ETHICS, PRIVACY, AND SECURITY (LESSON 14; FINALS) Flashcards
Encompasses issues of proper and improper behavior, honorable actions, and of right and wrong
HEALTHCARE INFORMATICS
the application of the principles of ethics to the domain of health informatics
HEALTH INFORMATICS ETHICS (HIE)
HIE
HEALTH INFORMATICS ETHICS
Three main aspects of health informatics
1) HEALTHCARE
2) INFORMATICS
3) SOFTWARE
developed in order to assist in the dispensation of healthcare or other supplementary services
INFORMATION SYSTEMS
3 scopes of Health Informatics Ethics
1) GENERAL
2) INFORMATICS
3) SOFTWARE
3 principles of General Ethics
1) AUTONOMY
2) BENEFICENCE
3) NON-MALEFICENCE
7 principles of Informatics Ethics
1) PRIVACY
2) OPENNESS
3) SECUTIRY
4) ACCESS
5) INFRINGEMENT
6) LEAST INTRUSION
7) ACCOUNTABILITY
3 principles of Software Ethics
1) SOCIETY
2) INSTITUTION AND EMPLOYEES
3) PROFESSION
defined as either allowing individuals to make their own decisions in response to a particular societal context, or as the idea that no one human person does not have the authority nor should have power over another human person
AUTONOMY
defined as “do good” and “do no harm”
BENEFICENCE AND NON-MALEFICENCE
relates most significantly with the use of the stored data in the EHR system
BENEFICENCE
relates with data protection
NON-MALEFICENCE
involves the ethical behavior required of anyone handling data and information
INFORMATICS ETHICS
all persons and group of persons have a fundamental right to privacy; control over the collection, storage, access, use, communication, manipulation, linkage, and disposition of data about themselves
PRINCIPLE OF INFORMATION-PRIVACY AND DISPOSITION
the collection, storage, access, use, communication, manipulation, linkage, and disposition of personal data must be disclosed in an appropriate and timely fashion to the subject or subjects of those data
PRINCIPLE OF OPENNESS
data that have been legitimately collected that about persons or groups of persons should be protected by all reasonable and appropriate measures against loss degradation, unauthorized destruction, access, use, manipulation, linkage, modification, or communication
PRINCIPLE OF SECURITY
the subjects of electronic health records have the right of access to those records and the right to correct them with respect to its accurateness, completeness, and relevance
PRINCIPLE OF ACCESS
the fundamental right of privacy and of control over the collection, storage, access, use, manipulation, linkage, communication, and disposition of personal data is conditioned only by the legitimate, appropriate, and relevant data-needs of a free, responsible, and democratic society, and by the equal and competing rights of others
PRINCIPLE OF LEGITIMATE INFRINGMENT
any infringement of the privacy rights of a person or group of persons, and of their right to control over data about them, may only occur in the least intrusive fashion and with a minimum of interference with the rights of the affected parties
PRINCIPLE OF THE LEAST INTRUSIVE ALTERNATIVE
any infringement of the privacy rights of the person or group of persons, and of the right to control over data about them, must be justified to the latter in good time and appropriate fashion
PRINCIPLE OF ACCOUNTABILITY
generally applies to individuals and their aversion to eavesdropping
PRIVACY
unintended disclosure of information
CONFIDENTIALITY
3 types of safeguards
1) ADMINISTRATIVE
2) PHYSICAL
3) TECHNICAL
may be implemented by the management as organization-wide policies and procedures
ADMINISTRATIVE SAFEGUARDS
mechanisms to protect equipment, systems, and locations
PHYSICAL SAFEGUARDS
automated process to protect equipment, systems, and locations or control
TECHNICAL SAFEGUARDS
5 key functions of technological security tools
1) AVAILABILITY
2) ACCOUNTABILITY
3) PERIMETER IDENTIFICATION
4) CONTROLLING ACCESS
5) COMPREHENSIBILITY AND CONTROL
ensuring that accurate and up-to-date information is available when needed at appropriate places
AVAILABILITY
helping to ensure that healthcare providers are responsible for their access to and use of information, based on legitimate need and right to know
ACCOUNTABILITY
knowing and controlling the boundaries of trusted access to the information system, both physically and logically
PERIMETER IDENTIFICATION
enabling access for health care providers only to information essential to the performance of their jobs and limiting the real or perceived temptation to access information beyond a legitimate need
CONTROLLING ACCESS
ensuring that record owners, data stewards, and patients understand and have effective control over appropriate aspects of information privacy and access
COMPREHENSIBILITY AND CONTROL
key steps in laboratory information flow for a hospital patient
1) REGISTER PATIENT
2) ORDER TESTS
3) COLLECT SAMPLE
4) RECEIVE SAMPLE
5) RUN SAMPLE
6) REVIEW RESULTS
7) RELEASE RESULTS
8) REPORT RESULTS
