Abstract
More than half the hospitals in the United States are implementing electronic patient record systems ([1]). The National Research Council ([2]) has estimated that the health care industry spends as much as $15 billion per year on information technology, an amount that is expected to grow by 20% per year. By 1998, there were 35 publicly traded health-information-technology companies with market capitalization of more than $25 billion ([3]). The importance of collecting, electronically storing, and using health information is undisputed. Consumers need it to make informed choices; clinicians need it to provide appropriate quality clinical care; and health plans and others need it to assess outcomes, to control costs, and to monitor quality ([4]). However, the collection, storage, and communication of a large variety of personal patient data present a major challenge. How can we provide the data required by the new forms of health care delivery while protecting the privacy of patients? Ongoing debates concerning medical privacy legislation, software regulation, and telemedicine suggest that this challenge will not be easily resolved ([5]).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rindfleisch TC. Privacy information, technology, and health care. Commun ACM. 1997;40:93–100.
National Research Council, Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure. For the record: protecting electronic health information. Washington,DC: National Academy Press; 1997.
Gallo AC, Lee VJ. Health care information technology: keeping health care wired, Research Report. Baltimore: Alex Brown; 1998.
Dick RS, Steen EB, Detmer DE, eds. The computer-based patient record, Rev. ed. Washington,DC: National Academy Press; 1997.
Moran DW. Health information policy: On preparing for the next war. Health Affairs. 1998; 17:9–22.
Simpson RL. Security threats are usually an inside job. Nurs Manage. December 27, 1996:43.
Kleinke, JD. Bleeding edge: the business of health care in the next century. Gaithersburg,Md: Aspen 1998.
Tang PC, Hammond WE. A progress report on computer-based patient records in the United States. In: Dick RS, Steen EB, Detmer DE, eds. The computer-based patient record: an essential technology for healthcare, Rev. ed. Washington, DC: National Academy Press; 1997:1–20.
van Bemmel JH, van Ginneken AM, van der Lei J. A progress report on computer-based patient records in Europe. In: Dick RS, Steen EB, Detmer DE, eds. The computer-based patient record: an essential technology for healthcare, Rev. ed. Washington, DC: National Academy Press; 1997:21–43.
I/T sales to soar next five years. Health Manage Technol. December 1995: 10.
Kleinke JD. Release 0.0: Clinical information technology in the real world. Health Affairs. 1998;17:23–38.
Anderson JG. Clearing the way for physician use of clinical information systems. Commun ACM. 1998;40:83–90.
Goldman J. Protecting privacy to improve health care. Health Affairs 1998; 17:47–60.
Horovitz B. 80% fear loss of privacy to computers. USA Today. October 31, 1995:A1.
Laidman J, Woods M. Sex doctor’s patient files show up on the Web. Pittsburgh Post-Gazette. March 28, 1999. Available at http://www.post-gazette.com/headlines/19990328doclist2.asp. Accessed October 1, 2001.
Bass, A. HMO puts confidential records on-line. Boston Globe. March 7, 1995: 1.
Weinstein L. Confidential patient data accidentally released to the Web. Privacy Forum, February 20, 1999. Available at: http://www.vortex.com/privacy/priv.0.8.04. Accessed October 10, 2001.
Goldman J, Mulligan D. Privacy and health information systems: a guide to protecting patient confidentiality. Washington DC: Center for Democracy and Technology; 1996.
Siegler M. Confidentiality in medicine—a decrepit concept. N Engl J Med. 1982;307:158–21.
Davis R. Online medical records raise privacy fears. USA Today. March 22, 1995: 1A.
Upton J. U-M medical records end up on Web. The Detroit News, February 12, 1999: 1A.
Antommaria AHM. Private correspondence. June 16, 1999.
Weingarten J. Can confidential patient information be kept private in high-tech medicine? MD Computing. 1992;9:79–82.
Shalala DE. Health care information and privacy. Health Matrix J Law Med. 1998;8:223–232.
Rogers L, Leppard D. For sale: Your secret medical records for 150 pounds. London Sunday Times. November 26, 1995:1–2.
Hospital clerk’s child allegedly told patients that they had AIDS. Washington Post. March 1, 1995:A17.
Medical Information Bureau. The Consumer’s MIB Fact Sheet. Westwood, Mass: medical information Bureau, 1991.
Geller LN, Alper JS, Billings PR, Barash CI, Beckwith J, Natowicz MR. Individual, family, and societal dimensions of genetic discrimination: A case study analysis, Sci Eng Ethics. 1996;2:71–88.
Pendrak RF, Ericson RP. Information technologies need to protect patient confidentiality. Healthcare Financial Manage. October 1998:1–3.
