Advertisement

Data Protection in Hospital Information Systems: 1. Definition and Overview

  • Gerd Griesser
Part of the Computers and Medicine book series (C+M)

Abstract

Hospital information systems (HIS) are to be considered risky systems32 because they generate, acquire, collect, store, process, transmit, and retrieve patient-related information or data of sensitive nature by means of computers. An inadmissible disclosure of that information can lead to an encroachment upon the patient’s privacy and thus compromise a patient (or a group of them socially) if the necessary preventive measures are not established. When data-protection measures safeguarding the patient’s privacy are neglected and a patient’s right has been injured, the question of liability of the responsible organization (hospital) or person(s) may arise3b,35.

Keywords

Data Protection Hospital Information System Health Information System Usage Integrity Program Integrity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bakker AR: Suggestions for a systematic selection of data protection measures, in Griesser G, Bakker A, Danielson F, Hirel J-C et al. (eds): Data protection in health information systems-considerations and guidelines. 1980, Amsterdam, North- Holland, pp 131–146.Google Scholar
  2. 2a.
    Beier BR: Protection of patient’s privacy. The German experience with data protection laws. Proc SCAMC 1981; 5: 892–898.Google Scholar
  3. 2b.
    b. Beier BR, Brannigan VM: Principles for patient privacy protecion—USA and Germany, in van Bemmel JH, Ball M J, Wiggertz O (eds): MEDINFO 83, 1983, Amsterdam, North-Holland, pp 967-970.Google Scholar
  4. 3a.
    Brannigan VW: Remote telephone access: the critical issue in patient privacy. Proc SCAMC 1984; 8: 575–578.Google Scholar
  5. 3b.
    Brannigan VW: Liability for personal injury caused by defective medical computer programs. Proc SCAMC 1980; 4: 355–361.Google Scholar
  6. 4.
    Brussard BK: Data protection and integration of population information systems in relation to special purpose information systems (e.g. health information systems), in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 15–19.Google Scholar
  7. 5.
    Bush V: New data battle: state’s need to know vs. patient’s privacy. Mod Health C 1975; 3: 60–61.Google Scholar
  8. 6a.
    Canadian Organization for Advancement of Computers in Health Care (COACH): Principles concerning the confidentiality and security of computerized health records. COACH, Edmonton, Alberta, Canada, 1978.Google Scholar
  9. 6b.
    Canadian Organization for Advancement of Computers in Health Care (COACH): Guidelines to ensure the security of automated health records. COACH, Edmonton, Alberta, Canada, 1979.Google Scholar
  10. 7.
    Danielsson J: Experiences gained by the Swedish Data Act regarding health care data usage integrity, in Griesser G, Jardel FP, Kenny DF, Sauter K (eds): Data protection in health information systems—where do we stand. Amsterdam, North-Holland, 1983, pp 27–38.Google Scholar
  11. 8.
    Degoulet P, Aimé F, Reach I, et al: Use and misuse of data in the Diaphane Dialysis Registry, ibidem 1983, pp 207–216.Google Scholar
  12. 9a.
    Fàk V: Data protection by hardware precautions with special regard to cryptography, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 63–65.Google Scholar
  13. 9b.
    Fàk, V: Cryptographic protection of health-care information, in Griesser G, Jardel FP, Kenny DF, Sauter K (eds): Data protection in health information systems—where do we stand. Amsterdam, North-Holland, 1983, pp 75–83.Google Scholar
  14. 9b.
    Fàk, V: Cryptographic protection of health-care information, in Griesser G, Jardel FP, Kenny DF, Sauter K (eds): Data protection in health information systems—where do we stand. Amsterdam, North-Holland, 1983, pp 75–83.Google Scholar
  15. 11a.
    Gabrieli ER: Computerization of Clinical Records. New York, Grune & Stratton, 1970.Google Scholar
  16. 11b.
    Gabrieli ER: Ethics of medical computing, in Shires DB, Wolf H (eds): MEDINFO 77. Amsterdam, North-Holland, 1977, pp 729–730.Google Scholar
  17. 12.
    Gabrieli JD: A model for the ethical protection of medical information. Proc SCAMC 1979; 3: 385–389.Google Scholar
  18. 13a.
    Goldstein RC: The costs of privacy. Datamation 1975; 21: 65–69.Google Scholar
  19. b. Goldstein RC, Seward HH, Nolan RL: A methodology evaluating alternative technical and information management approaches to privacy requirements. Natl Bur Stand (US) Technical Note 906.Google Scholar
  20. 14a.
    Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977.Google Scholar
