Security of Health Information
Electronic generation, transmission, and storage of health data have transformed patient care by making it easy to acquire, search, manipulate, and distribute large amounts of information. An electronic workflow facilitates direct patient care and can be used for purposes such as quality assurance and submission of health insurance claims. Information in the health record is also used for purposes not directly related to patient care, including insurance qualification, law enforcement, and litigation. Health information can, subject to specific safeguards, also be used for clinical research and for projects that improve public health. Systematic collection and storage of EMRs imposes the responsibility of protecting health information from unauthorized use, and patients and providers have legitimate concerns regarding the protection of their information.
The organization, delivery, and financing of modern healthcare require the aggregation and storage of personal health information. Privacy and security of health information are therefore crucial to the widespread adoption of electronic health records. The EMR contains intimate details about a person’s physical and mental health. Unauthorized access to this information can have devastating consequences for both healthcare providers and their patients. Unintentional release of information about disease processes, medication use, or visits to healthcare providers can result in stigmatization, difficulty in obtaining credit or employment, or disruption of friendships or family relationships. Most importantly, unintended release of information can result in a breach of trust between patient and physician. In response to these concerns, the European Union, United States, Australia, and Japan have all enacted stringent regulations that address the sharing and protection of health information. Compliance with these laws requires sophisticated information-management technologies. Information security encompasses physical protection of hardware, access control, data authentication, and encryption of sensitive information. This chapter discusses the privacy and security of the EMR and proposes strategies for protecting this valuable repository of information.
KeywordsHealth Information Hash Function Smart Card Certification Authority Protected Health Information
Unable to display preview. Download preview PDF.
- 1.Electronic Privacy Information Center. Medical Privacy Public Opinion Polls.http://www.epic.org/privacy/medical/polls.html.Accessed November 15, 2007
- 2.The new threat to your medical privacy. Consum Rep 2006; 71(3):39–42Google Scholar
- 7.Protection of Human Subjects, 56 Federal Register 28003 (1991) 45 CFR § 46Google Scholar
- 8.Samarati P, Sweeney L. Generalizing data to provide anonymity when disclosing information. In: Proceedings of the 17th ACM SIGMOD—SIGACT—SIGART Symposium on the Principles of Database Systems. New York: Association for Advanced Computing Machinery, 1988:188Google Scholar
- 14.Schneier B. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. Hoboken, NJ: Wiley, 1995:784Google Scholar
- 22.Yen H. IDs of active military personnel on stolen laptop. Associated Press, June 4, 2006. http://www.heraldtribune.com/apps/pbcs.dll/article?AID=/20060604/BREAKING/60604004. Accessed December 20, 2007