Privacy, Confidentiality, and Electronic Medical Records

From Clinfowiki
Jump to: navigation, search

This is a review on Barrows, R., & Clayton, P. (1996) article, Privacy, Confidentiality, and Electronic Medical Records. [1]


Goals of Informational Security in Health Care

An electronic medical record (EMR) allows providers and clinicians to access and share a patient's medical health information among authorized individuals. Because there is a risk of a potential breach of privacy and confidentiality, healthcare organizations should establish security measures to protect their data.

To assist organizations, the goals of informational security in health care should be considered.

    • Ensure the privacy of patients and confidentiality of health care data
    • Ensure the integrity of health care data
    • Ensure the availability of health data for authorized persons

Security Policy

A security policy is essential in protecting health care data. Organizations should define a policy that will not only protect their patients but also their personnel who are authorized to view data and outside vendors such as insurance companies and managed care organizations.

Organizations should define their security policy based on the following factors:

    • Functional requirements of an information system
    • Security requirements for the system
    • A threat model

Privacy and Confidentiality in Health Care

In addition to a security policy, privacy and confidentiality should also be established between clinicians and patients. When patients "trust" clinicians with their medical data, privacy and confidentiality is established. There are different measures organizations can implement to protect privacy and confidentiality.

  • Establishing data ownership and legal accountability
  • Implementing informed consent to disclosure
  • Establish primacy uses of medical records
  • Create user authentication and access control
    • Password security
    • User-specific or role-specific views
  • Implement encryption software -- often referred to as cryptography
  • Implement protocols and mechanisms that will test and verify data --- referred to as data integrity
  • Create firewalls between EMR sites and internal networks
  • Recommend implementation of audit trail software

A Comparison of the Paper and Electronic Record Environments

Conclusion

Comments

References

  1. Privacy, Confidentiality, and Electronic Medical Records Randolph C. Barrows , Paul D. Clayton Journal of the American Medical Informatics Association Mar 1996, 3 (2) 139-148; DOI: 10.1136/jamia.1996.96236282 Retrieved from http://jamia.oxfordjournals.org/content/3/2/139
Retrieved from "https://www.clinfowiki.org/wiki/index.php?title=Privacy,_Confidentiality,_and_Electronic_Medical_Records&oldid=22706"