ETHICS,

PRIVACY,
AND
SECURITY
Lesson 14
Content • Ethics in Health Informatics
– General Ethics
– Informatics Ethics
– Software Ethics
• Privacy, Confidentiality and
Security
– Levels of Security in HIS
– Levels of Security in LIS
– Data Privacy Act
 Health
informatics
ethics

• Application of the principles

of ethics to the domain of
health informatics
Ethics in Health Informatics
 General Defined as either allowing
individuals to make their
Ethics own decisions in response to
a particular societal context,
or as the idea that no one human
person does not have the
authority nor should have
Autonomy power over another human
person
 General • Electronic health records (EHR)

Ethics must maintain respect for patient

autonomy, and this entails certain
restrictions about the access,
content, and ownership of records

• Limiting patient access and control

over patient records improves
Autonomy document quality because they can
become proofreaders of their own
patient history (Mercuri, 2010).
 General • Defined as “do good” and “do
Ethics no harm”, respectively.

• Beneficence relates most

significantly with the use of the
stored data in the EHR system
Beneficence
and Non- • Non-maleficence with data
maleficence protection
Principle of
Beneficence
in Health
Informatics
• Conduction of
groundbreaking biomedical
and public health research
Principle of
Non-
maleficence
in Health
Informatics
• Temporary Outage
• Total System Failure
• Data Security
Informatics • Principle of Information-Privacy
Ethics and Disposition
– All have fundamental right to
privacy
– Thus the control over the
collection, storage, access, use,
communication, manipulation,
linkage and disposition of data
about themselves
Informatics • Principle of Openness
Ethics – The collection, storage, access,
use, communication,
manipulation, linkage and
disposition of personal data
must be disclosed in an
appropriate and timely fashion
to the subject of those data
Informatics • Principle of Security
Ethics – Data that have been legitimately
collected about persons or groups of
persons should be protected by
all reasonable and appropriate
measures against loss degradation,
unauthorized destruction, access,
use, manipulation, linkage,
modification or communication.
Informatics • Principle of Access
Ethics – The subjects of electronic health
records have the right of access to
those records and the right to
correct them with respect to its
accurateness, completeness and
relevance
Informatics • Principle of Legitimate
Ethics Infringement
– The fundamental right of privacy and
of control is conditioned only by the
legitimate, appropriate and
relevant data-needs of a free,
responsible and democratic society,
and by the equal and competing
rights of others
Informatics • Principle of the Least Intrusive
Ethics Alternative
– Any infringement of the privacy
rights of a person or group of
persons, and of their right of control
over data about them, may only
occur in the least intrusive fashion
and with a minimum of interference
with the rights of the affected
parties.
Informatics • Principle of Accountability
Ethics – Any infringement of the privacy
rights of a person or group of
persons, and of the right to control
over data about them, must be
justified to the latter in good time
and in an appropriate fashion
 Software Ethics
• The software developer has ethical duties and responsibilities to
the following stakeholders:
– Society
• Best interest of the society. Developers should be mindful of social impacts of
software systems.
• Includes disclosing any threats or known defects in software
– Institution and employees
• Best interests of the institution and its employees, while balancing their duties
to the public, including being straightforward about personal limitations and
qualifications
 Software Ethics
• The software developer has ethical duties and responsibilities to
the following stakeholders:
– Professional Standards
• Software products should meet expected professional standards.
• Developers should strive to build products that are of high standard, by
thoroughly testing and detailing unresolved issues.
 Privacy, • Privacy generally applies to
Confidentiality individuals and their aversion to
eavesdropping
and Security

• Confidentiality is more closely

related to unintended
disclosure of information
• Privacy and confidentiality are
widely regarded as rights of all
people which merits respect
without need to be earned,
argued, or defended

• Protection of privacy and

confidentiality is ultimately
advantageous for both
individuals and society
 Privacy, • Privacy and confidentiality
protection also benefits public
Confidentiality health.
and Security • When people are not afraid to
disclose personal information,
they are more inclined to seek
out professional assistance,
and it will diminish the risk of
increasing untreated illnesses
and spreading infectious
diseases (Goodman, 2016).
 Privacy, • When breaches of privacy
Confidentiality and confidentiality occur 
serious consequences for
and Security your organization, such as
reputational and financial
harm, or harm to your
patients
 Privacy, • Obligations to protect privacy

