Ethics , Privacy & Security

Question 1

encompasses issues of proper and improper behaviour, honourable actions, and of right and wrong.

Answer 1

Healthcare informatics

Question 2

in medicine, nursing, human subject research, psychology, and other related fields continue to become more twisted and complex, but some overarching issues are common among them.

Answer 2

Ethical questions

Question 3

on the other hand, are less familiar, even if some of them have been controversial for decades.

Answer 3

Ethical issues in health informatics,

Question 4

also raises questions about various legal and regulatory requirements.

Answer 4

Informatics

Question 5

should be used in clinical practice only after
appropriate evaluation of its efficacy and the documentation that it performs its intended task at an acceptable cost in time and money.

Answer 5

computer program

Question 6

should be preceded by adequate training and instruction, which should include review of applicable product evaluations.

Answer 6

informatics tools

Question 7

Users of most clinical systems should be

Answer 7

health professionals

Question 8

is defined as either allowing individuals to make their own decisions in response to a particular societal context, or as the idea that no one human person does not have the authority nor should have power over another human person.

Answer 8

Autonomy

Question 9

must maintain respect for patient autonomy,
and this entails certain restrictions about the access, content, and ownership of records.

Answer 9

Electronic health records (EHR)

Question 10

These two principles are respectively defined as “do good” and “do no harm.” In health informatics, beneficence relates most significantly with the use of the stored data in the EHR system, and non -maleficence with data protection.

Answer 10

Beneficence and Non-maleficence

Question 11

will contain substantial amounts of raw data, and
great potential exists for the conduction of groundbreaking biomedical and public health research. These kinds of research will be beneficial to both the individual patient, and to the entirety of society.

Answer 11

Deeply-integrated EHR systems

Question 12

should be developed with the capacity to allow patients to release information from their EHRs which can be valuable to researchers and scientists.

Answer 12

new EHR systems

Question 13

on the other hand, involves the ethical behaviour required of anyone handling data and information, as prescribed by the International Medical Informatics Association (2016). It covers seven principles: privacy, openness, security, access, legitimate infringement, least intrusive alternatives, and accountability.

Answer 13

Informatics Ethics

Question 14

All persons and group of persons have a fundamental right to privacy, and hence to control over the collection, storage, access, use, communication, manipulation, linkage and disposition of data about themselves.

Answer 14

Principle of Information-Privacy and Disposition

Question 15

The collection, storage, access, use, communication, manipulation, linkage and disposition of personal data must be disclosed in an appropriate and timely fashion to the subject or subjects of those data.

Answer 15

Principle of Openness

Question 16

Data that have been legitimately collected about persons or groups of persons should be protected by all reasonable and appropriate measures against loss degradation, unauthorized destruction, access,
use, manipulation, linkage, modification or communication.

Answer 16

Principle of Security

Question 17

The subjects of electronic health records have the right of access to those records and the right
to correct them with respect to its accurateness, completeness and relevance.

Answer 17

Principle of Access

Question 18

The fundamental right of privacy and of control over the collection, storage, access, use, manipulation, linkage, communication and disposition of personal data is conditioned only by the legitimate, appropriate and relevant data-needs of a free, responsible and democratic society, and by the equal and competing rights of others.

Answer 18

Principle of Legitimate Infringement

Question 19

Any infringement of the privacy rights of a person or group of persons, and of their right of control over data about them, may only occur in the least intrusive fashion and with a minimum of interference with the rights of the affected parties.

Answer 19

Principle of the Least Intrusive Alternative

Question 20

Any infringement of the privacy rights of a person or group of persons, and of the right to control
over data about them, must be justified to the latter in good time and in an appropriate fashion.

Answer 20

Principle of Accountability

Question 21

heavily relies on use of software to store and
process information. As a result, activities carried out by software developers might significantly affect end-users.

Answer 21

Software Ethics

Question 22

has ethical duties and responsibilities to the following stakeholders: society, institution and employees, and the profession.

Answer 22

The software developer

Question 23

generally applies to individuals and their aversion to eavesdropping, whereas confidentiality is more closely related to unintended disclosure of information.

Answer 23

Privacy

Question 24

also benefits public health. When people are not afraid to disclose personal information, they are more inclined to seek out professional assistance, and it will diminish the risk of increasing untreated illnesses and spreading infectious diseases (Goodman, 2016).

Answer 24

Privacy and confidentiality protection

Question 25

• Employee training on the use of health IT to appropriately protect electronic health information
• Continual risk assessment of your health IT environment
• Continual assessment of the effectiveness of safeguards for electronic health information
• Detailed processes for viewing and administering electronic health information
• Appropriately reporting security breaches (e.g., to those entities required by law or contract) and ensuring continued health IT operations

Answer 25

Administrative Safeguards

Question 26

• Locked offices containing computing equipment that store electronic health information
• Office alarm system
• Security guards

Answer 26

Physical Safeguards

Question 27

• Encryption of electronic health information
• Securely configured computing equipment (e.g.,virus checking, firewalls)
• Certified application and technologies that store or exchange electronic health information
• Access controls to health IT and electronic health information (e.g., authorized computer accounts)
• Auditing of health IT operations
• Health IT backup capabilities (e.g., regular backups of electronic information to another computer file server)

Answer 27

Technical Safeguards

Question 28

emphasizes that technological security tools are essential components of modern distributed health care information systems, and that they serve five key functions:

Answer 28

National Research Council (1997)

Question 29

ensuring that accurate and up-to-date information is available when needed at appropriate places;

Answer 29

Availability

Question 30

helping to ensure that health care providers are responsible for their access to and use of information, based on a legitimate need and right to know;

Answer 30

Accountability

Question 31

knowing and controlling the boundaries of trusted access to the information system, both physically and logically;

Answer 31

Perimeter identification

Question 32

enabling access for health care providers only to information essential to the performance of their jobs and limiting the real or perceived temptation to
access information beyond a legitimate need;

Answer 32

Controlling access

Question 33

ensuring that record owners, data stewards, and
patients understand and have effective control over appropriate aspects of information privacy and access.

