Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PRIVACY,
AND
SECURITY
Lesson 14
Content • Ethics in Health Informatics
– General Ethics
– Informatics Ethics
– Software Ethics
• Privacy, Confidentiality and
Security
– Levels of Security in HIS
– Levels of Security in LIS
– Data Privacy Act
Health
informatics
ethics
Confidentiality
and to keep confidences fall on:
– System designers
and Security – Maintenance personnel
– Administrators
and, ultimately, to the:
• Physicians
• Nurses
• Other frontline users of the
information
Levels of Security in the Hospital
Information System
Safeguards
• Continual risk assessment of your health IT environment
• Continual assessment of the effectiveness of safeguards for
electronic health information
• Detailed processes for viewing and administering electronic health
Administrative information
Safeguards • Employee training on the use of health IT to appropriately protect
electronic health information
• Appropriately reporting security breaches (e.g., to those entities
required by law or contract) and ensuring continued health IT
operations
Levels of Security in the Hospital
Information System
Safeguards
• Office alarm systems
Physical • Locked offices containing computing equipment that
Safeguards store electronic health information
• Security guards
Levels of Security in the Hospital
Information System
Safeguards
• Securely configured computing equipment (e.g., virus checking,
firewalls)
• Certified applications and technologies that store or exchange
electronic health information
Technical • Access controls to health IT and electronic health information (e.g.,
Safeguards authorized computer accounts)
• Encryption of electronic health information
• Auditing of health IT operations
• Health IT backup capabilities (e.g., regular backups of electronic health
information to another computer file server)
The National Research Council (1997)
emphasizes that technological
security tools are essential
components of modern distributed
health care information systems, and
that they serve five key functions:
• Availability
• Accountability
• Perimeter Identification
• Controlling Access
• Comprehensibility and Control
• Availability: ensuring that accurate and up-
5 Key to-date information is available when needed
Function at appropriate places;
• Accountability: helping to ensure that health
care providers are responsible for their access
to and use of information, based on a
legitimate need and right to know;
• Perimeter identification: knowing and
controlling the boundaries of trusted access to
the information system
5 Key • Controlling access: enabling access for
health care providers only to information
Function essential to the performance of their jobs
and limiting the real or perceived
temptation to access information beyond a
legitimate need; and
• Comprehensibility and control: ensuring
that record owners, data stewards, and
patients understand and have effective
control over appropriate aspects of
information privacy and access.
Key Steps in • Patient Registration
Laboratory • Order Tests
Information • Collect Sample
Flow for a • Receive Sample
hospital • Run
patient • Review
• Release
• Report
Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
Patient record (e.g. ID Number, name, sex, age, location) must be created in the LIS before
Register Patient
tests can be ordered
Physician orders tests on a patient to be draw as part of the laboratory’s morning blood
Ordered Tests
collection rounds. The order is entered into the CIS and electronically sent to the LIS.
Before morning blood collection, the LIS prints a list of all patients who have to be
drawn and the appropriate number of sample bar-code labels for each patient order.
Each barcode has a patient ID, sample contained, and laboratory workstation that can be
Collect Sample used to sort the tube once it reaches the laboratory. Another increasingly popular approach
is for patient caregivers or nurses to collect the blood sample. Immediately prior to
collection, sample barcode labels can be printed (on demand) at the nursing station on an
LIS printer or portable bedside printer.