RES: Ethical, Legal and Security aspects of Health Informatics Flashcards
what are the 2 ethical principles?
- Fundamental Ethical Principles
- General Principles of Informational Ethics
what are the 3 basic security principles?
- privacy & confidentiality
- availability
- integrity
what are the 2 legal standards?
- Health Insurance Portability and Accountability Act of 1996 (USA)
- R.A. Data Privacy Act of 2012 (Philippines)
what are the 6 FUNDAMENTAL principle of ethics
- autonomy
- equality and justice
- beneficence
- non maleficence
- impossibility
- integrity
All persons have a fundamental right to self- determination
Principle of Autonomy
All persons are equal and have a right to be treated accordingly
Principle of Equality and Justice
All persons have a duty to advance the good of others where the nature of this good is in keeping with the fundamental and ethically defensible values of the affected party.
Principle of Beneficence
All persons have a duty to prevent harm to other persons insofar as it lies within their power to do so without undue harm to themselves.
Principle of Non-Malfeasance
All rights and duties hold subject to the condition that it is possible to meet them under the circumstances that obtain
Principle of Impossibility
Whoever has an obligation has a corresponding duty to fulfill that obligation to the best of her or his ability
Principle of Integrity
what are the 7 GENERAL principles of informational ethics?
- Principle of Information- Privacy and Disposition
- Principle of Openness
- Principle of Security
- Principle of Access
- Principle of Legitimate Infringement
- Principle of Least Intrusive Alternative
- Principle of Accountability
Recognizes the fundamental right to privacy, person has control over processing of data about his/her data
Principle of Information- Privacy and Disposition
Data processing must be disclosed in an appropriate and timely fashion to the subject or subjects of those data.
Principle of Openness
Data that have been legitimately collected should be protected by all reasonable and appropriate measures to maintain integrity and confidentiality
Principle of Security
The subject of a health record has the right of access to that records and the right to correct the record with respect to its accurateness, completeness, and relevance
Principle of Access
Data processes is conditioned only by the legitimate, appropriate, and relevant data- needs of a free, responsible and democratic society, and by the equal and competing rights of other persons
Principle of Legitimate Infringement
Any infringement of the privacy rights of the individual person…may only occur in the least intrusive fashion and with a minimum of interference with the rights of the affected person
Principle of Least Intrusive Alternative
Any infringement of the privacy rights of the individual person, and of the right to control over person-relative data, must be justified to the affected person in good time and in an appropriate fashion
Principle of Accountability
what are the 3 security principles?
- privacy
- confidentiality
- security
Guarding against improper information modification or destruction, includes ensuring information non-repudiation and authenticity
INTEGRITY
Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information
confidentiality
Ensuring timely and reliable access to and use of information
availability
what are the 3 protection measures?
management practices
physical safeguards
technical measures
what are the elements of a security program
- protecting the privacy of data
- ensuring the integrity o fdata
- ensuring of availability pf data
what are the threats caused by environmental and hardware or software factors
- Earthquakes, floods, hurricanes, tornadoes, etc.
- Hardware breakdown (e.g., hard disk crash causing data corruption
- Software failures (e.g., program code that doesn’t execute properly
- Electrical outrages or surges
- Malwares (e.g., viruses, worms, Trojan horse, Spyware, backdoor
programs, Rootkit)
what are the threats caused by people?
- Insiders who make innocent mistakes, abuse their privileges, access or alter data for spite or profit, Physical intruders who steal or otherwise harm systems and Vengeful employees or outsiders who mount attacks
what are the 3 access controls
identification. authentication and authorization
Act of verifying a claim of identity; types of authentication
authentication
Right or permission given to an individual to use a computer resource, such as computer or to use specific applications and access specific data
authorization
the 5 types of security??
- Passwords
- Smart Cards and Tokens (OTP)
- Biometrics
4.Two-factor authentication - Single sign-on
HIPAA OF 1996
- Ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose jobs
Ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose jobs
HIPAA OF 1996
Protected Health Information
HIPAA 1996
HIPAA OF 1996 WAS ESTABLISHED IN THE….
USA
R.A. 10173 “Data Privacy Act of 2012”
- National Privacy Commission members were appointed in February 2016
- Implementing Rules and Regulations of RA No. 10173 – published August 25, 2016
This can help you in identifying the issues and determine the appropriate course of action.
ethical decision-making matrix
This provides guidance and will need to be interpreted and applied in context and take into consideration the details of the situation to determine the appropriate course of action.
Ethical principles
what are the 3 organizations under academic orgs?
- Institute of medicine
- UPM
- DLSHSI
what are the 4 organizations under NON GOV orgs?
- International Medical Informatics Association: IMIA Code of Ethics for Health Professionals 2016
- Asia-Pacific Association of Medical Informatics
- Philippine Medical Informatics Society
- American Health Information Management Association
what are the 2 organizations under GOV orgs?
- Department of Information and Communications Technology
- National Privacy Commission
5 CONSUMERS/USERS of HEALTH INFORMATION TECHNOLOGY
- Patients
- healthcare professionals
- support staff
- health facilities
5, third party payers/ insurance companies
____ is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996 (in the United States of America).
HIPAA
HIPAA does the following
- Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
- Reduces health care fraud and abuse;
- Mandates industry-wide standards for health care information on electronic billing and other processes; and
- Requires the protection and confidential handling of protected health information
what is the major goal of privacy rule
assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well- being.
as well as all the Administrative Simplification rules, apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”).
privacy rule
what does the protected health information protect?
individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic,
paper, or oral.
Why is there a data privacy law for the Philippines?
a law has been passed in the Philippines to serve as its local counterpart that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.
an act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.
RA 10173
“the act of verifying a claim of identity”
Authentication
There are 3 types of information that can be used for authentication
- Knowledge
- possession
- inherence
A right or permission given to an individual to use a computer resource or to use specific applications and access specific data. It is also a set of actions that gives permission to an individual to perform specific functions such as view, write, edit, delete, or execute tasks. (Sayles, 2013)
authorization
