Security of Electronic Medical Information and Patient Privacy: What You Need to Know

From Clinfowiki
Jump to: navigation, search

This is a review of Andriole (2014) article, “Security of Electronic Medical Information and Patient Privacy: What You Need to Know” [1].


This article discusses the importance of maintaining privacy and security of electronic health records (EHRs) from the standpoint of the physician's responsibility. The authors focus on safeguarding electronic protected health information (ePHI), for example Radiological images in line with HIPAA regulations.

According to the article, the Health information privacy and security rules - as out lined by HIPAA - serve to protect the privacy of the patient while enabling the physician to have necessary access to information needed to provide care. Key terminology relating to privacy and security is defined


Privacy Rule Timeline

 * 1996 - HIPAA enacted with 2 aims.
          ** Protect health insurance coverage for workers and their families when they change or lose their jobs
          ** National standards for electronic health care transactions and national identifiers  
 * 2000 - Privacy Rule: The US Department of Health and Human Services - final Privacy Rule to address security and privacy of health data
 * 2002 - Privacy Rule Modified
 * 2003 - Security Rule to protect confidentiality, integrity, and availability of electronic protected health information (PHI) 
 * 2004 - Privacy Rule Compliance Required 
 * 2006 - Security Rule Compliance Required 

According to the authors Radiological Images can be accessed digitally and are considered part of ePHI. Compliance with HIPAA privacy and security rules is required as a result. Additional details of radiological imaging systems can be found on the Imaging Informatics page.

PHI from radiology standpoint

 * Radiology accession number 
 * Date of examination
 * Any other identification numbers
 * A DICOM medical image -should not be used outside a clinical setting without full anonymization
 * Soft-tissue volume-rendered MRI or CT data sets
 * Biometric identifiers 
 * PACS systems
 * Radiology information systems (RIS)

Security and Privacy

  • Maintaining this involves Physical (e.g. device isolation), Technical (e.g. firewalls) and Administrative Safeguards (e.g. Policies)
  • System tools should include Authentication and Authorization

Radiologist role

  1. They must understand their responsibilities with regards to electronic health information
  2. They must know their patient's rights
  3. They need to educate themselves on privacy and security techniques to use on medical information


The importance of protecting patient health information cannot be understated. There could be legal, financial and other ramifications for not doing so. This article shed light on an interesting aspect of ePHI which concerns safeguarding medical images. The images have the potential to contain biometric identifiers that if not safeguarded could breech patient privacy. Clear definitions of key privacy and security terminology was provided along with detailed expectations of clinicians seeking to adhere to the policies.


  1. Andriole, K. P. (2014). Security of Electronic Medical Information and Patient Privacy: What You Need to Know. Journal of the American College of Radiology, 11(12, Part B), 1212–1216.