Congressional Office of Technology Assessment. Protecting privacy in computerized medical information. Washington, DC: US Government Printing Office, 1993. Publication OTA-TCT-576.
Foley J. Data dilemma. Information Week. June 10, 1996:14–16.
Bernstein N. Lives on file: The erosion of privacy—a special report. The New York Times. June 12, 1997:A1.
Harrow Jr. RO. Prescription sales privacy fears; CVS, Giant share customer records with drug marketing firm. Washington Post. February 15, 1998: A1.
PRNewsire: Minnesota takes the lead on agreement to protect 41 million Americans, October 25, 1999. Available at: http://www.epic.org/privacy/medical/merck.txt. Accessed October 10, 2001.
Davis R. On-line medical records raise privacy fears. US Today. March 22, 1995, A1.
Petersen A. A privacy firestorm at DoubleClick. The Wall Street Journal. February 23, 2000:B1, 4.
Tierney WM, Murray MD, Gaskins DL, Zhou XH. Using computer-based medical records to predict mortality risk for inner-city patients with reactive airways disease. J Am Med Inform Assoc. 1997;4:313–321.
Tierney WM, Takesue BY, Vargo DL, Zhou XH. Using electronic medical records to predict mortality in primary care patients with heart disease: Prognostic power and pathophysiologic implications. J Gen Intern Med. 1996; 11:83–91.
Schwartz PM, Reidenberg JR. Data privacy law: a study of United States data protection. Charlottesville, Va: Michie Law Publishers, 1996.
Thomas Legislative Information on the Internet. Available at: http://thomas.loc.gov. Accessed October 9, 2001.
Health Insurance Portability and Accountability Act. Available at: http://aspe.hhs.gov/admnsimp/. Accessed October 10, 2001.
Computer Science and Telecommunications Board, National Research Council. For the record: protecting electronic health information. Washington, DC: National Academy Press; 1997.
Computer Science and Telecommunications Board, National Research Council. Networking health—prescriptions for the Internet. Washington, DC: National Academy Press, 2000.
Goldman J. Protecting privacy to improve health care. Health Affairs. 1998;17:47–60.
US Department of Health and Human Services. Protecting human research subjects: institutional review board guide book. Washington, DC: US Government Printing Office, 1993.
Szolovits P, Kohane I. Against simple universal health care identifiers. J Am Med Inf Assoc. 1994;1:316–319.
Schwartz PM. European data protection law and restrictions on international data flows. Iowa Law Review. 1995;80:471–496.
Donaldson MS, Lohr KN, eds. Health data in the information age: use, disclosure and privacy. Washington, DC: National Academy Press; 1994.
Office of Technology Assessment. Bringing health care online: the role of information technologies. Washington, DC: U.S. Government Printing Office; 1995.
Moran DW. Health information policy: On preparing for the next war. Health Affairs. 1998; 17:9–22.
Further Readings
Advisory Committee on Automated Personal Data Systems. Records, computers and the rights of citizens. Washington, DC: Department of Health, Education, and Welfare; 1973.
Allen A. Uneasy access. Totowa, NJ: Rowman and Littlefield Publishers; 1988.
Alpert SA. Health care information: access, confidentiality and good practice. In: Goodman KW, ed. Ethics, Computing and Medicine. New York, NY: Cambridge University Press; 1998:75–101.
Alpert SA. Smart cards, smarter policy: Medical records, privacy and health care reform. Hastings Center Report. 1993;23;13–23.
Annas GJ. Privacy rules for DNA databanks: protecting coded ‘future diaries’. JAMA. 1993;270:2346–2350.
Anthony J. Who’s reading your medical records? Am Health November 1993:54–58.
Bakker AR. Security in medical information systems. In: Yearbook of medical informatics’ 93. Stuttgart Germany: Shattauer; 1993:52–60.
Barber B. Current issues in data protection. Med Inf. 1989; 14:207–209.
Barber B, Treacher A, Louwerse CP, eds. Toward security in medical telematics: legal and technical aspects. Amsterdam: IOS Press; 1996.
Barrows RC, Jr., Clayton PD. Privacy, confidentiality, and electronic medical records. J Am Med Inf. 1996;3:139–149.
Baskersville R. Designing information systems security. Chichester, UK: Wiley & Sons; 1988.
Bennett C. Can on-line health care seriously damage your privacy? Chicago Tribune. October 28, 1999:Sect 1, 15.
Bennett CJ. Data protection and public policy in Europe and United States. Ithaca, NY: Cornell University Press; 1992.
