Abstract
Information governance and security is a large topic, which has at its heart the ethical issue when it is right to share information. Data protection is built around some core principles, which are incorporated in HIPAA and other legislation. Healthcare staff are usually required to sign a confidentiality code of conduct. Computer systems use the concepts of consent, authentication (including OAuth) and authorization to implement access control policies. Cryptography is used to protect data from unauthorized reading. Individuals and organizations have rights and responsibilities, which may include anonymization or pseudonymization of data. These are usually set out in legal contracts.
References
Caldicott F. Information: to share or not to share: the information governance review. London: Department of Health; 2013.
ISO/ICE 27001:2013 – information technology – security techniques – information security management systems – requirements. International Organization for Standardization. 2013.
Health Insurance Reform: security standards; Final Rule. Department of Health and Human Services. Federal Register Vol. 68, No. 34. February 20, 2003.
OECD. Guidelines on the protection of privacy and transborder flows of personal data. Paris: OECD; 1980.
Rothstein MA. HIPAA privacy rule 2.0. J Law Med Ethics. 2013;41(2):525–8.
Gunn PP, Fremont AM, Bottrell M, Shugarman LR, Galegher J, Bikson T. The health insurance portability and accountability act privacy rule: a practical guide for researchers. Med Care. 2004;42(4):321–7.
ISO/TS 13606-4:2009 Health informatics – electronic health record communication – part 4: security.
HL7 implementation guide for clinical document architecture, release 2: consent directives, release 1. HL7 draft standard for trial use, CDAR2_IG_CONSENTDIR_R1_DSTU_2011JAN. January 2011.
Extensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard 2005. oasis-access_control-xacml-2.0-core-spec-os.
Cooper D et al. Internet X.509 public key infrastructure certificate and Certificate Revocation List (CRL) Profile. IETF Network Working Group RFC 5280. May 2008. http://www.ietf.org/rfc/rfc5280.txt
Ramsdell B (ed). Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 message specification. IETF Network Working Group RFC 3851. July 2004. http://www.ietf.org/rfc/rfc3851
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag London
About this chapter
Cite this chapter
Benson, T., Grieve, G. (2016). Information Governance. In: Principles of Health Interoperability. Health Information Technology Standards. Springer, Cham. https://doi.org/10.1007/978-3-319-30370-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-30370-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30368-0
Online ISBN: 978-3-319-30370-3
eBook Packages: MedicineMedicine (R0)