available from: http://wiki.openrightsgroup.org/wiki/UK_Privacy_Debacles

Hindocha N. Instant insecurity: security issues of instant messaging. 2003 (Internet. Cited 07 February 2013). Available from: http://www.symantec.com/connect/articles/instant-insecurity-security-issues-instant-messaging

PR Newswire. Leading Cause of Data Security Breaches are due to Insiders, not Outsiders. (Internet. Cited 07 February 2013) Available from: http://www.prnewswire.com/news-releases/leading-cause-of-data-security-breaches-are-due-to-insiders-not-outsiders-54002222.html

Verizon. 2010 Data Breach Investigations Report. (Internet. Cited 07 February 2013) Available from: http://www.verizonenterprise.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

Patel H. What are the most common causes of security breaches? Help Net Security. (Internet. Cited 07 February 2013) Available from: http://www.net-security.org/article.php?id=959

Secnap network Security. Healthcare Industry is under-prepared to protect patient privacy. (Internet. Cited 07 February 2013) Available from: http://www.secnap.com/support/whitepapers/healthcare-privacy-report-pwc.html

SC Magazine. Healthcare professionals show poor practice when it comes to security. 20 November 2008 (Internet. Cited 07 February 2013) Available from: http://www.scmagazineuk.com/healthcare-professionals-show-poor-practice-when-it-comes-to-security/article/121277/

NHS Connecting for Health. Cryptography and the Pathology Messaging Enabling Project. (Internet. Cited 07 February 2013) Available from: http://www.connectingforhealth.nhs.uk/systemsandservices/pathology/edifact/security/crypto_v5/

Davino M. Assessing Privacy risk in Outsourcing. Journal of AHIMA 75, no 3 (March 2004): 42-46.

Macfarlane J. Private medical records for sale: Harley Street clinic patients’ files outsourced for computer input – and end up on black market. Mail Online 18 October 2009. (Internet. Cited 07 February 2013) Available from: http://www.dailymail.co.uk/news/article-1221186/Private-medical-records-sale-Harley-Street-clinic-patients-files-outsourced-input--end-black-market.html

Neame R. Effective Sharing of Records and Maintaining Privacy. Online Journal of Public Health Informatics 2013 Jul 1;5(2):217. doi: 10.5210/ojphi.v5i2.4344.




DOI: http://dx.doi.org/10.14236/jhi.v21i2.55

Refbacks

  • There are currently no refbacks.


This is an open access journal, which means that all content is freely available without charge to the user or their institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles in this journal starting from Volume 21 without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open accessFor permission regarding papers published in previous volumes, please contact us.

Privacy statement: The names and email addresses entered in this journal site will be used exclusively for the stated purposes of this journal and will not be made available for any other purpose or to any other party.

Online ISSN 2058-4563 - Print ISSN 2058-4555. Published by BCS, The Chartered Institute for IT