Biskup J. Protection of privacy and confidentiality in medical information systems: Problems and guidelines. In: Spooner DL, Landweher C, eds. Database security. Amsterdam: Elsevier Science Publishers; 1990.
Bleumer G. Security for decentralized health information systems. Int J Biomed Comput. 1994;35(Suppl 1): 139–145.
Bollas C, Sundelson D. The new informants: the betrayal of vonfidentiality in psychoanalysis and psychotherapy. Northvale, NJ: Jason Aronson Inc, 1995.
Brannigan VM. Patient privacy: A consumer protection approach. J Med Systems. 1984;8:501–505.
Brannigan VM. Protecting the privacy of patient information in clinical networks: Regulatory effectiveness analysis. In: Parsons DF, Fleischer CN, Greene RA, eds. Extended clinical consulting by hospital computer networks. New York, NY: Annals of the New York Academy of Sciences; 1992.
Brannigan VM, Beier B. Standards for privacy in medical information systems: A technico-legal revolution. Datenschutz and Datensicherung. September 1991.
Chadwick DW, Crook PJ, Young AJ, McDowell DM, Dornan TL, New JP. Using the Internet to access confidential patient records: a case study. BMJ. 2000;321:612–614.
Commission of the European Communities DG XIII/F AIM. Data protection and confidentiality in health informatics. Washington, DC: IOS Press; 1991.
Computer Science and Telecommunications Board, National Research Council. For the record: protecting electronic health information. Washington, DC: National Academy Press; 1997.
Computer Science and Telecommunications Board, National Research Council. Networking health prescriptions for the Internet. Washington, DC: National Academy Press; 2000.
Computers and privacy: how the government obtains, verifies, uses and protects personal data. Washington, DC: General Accounting Office; August 1990.
Dick RS, Steen EB, Detmer DE, eds. The computer-based patient record: an essential technology for healthcare Rev. ed. Washington, DC: National Academy Press; 1997.
Doctors’ and pharmacies’ files are gathered and mined for use by drug makers. The Wall Street Journal. February 27, 1992: A1.
Donaldson MS, Lohr KN, eds. Health data in the information age: use, disclosure and privacy. Washington, DC: National Academy Press; 1994.
Feehan KP. Legal access to patient health records/Protection of quality assurance activities. Health Law Can. 1991;12:3.
Flaherty DH. Protecting privacy in surveillance societies: The Federal Republic of Germany, Sweden, France, Canada, and the United States. Chapel Hill, NC: University of North Carolina Press; 1989.
Flaherty DH. Privacy, confidentiality, and the use of Canadian health information for research and statistics. Can Public Admin. 1992;35:80.
Furnell SM, Gaunt PN, Pangalos G, Sanders PW, Warren MJ. A generic methodology of health care data security. Med Inf. 1995; 19:229–246.
Gaunt N, Roger-France F. Security of the electronic health care record—professional and ethical implications. In: Barber, B et al. eds. Towards security in medical telematics. Amsterdam: IOS Press; 1996.
Gavison R. Privacy and the limits of the law. In: Schoeman FD, ed. Philosophical dimensions of privacy: an anthology. Cambridge, UK: Cambridge University Press, 1984.
Gellman RM. Prescribing privacy: the uncertain role of the physician in the protection of patient privacy. NC Law Rev. 1984;62:258.
Goldman J, Mulligan D. Privacy and health information systems: a guide to protecting patient confidentiality. Washington, DC: Center for Democracy and Technology, 1996.
Gostin LO. Health information privacy. Cornell Law Rev. 1995;80:101–184.
Gostin LO, Turek-Brezina J, Powers M, Kozloff R, Faden R, Steinauer DD. Privacy and security of personal information in a new health care system. JAMA. 1993;270:2487–2493.
Griesser G, Bakker A, Danielsson J, Hirel JC, Kenny DJ, Schneider W, et al. Data protection in health information systems: considerations and guidelines. Amsterdam: North Holland; 1980.
Gritzalis D, Katsikas S, Keklikoglou J, Tomaras A. Data security in medical information systems: technical aspects of aproposed legislation. Med Inf. 1991;16:371–383.
Hamilton DP. Freedom software lets you get some privacy while surfing the Web. The Wall Street Journal. August 10, 2000: B1.
Hammond WE. Security, privacy and confidentiality: A perspective. J Health Infor Manage Res. 1992; 1:1–8.
Hendricks E, Hayden T, Novik JD. Your right to privacy: a basic guide to legal rights in an information society, 2nd ed. Carbondale, Ill: Southern Illinois University Press; 1990.
Kolata G. When patients’ records are commodities for sale. The New York Times. November 15, 1995: B1.
