Lesson 14: Ethics, Privacy and Security Flashcards
The application of the principles of ethics to the domain of health informatics.
Health Informatics Ethics (HIE)
Three main aspects of health informatics
Healthcare
Informatics
Software
It is developed in order to assist in the dispensation of healthcare or other supplementary services.
Information system
It dwells in the efficiency of processing data
Health informatics
What covers the General/Healthcare principles
Autonomy
Beneficence and Non- maleficence
What principles cover the informatics
Privacy
Openess
Security
Access
Infringement (Legitimate)
Least Intrusion
Accountability
What principles cover the software?
Society
Institution and Employees
Profession
Allowing individuals to make their own decisions in response to a particular societal context
Autonomy
The idea that no one human person does not have the authority nor should have the power over another human person
Autonomy
It must maintain respect for patient autonomy.
Electronic Health Record (EHR)
These two principles are respectively defined as “do good” and “do no harm”.
Beneficence and Non-maleficence
It involved the ethical behavior required of anyone handling data and information, as prescribed by the International Medical Informatics Association
Information ethics
The seven principles in information tics ethics
Principle of information - privacy and disposition
Principle of openness
Principle of security
Principle of access
Principle of legitimate infringement
Principle of the least intrusive alternative
Principle of accountability
It relies on use of software to store and process information
Health Informatics Ehtics
The software developer has ethical duties and responsibilities to the following stakeholders:
Society
Institution and Employees
Profession
All persons and group of persons have a fundamental right to privacy, and hence to control over the collection, storage, access, use, communication, manipulation, linkage, and disposition of date about themselves.
Principle of Information - Privacy and Disposition
The collection, storage, access, use, communication, manipulation, linkage and disposition of personal data must be disclosed in an appropriate and timely fashion to the subject or subjects of those data.
Principle of Openness
Data have been legitimately collected about persons or groups of persons should be protected by all reasonable and appropriate measures against loss degradation, unauthorized destruction, access, use , manipulation, linkage, modification, or communication
Principle of Security
The subjects of electronic health records have the right to access those records and the right to correct them with respect to its accurateness, completeness and relevance.
Principle of Access
The fundamental right of privacy and of control over the collection, storage, access, use, manipulation, linkage, communication and disposition of personal date is conditioned only by the legitimate, appropriate, and relevant data-needs of a free, responsible, and democratic society, and by the equal and competing rights of others
Principle of Legitimate Infringement
Any infringement of the privacy rights of a person or a group persons, and of their right to control over data about them, may only occur in the least intrusive fashion and with a minimum inference with the rights of the affected parties.
Principle of the Least Intrusive Alternative
Any infringement of the privacy rights of a person or group of persons, and of the right to control over date about them, must be justified to the latter in good time and in an appropriate fashion.
Principle of Accountability
It is used interchangeably, but they are not synonymous.
Privacy and Confidentiality
Generally applies to individuals and their aversion to eavesdropping
Privacy
It is more closely related to unintented disclosure of information.
Confidentiality
It is widely regarded as rights of all people which merit respect without need to be earned, argued, or defended
Privacy and Confidentiality
What are the levels of security in the hospital information system?
Administrative safeguards (organizational safeguards)
Physical safeguards
Technical safeguards
May be implemented by the management as organization-wide policies and procedures
Administrative safeguards
Mechanisms to protect equipment, systems, and locations
Physical
Automated processes to protect the software and database access and control
Technical
It emphasizes that technological security tools are essential components of modern distributed health care information systems.
National Research Council (NCR)
What serves as five key functions in NRC?
Availability
Accountability
Perimeter identification
Controlling access
Comprehensibility and control
Ensuring that accurate and up to date information is available when needed at appropriate places.
Availability
Ensure that gealthcare providers are responsible for their access to and use of information, based on a legitimate need and right to know
Accountability
Knowing and controlling the boundaries of trusted access to the information system, both physically and logically.
Perimeter identification
Access for health care providers only to information essential to the performance of their jobs and limiting the real or perceived temptation to access information beyond legitimate need.
Controlling access
Ensuring the record owners, data stewards, and patients understand and have effective control over appropriate aspects of information privacy and access
Comprehensibility and control
What are the key steps in the Laboratory Information for a hospital patient?
Register patient
Order tests
Collect sample
Receive sample
Run sample
Review results
Release results
Report results