Confidentiality
and to keep confidences fall on:
– System designers
and Security – Maintenance personnel
– Administrators
and, ultimately, to the:
• Physicians
• Nurses
• Other frontline users of the
information
 Levels of Security in the Hospital
Information System
Safeguards
• Continual risk assessment of your health IT environment
• Continual assessment of the effectiveness of safeguards for
electronic health information
• Detailed processes for viewing and administering electronic health
Administrative information
Safeguards • Employee training on the use of health IT to appropriately protect
electronic health information
• Appropriately reporting security breaches (e.g., to those entities
required by law or contract) and ensuring continued health IT
operations
 Levels of Security in the Hospital
Information System

Safeguards
• Office alarm systems
Physical • Locked offices containing computing equipment that
Safeguards store electronic health information
• Security guards
 Levels of Security in the Hospital
Information System
Safeguards
• Securely configured computing equipment (e.g., virus checking,
firewalls)
• Certified applications and technologies that store or exchange
electronic health information
Technical • Access controls to health IT and electronic health information (e.g.,
Safeguards authorized computer accounts)
• Encryption of electronic health information
• Auditing of health IT operations
• Health IT backup capabilities (e.g., regular backups of electronic health
information to another computer file server)
The National Research Council (1997)
emphasizes that technological
security tools are essential
components of modern distributed
health care information systems, and
that they serve five key functions:

• Availability
• Accountability
• Perimeter Identification
• Controlling Access
• Comprehensibility and Control
 • Availability: ensuring that accurate and up-
5 Key to-date information is available when needed
Function at appropriate places;
• Accountability: helping to ensure that health
care providers are responsible for their access
to and use of information, based on a
legitimate need and right to know;
• Perimeter identification: knowing and
controlling the boundaries of trusted access to
the information system
 5 Key • Controlling access: enabling access for
health care providers only to information
Function essential to the performance of their jobs
and limiting the real or perceived
temptation to access information beyond a
legitimate need; and
• Comprehensibility and control: ensuring
that record owners, data stewards, and
patients understand and have effective
control over appropriate aspects of
information privacy and access.
Key Steps in • Patient Registration
Laboratory • Order Tests
Information • Collect Sample
Flow for a • Receive Sample
hospital • Run
patient • Review
• Release
• Report
 Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
Patient record (e.g. ID Number, name, sex, age, location) must be created in the LIS before
Register Patient
tests can be ordered
Physician orders tests on a patient to be draw as part of the laboratory’s morning blood
Ordered Tests
collection rounds. The order is entered into the CIS and electronically sent to the LIS.
Before morning blood collection, the LIS prints a list of all patients who have to be
drawn and the appropriate number of sample bar-code labels for each patient order.
Each barcode has a patient ID, sample contained, and laboratory workstation that can be
Collect Sample used to sort the tube once it reaches the laboratory. Another increasingly popular approach
is for patient caregivers or nurses to collect the blood sample. Immediately prior to
collection, sample barcode labels can be printed (on demand) at the nursing station on an
LIS printer or portable bedside printer.

Key Steps in Laboratory Information Flow for a hospital patient

 Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
When the samples arrive in the laboratory, their status has to be updated in
the LIS from “collected” to “received.” This can be done by scanning each
Receive Sample sample container’s barcode ID into the LIS. Once the sample is “received,” the
LIS transmits the test order to the analyser who will perform the test.
The sample is loaded onto the analyser, and the bar code is read. Having already
received the test order from the LIS, the analyser knows which tests to perform
on the patient. No work list is needed. For manually performed tests, the
Run Sample technologist prints a work list from the LIS. The work list contains the names of
the patients and the tests ordered on each. Next to each test is a space to record
the result.