Answer 33

Comprehensibility and control

Question 34

• Patient record must be created in the LIS before test can be ordered. LIS usually automatically receives these data from a hospital registration system when a patient is admitted

Answer 34

Register Patient

Question 35

• Physician orders tests on a patients to be draw as part of the laboratory’s morning blood collection rounds. The order is entered into the CIS and electronically sent to the LIS

Answer 35

Order Tests

Question 36

The LIS prints a list of all patients who have to be drawn and the appropriate number of sample bar-code labels for each patients order, Each barcode has a patient ID, sample contained, and laboratory workstation that can be used to sort the tubes one it reaches the laboratory

Answer 36

Collect Sample

Question 37

• When the sample arrive in the laboratory, Their status has to e updated in the LIS from “collected” to “received”. this can be done by scanning each sample container’s barcode ID into the LIS. Once the sample id “received,” the LIS transmits test order to the analyser who will perform the test

Answer 37

Receive Sample

Question 38

• The sample is loaded onto the the analyser, and the bar code is read. having already received the test order from the LIS, the analyser knows which test to perform of the patients. No work list is needed. For manually performed test, the technologist prints a work list from the LIS. The work list contains the names of the patients and the tests ordered on each. Next to each test is a space to record the result.

Answer 38

Run Sample

Question 39

• The analyser produces the results and send the to the LIS. These results are only viewable to technologist because they have not been released for general viewing. the LIS can be programmed to flag certain results- for example, critical values - so the technologist can easily identify what needs to be repeated or further evaluated.

Answer 39

Review Results

Question 40

• The technologist releases the results. Unflagged results are usually viewed and released at the same time. The LIS can also be programmed to automatically review and release normal results or results that fall within a certain range. The results are automatically transmitted to the CIS

Answer 40

Release Results

Question 41

• The Physician can view the results on the CIS screen. Reports are printed when needed from the LIS.

Answer 41

Report Results

Question 42

• Release guidelines on proper disposal of laboratory specimen
• Continous employee training on the use of the LIS
• Periodic review of standards in identifying which results should be flagged
• strengthen laboratory authorization and supervision policies
• Implement strict rules and regulation regarding the testing procedures
• Enforcement policies on the proper use of laboratory workstations
• Impose disciplinary measures as needed

Answer 42

Administrative Safeguards (LIS)

Question 43

• Biometrics and other security protocol for laboratory access
• periodic maintenance of laboratory equipment
• Controlled temperature both for equipment and specimen
• Contingency operations plan
• Use of appropriate personal laboratory safety equipment

Answer 43

Physical Safeguards (LIS)

Question 44

• Regular change of username and password
• Automated identity confirmation procedures for users requesting access
• Different acess capabilities based on user position
• Automatic log-off after long periods of inactivity

Answer 44

Technical Safeguards (LIS)

Question 45

is an increasingly growing industry within the Philippine economy.

Answer 45

Business Process Management

Question 46

with an aim “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” (Republic Act. No. 10173, Ch. 1, Sec. 2).

Answer 46

Data Privacy Act of 2012

Question 47

applies to individuals and legal entities that are in the business of processing personal information.

Answer 47

The Data Privacy Act

Question 48

The main principles that govern the approach for the Data Privacy act include:

Answer 48

1. Transparency;
2. Legitimacy of purpose; and
3. Proportionality.

Question 49

is one of the major elements highly-valued by the Data Privacy Act. The act provides that consent must be documented and given prior to the collection of all forms of personal data, and the collection must be declared, specified, and for a legitimate purpose.

Answer 49

Consent

Question 50

Processing of sensitive and personal information is also forbidden, except in particular circumstances enumerated below. The Data Privacy Act describes sensitive personal information as those being:

Answer 50

*About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
*About an individual’s health, education, genetic or sexual life of a person, or to any proceeding or any
offense committed or alleged to have committed;
*Issued by government agencies “peculiar” (unique) to an individual, such as social security number;
*Marked as classified by executive order or act of Congress.

Question 51

The exceptions are:

Answer 51

• Consent of the data subject;
• Pursuant to law that does not require consent;
• Necessity to protect life and health of a person;
• Necessity for medical treatment;
• Necessity to protect the lawful rights of data subjects in court proceedings, legal proceedings, or
  regulation.
• The provisions of the law necessitate covered entities to create privacy and security program to improve the collection of data, limit processing to legitimate purposes, manage access, and implement data retention procedures.

Question 52

The act provides for different penalties for varying violations, majority of which include imprisonment.

Answer 52

Penalties

Question 53

These violations include:

Answer 53

• Unauthorized processing
• Processing for unauthorized purposes
• Negligent access
• Improper disposal
• Unauthorized access or intentional breach
• Concealment of breach involving sensitive personal information
• Unauthorized disclosure; and
• Malicious disclosure.

Question 54

Any combination or series of acts enumerated above shall make the person subject to imprisonment ranging from

Answer 54

three (3) years to six (6) years,

Question 55

Any combination or series of acts enumerated above shall make the person subject to a fine of not less than

Answer 55

One million pesos (Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00) (Republic Act. No. 10173, Ch. 8, Sec. 33).