  21. 14b.
    Griesser G: Data protection by organizational means in hospital information systems, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 123–132.Google Scholar
  22. 14c.
    Griesser G: Formelle und informelle Kommunikationswege (Formal and informal ways of communication), in Beske F (ed): Strukturanalyse des Gesundheitswesens in Schleswig-Holstein, vol 7. Kiel, Inst f Gesundheitssystemforschung, 1979, pp 11–95.Google Scholar
  23. 14d.
    Griesser G: Part I: description of the problem, in Griesser G, Bakker K, Danielsson F, Hirel F-C et al. (eds): Data protection in health information systems- considerations and guidelines. Amsterdam, North-Holland, 1980, pp 1–30.Google Scholar
  24. 14e.
    Griesser G: The issue of data protection in computer-aided health information systems, in Hannah KJ, Guillemin EJ, Conklin DN (eds): Nursing Uses of Computers and Information Science. Amsterdam, North-Holland, 1985, pp 113–117.Google Scholar
  25. 14f.
    Griesser G, Bakker A, Danielsson J, Hirel J-C, et al (eds): Data protection in health information systems-considerations and guidelines (with an extended bibliography). Amsterdam, North-Holland, 1980.Google Scholar
  26. 14g.
    Griesser G, Jardel JP, Kenny DJ, Sauter K (eds): Data protection in health information systems-where do we stand? Amsterdam, North-Holland, 1983.Google Scholar
  27. 15a.
    Hirel J-C: Realization of data protection by hardware, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 67–70.Google Scholar
  28. 15b.
    Hirel J-C: Hardware precautions, in Griesser G, Bakker A, Danielsson F, Hirel J-C, et al (eds): Data protection in health information systems—considerations and guidelines. Amsterdam, North-Holland, 1980, pp 77–86.Google Scholar
  29. 16.
    IFIP Working Group 4.2: Considerations on the subject “Data protection.” Comput Programs Biomed 1975; 5: 85–86.Google Scholar
  30. 17a.
    Joint Task Group on Confidentiality of Computerized Medical Records: Ethical guidelines for data centers handling medical records. 1976. Computer Law Service, App. 8-2c, No. i, Callaghan & Company, pp 343-353, cited also by Gabrieli ER: Ethics of Medical Computing, in Shires DB, Wolf H (eds): MEDINFO 77. Amsterdam, North-Holland, 1977, pp 729–730.Google Scholar
  31. 17b.
    Joint Task Group on Confidentiality of Computerized Medical Records: Operational code for data centers handling medical information. 1975, cited by Gabrieli ER: Ethics of Medical Computing, in Shires DB, Wolf H (eds): MEDINFO 77. Amsterdam, North-Holland, 1977, pp 729–730.Google Scholar
  32. a. Kenny DJ: The London Hospital. Report of the Working Party on Confidentiality. Personal communication.Google Scholar
  33. 18b.
    Kenny DJ: Confidentiality and the growth of computers. Health Serv Rev 1975; 71: 6–9.Google Scholar
  34. 18c.
    Kenny DJ: Problems of defining institutional responsibilities for confidentiality, in Griesser G, Jardel F, Kenny DJ, Sauter K (eds): Data protection in health information systems—where do we stand? Amsterdam, North-Holland, 1983, pp 53–57.Google Scholar
  35. 18d.
    Kenny DJ: Data protection: update on the National Health Service in the United Kingdom, in Hannah KJ, Guillemin EJ, Conklin DN (eds): Nursing Uses of Computers and Information Science. Amsterdam, North-Holland 1985, pp 103–107.Google Scholar
  36. 19.
    Martin J: Security, accuracy and privacy in computer systems. Englewood Cliffs, NJ, Prentice-Hall, 1973.Google Scholar
  37. 20.
    National Bureau of Standards (US): Guidelines for Security of Computer Applictions. FIPS Pubi No 73, 1980.Google Scholar
  38. 21.
    Nesbit IS: On thin ice: micros and data integrity. Datamation 1985; 31: 80–92.Google Scholar
  39. 22a.
    Peterson H: Data protection in complex and comprehensive (network) hospital information systems, in Griesser G, Fardel JC, Kenny DJ, Santer T (eds): Data protection in health information systems—where do we stand? Amsterdam, North- Holland, 1983, pp 181–188.Google Scholar
  40. 22b.
    Peterson H, Fenna D: Data protection by software techniques with special regard to problems created by multi-user access, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 83–87.Google Scholar
  41. 23.
    Pinet G, Jardel JP: Study on trends in national policies and legislation for data protection in the health field, in Griesser G, Jardel JC, Kenny DJ, Sauter K (eds): Data protection in health information systems—where do we stand? Amsterdam, North-Holland, 1983, pp 9–25.Google Scholar
  42. 24.
