Lesson 14: Ethics, Privacy, and Security Flashcards
users of most clinical systems must be
health professionals
application of principles of ethics to the domain of health informatics
Health Information ethics
three aspects of informatics
Healthcare, informatics, software
are developed in order to assist in the dispensation of health care of processing data
Information system
stored for future use, to be retrieved when needed
Voluminous patient information
must maintain respect for for patient autonomy, and quality of patient records
Electronic health record
use of stored data in the EHR
Beneficence
______ and _______ improves document quality
Limiting patient access ; control over patient record
use of stored data in the EHR
Beneficence
data protection
non-maleficence
involves ethical behavior required to anyone handling data and information, prescribed by International Medical Informatics Association
information ethics
all person or groups have a fundamental right to privacy, hence control over the collection of storage, access, use, communication
Principle of information-privacy and disposition
the collection of storage, use, access, communication, manipulation, linkage, and disposition of personal data must be disclosed in an appropriate and timely fashion to the subject
principles to openness
legitimately collected about persons or groups of persons should be protected by all reasonable and appropriate measures against loss degradation, unauthorized destruction, access, use, manipulation, linkage, modification, or communication
principle to security
EHR have the right of access to those records and the right to correct them with respect to its accurateness, completeness, and relevance
principle of access
fundamental right of privacy and of control over the collection, storage, access, use, manipulation, linkage, communication of personal data
principles of legitimate infringement
any infringement of the privacy rights of a person and of their right of control over data about them, may only occur in the least intrusive fashion with a minimum of interference with the rights of the affected parties
Principle of the least intrusive alternative
any infringement of any rights to control over data about them, must be justified to the latter in good time and in an appropriate fashion
principle of accountability
ethical duties and responsibilities to the following stakeholders
software developer
developers should be mindful of social impacts of software system
society
while balancing their duties to the public, including being straightforward about personal limitations and qualification
institutions and its employees
applies to individuals and their aversion to eavesdropping, whereas confidentiality is more closely related to unintended disclosure of information.
Privacy
someone breaks into the clinic to view an individual’s patient record, that perpetrator is in violation
confidentiality
essential in establishing a successful physician-patient or nurse-patient relationship
trust
implemented by the management as organization-wide policies and procedures
administrative
mechanisms to protect equipment’s, systems, locations
physical
processes to protect software and database access and control
technical
if it is not cost effective for your practice to avail of an expensive technology to mitigate a risk to electronic health record
cost-benefit principle
continual risk assessment of your health IT environment
continual assessment of the effectiveness of safeguards for electronic health information
Employee training on the use of health IT to appropriately protect electronic health information
appropriately reporting security breaches and ensuring continued health IT operation
Administrative safeguards
office alarm system
locked offices containing computing equipment that store electronic health information
security guards
Physical safeguard
securely configured computing equipment
certified applications and technologies that store or exchange electronic health information
access controls to health IT and electronic health information
encryption of electronic health information
auditing of health IT operation
Technical safeguard
emphasizes that technological security tools are essential component of modern distributed health care information system
National research council (1997)
ensuring that accurate and up-to-date information is available when needed at appropriate places
availability
helping to ensure that healthcare providers are responsible for their access to and use of information
accountability
knowing and controlling the boundaries of trusted access to the information system, both physically and logically
Perimeter identification
enabling access for health care providers only to information essential to the performance of their jobs
controlling access
ensuring that record owners, data stewards, and patient understand and have effective control over
comprehensibility and control
patient record must be created in the LIS before tests can be ordered
register patient
patient to be drawn as part of the laboratory’s morning blood collection rounds
order test
nurse to collect samples
collect sample
samples arrive in the laboratory
receive sample
sample is loaded in a analyzer and bar code is read
run sample
analyzer produces the results and sends them to LIS
review results
technologist release the result
release results
physician can view the results on CIS screen
report result