Key Steps in Laboratory Information Flow for a hospital patient

 Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
The analyser produces the results and sends them to the LIS. These results are only
viewable to technologists because they have not been released for general viewing. The
Review Results LIS can be programmed to flag certain results—for example, critical values—so the
technologist can easily identify what needs to be repeated or further evaluated.
The technologist releases the results. Unflagged results are usually reviewed and
released at the same time. The LIS can also be programmed to automatically review and
Release Results release normal results or results that fall within a certain range. The latter approach
reduces the number of tests that a technologist has to review. Upon release, the results
are automatically transmitted to the CIS.
The physician can view the results on the CIS screen. Reports are printed when needed
Report Results from the LIS.

Key Steps in Laboratory Information Flow for a hospital patient

 Safeguards for the Laboratory
Information System
Safeguards for the Laboratory Information System
• Continuous employee training on the use of the LIS
• Periodic review of standards in identifying which results should be
flagged
Administrative • Strengthen laboratory authorization and supervision policies
• Implement strict rules and regulations regarding the testing
Safeguards procedures
• Release guidelines on proper disposal of laboratory specimen
• Enforce policies on the proper use of laboratory workstations
• Impose disciplinary measures as needed
• Periodic maintenance of laboratory equipment
Physical • Biometrics or other security protocol for laboratory access
• Controlled temperature both for equipment and specimen
Safeguards • Contingency operations plan
• Use of appropriate personal laboratory safety equipment
 Safeguards for the Laboratory
Information System
Safeguards for the Laboratory Information System
• Automated identity confirmation procedures for users
requesting access
Technical
• Regular change of username and password
Safeguards • Different access capabilities based on user position
• Automatic log-off after long periods of inactivity
 Data • Aim “to protect the
Privacy Act fundamental human right of
privacy, of communication
of 2012 while ensuring free flow of
information to promote
innovation and growth.”
RA 10173 (Republic Act. No. 10173, Ch.
1, Sec. 2)
 Data • Data Privacy Act applies to individuals and
legal entities that are in the business of
Privacy Act processing personal information.
• The law applies extraterritorially
of 2012 • It covers personal information of Filipino
citizens regardless of the place of
residence.
• The main principles that govern the
approach for the Data Privacy act include:
– Transparency;
– Legitimacy of purpose; and
– Proportionality
 Data • Consent is one of the major elements
Privacy Act highly-valued by the Data Privacy Act.
• The act provides that consent must
of 2012 be documented and given prior
to the collection of all forms of
personal data, and the collection
must be declared, specified, and for a
legitimate purpose.
 Data • Furthermore, the subject must be
Privacy Act notified about the purpose and
extent of data processing, with
of 2012 details specifying the need for
automated processing, profiling,
direct marketing, or sharing.
• These factors ensure that consent is
freely-given, specific, and
informed.
 Data • However, an exception to the
requirement of consent is allowed
Privacy Act in cases of contractual agreements
of 2012 where processing is essential to
pursue the legitimate interests of
the parties, except when overridden
by fundamental rights and
freedom.
• Such is also the case in responding
to national emergencies.
 • Data Privacy Act describes sensitive
Data personal information as those being:

Privacy Act – About an individual’s race, ethnic origin,

marital status, age, color, and religious,

of 2012 philosophical or political affiliations;

– About an individual’s health, education,
genetic or sexual life of a person, or to any
proceeding or any offense committed or
alleged to have committed;
– Issued by government agencies “peculiar”
(unique) to an individual, such as social security
number;
– Marked as classified by executive order or act
of Congress.
 Data • Consent of the data subject;
Privacy Act • Pursuant to law that does not require
of 2012 consent;
• Necessity to protect life and health of
a person;
• Necessity for medical treatment;
• Necessity to protect the lawful rights
of data subjects in court proceedings,
Exceptions legal proceedings, or regulation.
 The act provides • Unauthorized processing
for different • Processing for unauthorized purposes
penalties for • Negligent access
varying • Improper disposal
violations, • Unauthorized access or intentional
majority of which breach
include • Concealment of breach involving
imprisonment. sensitive personal information

These violations • Unauthorized disclosure; and

• Malicious disclosure
include:
Penalty • Any combination or series of acts
enumerated above shall make the
person subject to imprisonment
ranging from three (3) years to
six (6) years, and a fine of not
less than One million pesos
(Php1,000,000.00) but not more
than Five million pesos
(Php5,000,000.00) (Republic Act.
No. 10173, Ch. 8, Sec. 33).