Revision as of 19:04, 8 April 2015

This is a review on Barrows, R., & Clayton, P. (1996) article, Privacy, Confidentiality, and Electronic Medical Records. ^[1]

Goals of Informational Security in Health Care

An electronic medical record (EMR) allows providers and clinicians to access and share a patient's medical health information among authorized individuals. Because there is a risk of a potential breach of privacy and confidentiality, healthcare organizations should establish security measures to protect their data.

To assist organizations, the goals of informational security in health care should be considered.

• • Ensure the privacy of patients and confidentiality of health care data
  • Ensure the integrity of health care data
  • Ensure the availability of health data for authorized persons

Security Policy

A security policy is essential in protecting health care data. Organizations should define a policy that will not only protect their patients but also their personnel who are authorized to view data and outside vendors such as insurance companies and managed care organizations.

Organizations should define their security policy based on the following factors:

• • Functional requirements of an information system
  • Security requirements for the system
  • A threat model

Privacy and Confidentiality in Health Care

Conclusion

Comments

References

1. ↑ Privacy, Confidentiality, and Electronic Medical Records Randolph C. Barrows , Paul D. Clayton Journal of the American Medical Informatics Association Mar 1996, 3 (2) 139-148; DOI: 10.1136/jamia.1996.96236282 Retrieved from http://jamia.oxfordjournals.org/content/3/2/139