    Plant JA: Is nursing confidential? in Scholes M, Bryand Y, Barber B (eds): The Impact of Computers on Nursing. Amsterdam, North-Holland, 1983, pp. 74–81.Google Scholar
  43. 25a.
    Protti DJ: Confidentiali ty of health information: a hospital administrator’s viewpoint following the Krever Commission, in Griesser G, Jardel JC, Kenny DJ, Sauter K (eds): Data protection in health information systems—where do we stand? Amsterdam, North-Holland, 1983, pp 133–140.Google Scholar
  44. 25b.
    Protti DJ, Brunnelle FW: Protecting privacy of patient information: fact or fiction? in Hannah KJ, Guillemin EJ, Conklin DN (eds): Nursing Uses of Computers and Information Science. Amsterdam, North-Holland, 1985, pp 97–102.Google Scholar
  45. 26a.
    Purps H-D: Organisational measures, in Griesser G, Bakker A, Danielsson F, Hirel J-C, et al. (eds): Data protection in health information systems—considerations and guidelines. Amsterdam, North-Holland, 1980, pp 59–77.Google Scholar
  46. 26b.
    Purps H-D: Data protection in departmental systems for general hospital, in Griesser G, Jardel JP, Kenny DJ, Sauter K (eds): Data protection in health information systems—where do we stand? Amsterdam, North-Holland, 1983, pp 149–160.Google Scholar
  47. 27a.
    Sauter K: Data protection by software techniques with special regard to problems created by multi-user access, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 97–105.Google Scholar
  48. 27b.
    Sauter K: Data security in health information systems by applying software techniques. Methods Inf Med 1979; 18: 214–222.PubMedGoogle Scholar
  49. 27c.
    Sauter K: Software techniques, in Griesser G, Bakker A, Danielsson J, Hirel J-C, et al. (eds): Data protection in health information systems—considerations and guidelines. Amsterdam, North-Holland, 1980, pp 86–110.Google Scholar
  50. 27d.
    Sauter K: Information systems methodology related to data protection, in Griesser G (ed): Data protection in health information systems-where do we stand? Amsterdam, North-Holland, 1983, pp 91–101.Google Scholar
  51. 28.
    Scherrer JR, Baud R: Impact of information technology on data protection with special regard to hardware aspects, in Griesser G, Jardel JP, Kenny DJ, Sauter K (eds): Data protection in health information systems—where do we stand? Amsterdam, North-Holland, 1983, pp 75–82.Google Scholar
  52. 29.
    Schloerer J: Statistical database security: some recent results, in Barber B, Grémy F, Ueberla K, et al. (eds): Medical Informatics Berlin. Berlin, Springer, 1979, pp 83–91.Google Scholar
  53. 30a.
    Schneider W: Data protection by hardware precautions with special regard to distributed hardware and ID-cards, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1977, pp 71–75.Google Scholar
  54. 30b.
    Schneider W: Impact of distributed health databases on usage integrity, in Griesser G, Jardel JP, Kenny DJ, Sauter K (eds): Data protection in health information systems-where do we stand? Amsterdam, North-Holland, 1983, pp 119–129.Google Scholar
  55. 30c.
    Schneider W, Bengtson S: The application of computer techniques in health care. Comput Programs Bioimed 1976; 5: 169–250.CrossRefGoogle Scholar
  56. 31.
    Steele MC: Medical confidentiality—the designs issue of the 80’s. Proc SCAMC 1980; 4: 381–389.Google Scholar
  57. 32.
    Steinmüeller W: Legal problems of computer networks: a methodology survey. Comput Net 1979; 3: 187–198.Google Scholar
  58. 33.
    Ueno H: Data protection by software techniques in hospital information systems, in Griesser G (ed): Realization of data protection in health information systems. Amsterdam, North-Holland, 1973, pp 107–114.Google Scholar
  59. 34.
    Wasserman AI, van, de Riet RP, Kersten ML et al.: A formal integrated approach to data and usage integrity in health information systems, in Griesser G, Jardel JP, Kenny DJ, Sauter K (eds): Data protection in health information systems-where do we stand? Amsterdam, North-Holland, 1983, pp 103–118.Google Scholar
  60. 35.
    Watson BL: Liability for invasions of privacy by physicians and medical data systems. Proc SCAMC 1980; 4: 362–371.Google Scholar
  61. 36.
    Westin AF: Computers, health records and citizen rights. Natl Bur Stand (US) Monogram 157, 1976.Google Scholar
  62. 37.
    Witts IL: People in confidence, the expanding circle, in Acheson ED (ed): Record Linkage in Medicine. Edinbourgh, Livingstone, 1968, pp 333–338.Google Scholar

Copyright information

© Springer-Verlag New York Inc. 1989

Authors and Affiliations

  • Gerd Griesser

There are no affiliations available

Personalised recommendations