Kluge EH. Advanced patient records: Some ethical and legal consideration touching medical information space. Methods Inf Med. 1993;32:95–103.
Lawrence LM. Safeguarding the confidentiality of automated medical information. J Quality Improvement. 1994;20:639–645.
Linowes DF. Privacy in America. Urbana, IL: University of Illinois Press; 1989.
Medical Information Bureau. The consumer’s MIB fact sheet. Westwood, Mass: Medical Information Bureau; 1991.
Medical Information Bureau. MIB, Inc.: a consumer’s guide. Westwood, Mass: Medical Information Bureau; 1990.
Moehr JR. Privacy and security requirements of distributed computerbased patient records. Int J Biomed Comput. 1994;35(Suppl l):57–64.
Murphy G. System and data protection. In: Ball MJ, Collin MF, eds. Aspects of the computer-based patient record. New York: Springer-Verlag; 1992.
Oates R. Confidentiality and privacy from the physician perspective. In: Compendium of the First Annual Confidentiality Symposium of the American Health Information Management Association. July 15, 1992, Washington, DC; 138–143.
Pfleeger SL. A framework of security requirements. Computers and Security. 1991; 10:515–523.
Privacy act: federal agencies’ implementation can be improved. Washington, DC: General Accounting Office; August 1986.
Rienhoff O. Digital archives and communication highways in health care require a second look at the legal framework of the seventies. Int J Biomed Comput. 1994;35(Suppl 1): 13–19.
Roach WH Jr, Chernoff SN, Esley CL, eds. Medical records and law. Rockville, Md: Aspen Systems Corp; 1985.
Robinson EN Jr. The computerized patient record: privacy and security. MD Comput. 1994;11:69–73.
Rothfeder J. Privacy for sale. New York: Simon & Schuster; 1992.
Safran C, Rind D, Citreon M, Bakker AR, Slack WV, Bleich HL. Protection of confidentiality in the computer-based patient record. MD Comput. 1995;12:187–192.
Schwartz PM, Reidenberg JR. Data privacy law: a study of United States data protection. Charlottesville, VA: Michie Law Publishers; 1996.
Shea S. Security versus access: Trade-offs are only part of the story. J Med Inf Assoc. 1994;1:314–315.
Skolnick AA. Protecting privacy of computerized patient information may lie in the cards. JAMA. 1994;272:187–189.
US Congress, Office of Technology Assessment. Automated medical records: leadership needed to expedite standards of development. Washington, DC: US Government Printing Office; 1993. Publication GAO/IMTEC-93-17.
US Congress, Office of Technology Assessment. Protecting privacy in computerized medical information. Washington, DC: US Government Printing Office; 1993. Publication OTA-TCT-576.
US Congress, Office of Technology Assessment. Electronic record systems and individual privacy. Washington, DC: US Government Printing Office; 1986. Publication OTA-CIT-296.
US Congress, Office of Technology Assessment. Defending secrets, sharing data: new locks and keys for electronic information. Washington, DC: US Government Printing Office; 1987. Publication OTA-CIT-310.
US Congress, Office of Technology Assessment. Medical monitoring and screening in the workplace: results of a survey—background paper. Washington, DC: US Government Printing Office; 1991.
US Congress, Office of Technology Assessment. Bringing health care online: the role of information technologies, Washington, DC: US Government Printing Office; 1995. Publication OTA-ITC-0036.
Privacy Protection Study Committee. Personal privacy in an information society. Washington, DC: US Government Printing Office; 1977.
Van der Leer OF The use of personal data for medical research: How to deal with new European privacy standards. Int J Biomed Comput. 1994;35(Suppl):87–95.
Wald JS, Law M, Meade T, Miller G, Alberman E, Dickinson J. Use of personal medical records for research purposes. BMJ. 1994;309:1422–1424.
Weingarten J. Can confidentiality of information be kept private in high-tech medicine? MD Comput. 1992;9:79–82.
Westin A. Computers, health records, and citizen rights. Washington,DC: US Government Printing Office; 1976.
Ziporyn T. Hippocrates meets the data banks: patient privacy in the computer age. JAMA. 1984;252:317–319.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag New York, Inc.
About this chapter
Cite this chapter
(2002). Privacy and Confidentiality. In: Anderson, J.G., Goodman, K.W. (eds) Ethics and Information Technology: A Case-Based Approach to a Health Care System in Transition. Health Informatics. Springer, New York, NY. https://doi.org/10.1007/978-0-387-22488-6_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-22488-6_4
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-95308-3
Online ISBN: 978-0-387-22488-6
eBook Packages: Springer Book Archive