Ethics, Privacy, and Security Flashcards
Issues in the use of appropriate informatics tools in clinical settings, determination of users, system evaluation, system
development and maintenance, and the use of computers in tracking clinical outcomes.
Privacy and Confidentiality of the Patient
Ethical Principles for Appropriate Use of Decision-Support Systems (Shortlife and Cimino, 2013):
o A program should undergo appropriate evaluation before use in clinical practice.
▪ Should perform efficiently at an acceptable financial and timeframe cost.
o Adequate training and instruction should be completed before proceeding to the implementation.
o A qualified health professional should be assigned to handle concerns about uses, licenses, and other concerns.
▪ The software systems’ applications should not replace functions such as decision-making.
the application of the principles of ethics in the domain of health informatics (healthcare and software informatics).
Health Information Ethics
Guide the reasoning and decision-making of all people and organizations involved in healthcare.
GENERAL ETHICS
Ethical Principles:
Autonomy & Beneficence and Non-Maleficence
the idea of either allowing individuals to make their own decisions in response to a particular societal context or being free from external influence or control.
Autonomy
do good and do no harm.
Beneficence and Non-Maleficence
The ethical behavior expected from an individual assigned to handle information.
Information Ethics
International Medical Informatics Association (2016)
(IMIA)
The ethical duties and responsibilities of software developers to the stakeholders.
Software Ethics
Seven Principles of Informatic Ethics
- Information-Privacy and Disposition
- Openness
- Security
- Access
- Legitimate Infringement
- Least Intrusive Alternative
- Accountability
Applies to individual and their aversion to eavesdropping
Privacy
More closely related to unintended disclosure of information
Confidentiality
solutions and tools that may be utilized to implement security policies at different levels of health
organization.
Safeguards
– implemented by the management as organization-wide policies and procedures.
Administrative Level
– mechanisms to protect equipment, systems, and locations with data.
Physical Level
automated processes to protect the software and database access and control.
Technical Level
- Regular risk assessment of the health information technology environment.
- Continuous assessment of the effectiveness of safeguards for electronic health.
- Detailed processes and procedures for viewing and administering electronic
health information. - Reporting of security breaches and continued health information technology
operations.
Administrative Safeguards
- Placing office alarm systems.
- Locking offices and areas that contain computing equipment that stores electronic
health information. - Having security guards that make regular inspections in the vicinity.
Physical Safeguards
- Configuration of computing equipment to ensure security.
- Using certified applications and technologies that store or exchange electronic
health information. - Setting up access controls to health information technology and electronic health
information. - Encryption of electronic health information.
- Regular audit of the health information technology operations.
- Having backup capabilities.
Tecnhnical Safeguard
emphasizes that technological security tools are essential components of modern distributed healthcare information systems.
National Research Council (1997)
– accurate and up-to-date information is available when needed.
Availability
– healthcare providers are responsible for their access to and use of information.
Accountability
– know and control the boundaries of trusted access to the information system.
Perimeter Identification
enable access to essential information and limit beyond legitimate need.
Controlling Access
– record owners, data stewards, and patients understand and have effective control of information privacy and access.
Comprehensibility and Control
