Skip to main content

Data Privacy and Security

  • 2966 Accesses

Part of the Health Informatics book series (HI)

Abstract

The concept of privacy is complex and it is common to think of privacy as interchangeable with security. In fact, this is not true and this chapter will introduce readers to the definition of privacy. The concept of personal health information (PHI) is explored in relation to collection, use, disclosure, and retention. Additionally, the rationale for privacy, implicit and deemed consent, and revoking consent are presented. Other approaches to protecting privacy include developing a privacy policy, designating a privacy officer, de-identification and pseudomization, and the list to privacy. The chapter closes by exploring how nurses can contribute to the protection of privacy.

Keywords

  • Privacy
  • Security
  • Consent
  • Health information custodian
  • Data steward
  • De-identification
  • Pseudonymization
  • User enrolment
  • User authentication
  • Audit

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-1-4471-2999-8_11
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   69.99
Price excludes VAT (USA)
  • ISBN: 978-1-4471-2999-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   89.99
Price excludes VAT (USA)

References

  1. Hall, et al. Sexual arousal and arousability to pedophilic stimuli in a community sample of normal men. Behav Ther. 1995;26:681–94.

    Google Scholar 

  2. Cloud J. Pedophilia. Time Magazine, 29 Apr 2002.

    Google Scholar 

  3. Frone MR. Prevalence and distribution of alcohol use and impairment in the workplace: a U.S. national survey. J Stud Alcohol. 2006;67:147–56.

    PubMed  Google Scholar 

  4. McNeil DG, Jr., New cases of AIDS hit plateau, New York Times, 21 Nov 2011.

    Google Scholar 

  5. Terhune C. Patient data outage exposes risks of electronic medical records, Los Angeles Times, 3 Aug 2012.

    Google Scholar 

  6. Carter M. Integrated electronic health records and patient privacy: possible benefits but real dangers. Med J Aust. 2000;172:28–30.

    CAS  PubMed  Google Scholar 

  7. Information Commissioner’s Office (United Kingdom). Belfast trust fined £225,000 after leaving thousands of patient records in disused hospital, News release, 19 June 2012.

    Google Scholar 

  8. Information Commissioner’s Office (United Kingdom). NHS rust fined £325,000 following data breach affecting thousands of patients and staff, News release, 1 June 2012.

    Google Scholar 

  9. Canadian Broadcasting Corporation. B.C. privacy breach shows millions affected, CBC News, 14 Jan 2013.

    Google Scholar 

  10. Stein L. The electronic medical record: promises and threats; web security: a matter of trust. Web J. 1997;2(33): http://oreilly.com/catalog/wjsum97/excerpt/.

  11. Jurgens R. HIV testing and confidentiality: final report. Canadian HIV/AIDS Legal Network & Canadian AIDS Society. 2001. http://www.aidslaw.ca/publications/publicationsdocEN.php?ref=282.

  12. Krebs B. Hackers break into virginia health professions database, demand ransom, Washington Post, 4 May 2009.

    Google Scholar 

  13. Hicks S. Russian hackers hold Gold Coast doctors to ransom, ABC News, 11 Dec 2012.

    Google Scholar 

  14. Adapted from Black’s Law Dictionary. 9th ed. 2009. ISBN-13: 9780314199492.

    Google Scholar 

  15. Adapted from the definition of personal health information in: Health Canada Advisory Committee on Information and Emerging Technologies (ACIET), Pan-Canadian Health Information Privacy and Confidentiality Framework, 6 Jan 2005.

    Google Scholar 

  16. Hare WH. Records, Computers and the Rights of Citizens, Rand Corporation, 1973.

    Google Scholar 

  17. Hare WH. Records, Computers and the Rights of Citizens, Rand Corporation, 1973, p. 3.

    Google Scholar 

  18. Council of Europe. Convention for the protection of individuals with regard to automatic processing of personal data. Strasbourg; 28 Jan 1981.

    Google Scholar 

  19. Council of Europe. Convention for the protection of individuals with regard to automatic processing of personal data. Strasbourg; 28 Jan 1981, article 6.

    Google Scholar 

  20. Organization for Economic Co-Operation and Development. Guidelines on the protection of privacy and transborder flows of personal data. last modified Jan 1999.

    Google Scholar 

  21. European Union. Data Protection Directive (95/46/EC), 1995.

    Google Scholar 

  22. Holmes N. The right to privacy and parliament, Library of Parliament (Canada), Feb 2006.

    Google Scholar 

  23. Clarke R. Beyond the OECD guidelines: privacy protection for the 21st century, Cyber Security and Information Systems Information Analysis Center (CSIAC), Rolling Meadows, IL: Jan 2000.

    Google Scholar 

  24. Smith GK. Privacy in the information age, De Montfort University, Apr 1994.

    Google Scholar 

  25. Canadian Standards Association. Model code for the protection of personal information (CAN/CSA-Q830-96). 1996.

    Google Scholar 

  26. US Government Printing Office. Health insurance portability and accountability act. 1996.

    Google Scholar 

  27. ISO/TS 14265: Health informatics – classification of purposes for processing personal health information. International Organization for Standardization; 2011.

    Google Scholar 

  28. Federal Trade Commission. Fair Information Practice Principles (FIPs), 5. Enforcement/Redress. Washington, DC.

    Google Scholar 

  29. ISO 27001: Information technology – security techniques – information security management systems – requirements. International Organization for Standardization; 2005.

    Google Scholar 

  30. ISO 27002: Information technology – security techniques – code of practice for information security management. International Organization for Standardization; 2005.

    Google Scholar 

  31. Gostin LO. National health information privacy regulations under the Health Insurance Portability and Accountability Act. JAMA. 2001;285(23):3015–21. doi:10.1001/jama.285.23.3015.

    CAS  PubMed  CrossRef  Google Scholar 

  32. Cabrera E, Papaevangelou H, Mcparland J. Patient’s autonomy, privacy and informed consent. IOS Press, 2000. ISBN 1586030396, 9781586030391.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ross Fraser CISSP, ISSAP .

Editor information

Editors and Affiliations

Electronic supplementary material

Below is the link to the electronic supplementary material.

Educational Template (PDF 98 kb)

Educational Template (PPTX 114 kb)

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer-Verlag London

About this chapter

Cite this chapter

Fraser, R. (2015). Data Privacy and Security. In: Hannah, K., Hussey, P., Kennedy, M., Ball, M. (eds) Introduction to Nursing Informatics. Health Informatics. Springer, London. https://doi.org/10.1007/978-1-4471-2999-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-2999-8_11

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-2998-1

  • Online ISBN: 978-1-4471-2999-8

  • eBook Packages: MedicineMedicine (R0)