Privacy Issues

Protection of the security and confidentiality of information is an essential responsibility of health care managers. Health information systems contain sensitive information. Clinical systems process medical information about individual patients. Human resources information systems contain personal information about employees. Financial and decision support systems include proprietary data used for planning, marketing, and management of the enterprise.

Clinical information systems require comprehensive programs to protect the privacy of patient medical records. Three categories of clinical systems must be considered: patient care systems, public health information systems, and medical research information systems.

• Patient care systems contain information about a patient's medical history, diagnoses, and treatment plans. Organizations that provide care are required by law and by ethical considerations to ensure that patient-specific information is available only to authorized users.
[Page 446]
• Public health information systems support disease prevention and surveillance programs. Protecting public health requires the acquisition and storage of health-related information about individuals. Public health benefits sometimes conflict with threats to individual privacy. Individuals concerned about privacy who avoid clinical tests and treatments may endanger the health of others in the community.
• Medical research information systems use large repositories of individual patient records to study patterns of health and disease in populations. Data mining techniques are used to search for potential relationships among patient characteristics and other factors. Research data often are accessible to a number of investigators and their staff, and information security measures are essential to protect patient privacy rights.

Enterprise-wide standards must be established to protect information privacy and confidentiality in health care organizations. A comprehensive information security policy should include three elements: (a) physical security, (b) technical controls over access, and (c) management policies that are well known and enforced in all organizational units.

Physical security includes such elements as using keys or badges to unlock computer terminals and using dial-back procedures to determine that a request to access data has come from a specific terminal and modem.

A number of technical controls to data access can be built into operational information systems. Passwords are the most common. Each user is assigned a password that is known only by that individual and the data security manager. Users should be warned never to share their passwords with anyone else, and passwords should be changed periodically. Passwords should allow access only to those portions of the organization's database appropriate to the individual user and his or her departmental affiliation.

Encryption is a method of coding or altering information such that it is unintelligible if obtained by unauthorized users. Encryption is used with very sensitive information such as lists of passwords or diagnostic information on mental health or sexually transmitted diseases. It is not a practical method for providing general data protection. The data security manager should be the only one able to decode encrypted information.

The most important technical safeguard may be the maintenance of audit logs that track every transaction associated with use of critical data files. The logs identify the user and/or terminal, the date and time of access, and the type of transaction carried out (simple access, addition, changes, or deletions to the record). If employees are aware that all transactions are being monitored for violations, they will be deterred from seeking unauthorized use of sensitive information.

...