LESSON 14: ETHICS, PRIVACY AND SECURITY

- Technology helped in the modernization of the health care industry, however, this made practitioners
to be dependent on the use of mechanical aids in providing patient treatment. Conversely, human
values should continue to govern research and the actual practice in health care.
- Health care informatics covers issues on honorable actions and proper and improper behaviors in the
field of health care. However, most health practitioners are not familiar with ethical issues even if
some issues have been controversial.
- Nowadays, privacy and confidentiality are among the popular sources of debate. However, more
important issues such as the use of appropriate informatics tools in clinical settings, determination of
users, system evaluation, system development, and many others need attention. These and other
questions on the various legal and regulatory requirements need to be addressed (Goodman, 2016).
- Listed below is a set of ethical principles for appropriate use of decision-support systems, particularly
in Informatics, as described by Shortlife and Cimino, (2013).
1. A program should undergo appropriate evaluation prior to use in clinical practice. It should
perform efficiently at an acceptable financial and timeframe cost.
2. Adequate training and instruction should be completed before proceeding to the
implementation.
3. A qualified health professional should be assigned to handle concerns regarding uses,
licenses, and other concerns. The software systems’ applications should not replace functions
such as decision making.

Ethics in Health Informatics

- Information systems store patient’s records that can be retrieved when needed. These records assist in
the dispensation of health care or other supplementary services which are part of health informatics.
The said informatics is guided by health information ethics which is defined as the application of the
principles of ethics in the domain of health informatics.

GENERAL ETHICS
1. Autonomy
- Is defined as either allowing individuals to make their own decisions in response to a particular societal
context, or as the idea of being free from external influence or control. Electronic Health Records (EHR)
must maintain respect for patient autonomy, and this entails certain restrictions about the access,
content, and ownership of records. A compromise must be reached between levels of patient
autonomy and quality of patient records. When patients are given too much control over their EHRs,
this could defeat the purpose of the use of such document because critical information might be
modified or deleted without the knowledge of the health professionals. Limiting patient access and
control over patient records improves document quality because patients can also verify their own
records (Mercuri, 2010).
2. Beneficence and Non-maleficence
 - These two principles are respectively defined as “do good” and “do no harm.” I health informatics,
beneficence relates most significantly with the usage of stored data in the EHR system, and non-
maleficence with how the stored data is protected.
- Deeply integrated EHR systems will contain substantial amounts of raw data, and great potential exists
for the conduct of groundbreaking biomedical and public health researches. These kinds of researches
will be beneficial to both the individual patient and to the entirely of society. With this in mind, new
EHR systems should be developed with the capacity to allow patients to release information from their
EHRs which can be valuable to researchers and scientists. Similarly, the available consolidated data
from clinical data repositories will allow health care professionals to provide the best possible
treatment for their patients, further upholding the principle of beneficence.
- However, the integrated data storage in health informatics is also a breeding ground for varying
threats. Temporary outages, at a minimum, might prevent health care professionals from performing
necessary procedures. At worst, it could even result in significant patient mortality. Total system
failures, however, may cause even greater damage. In order to avoid these instances, all data must
have multiple back-ups for fast and easy recovery. Since medical records contain very sensitive
information about an individual, the highest level of data security possible should also be upheld.
Vulnerabilities in security put patients at a risky position, and might ultimately lead to the violation of
the principles of non-maleficence (Mecuri, 2010).

Informatics Ethics
- Is about the ethical behavior expected from an individual assigned to handle information, as prescribed
by the International Medical Informatics Association (2016). It follows seven principles:
1. Principle of Information-Privacy and Disposition – everyone has the fundamental right to
privacy. Every individual should ensure that he or she has control over the collection, access,
use, communication, manipulation, storage, linkage, and disposition of data about himself or
herself.
2. Principle of Openness – the control measures of particular data should be disclosed to the
concerned individual in an appropriate and timely fashion.
3. Principle of Security – legitimately collected data should be protected through all appropriate
measures against access, use, modification or communication, manipulation, linkage, loss,
degradation, and unauthorized destruction.
4. Principle of Access – authorized individuals should be given access to electronic health records
and also have the right to correct the data with respect to their completeness, accuracy, and
relevance.
5. Principle of Legitimate Infringement – the right to privacy and control over personal data should
be conditioned by the appropriate legitimate, and relevant data-requirement of a democratic
society and by the equal rights of others.
6. Principle of the Least Intrusive Alternative – any infringement of privacy rights should occur in
the least intrusive manner and with the least amount of interference with the rights of the
affected parties.
7. Principle of Accountability – any infringement must be justified to the concerned individuals in a
timely and appropriate fashion.
Software Ethics
- Health informatics ethics relies on the use of the software to store and process information. It follows
that the activities carried out by the developers might affect the end-users. Therefore, software
developers have the ethical duties and responsibilities to the stakeholders (society, institution and
employees, and the profession).
- They should execute all system activities with the best interest of the society in mind. They should
disclose any threats or known defects in the software.
- They should ensure that completed activities serve the best interests of the institution and its
employees. They should be straightforward about their personal limitations and qualifications.
- Finally, they must build products that meet the professional standards which are reached through
testing and detailing unresolved issues. In support of the mentioned responsibilities of software
developers, the management should require ethical approaches in software development (Samuel and
Zaiane, 2014).

PRIVACY, CONFIDENTIALITY, AND SECURITY

- Privacy and confidentiality are often used interchangeably, but they are not synonymous. Privacy
generally applies to individuals and their aversion to eavesdropping, whereas, confidentiality is more
closely related to unintended disclosure of information. For example, someone who is spying on a
certain person to find out about his or her visit to an acquired immunodeficiency syndrome (AIDS)
clinic is a violation of that person’s privacy. On the other hand, if someone breaks into the clinic to view
an individual’s patient record, that act is in violation of confidentiality.
- There are numerous significant reasons to protect privacy and confidentiality. First, privacy and
confidentiality are widely regarded as rights of all people which merit respect without the need to be
earned, argued, or defended. Second, protection of these rights is ultimately advantageous for both
individuals and society. Patients are more likely to be comfortable to share sensitive health care data
when believe this information would not be shared inappropriately. This kind of trust essentially
establishes a successful physician-patient or nurse-patient relationship, and enables the practitioners
to perform their jobs better.
- Furthermore, the protection of privacy and confidentiality benefits public health. When people are not
afraid to disclose personal information, they are more inclined to seek out professional assistance
which helps in diminishing the risk of increasing untreated illnesses and spreading infectious diseases
(Goodman, 2016).
- When patients trust medical professionals and health information technology enough to disclose their
health information, the latter will have a more holistic view of patients’ overall health and both health
care professional and patient can formulate more informed decisions. In circumstances wherein
breaches of privacy and confidentiality occur, serious consequences for the organization await, such as
reputational and financial harm, or personal harm to patients. Poor privacy and security practices
heighten the vulnerability of patient information and increase the risk of successful cyber-attacks (USA
Department of Health and Human Services, 2015).
- In summary, the idea that physicians should hold health care information in confidence should be
applicable no matter what the circumstance. The obligation to protect privacy and to keep health
information confidential fall on system designers, maintenance personnel, administrators, and
ultimately to the physicians, nurses, and other frontline users of the information. The protection of
 privacy and confidentiality is non-negotiable because it is a duty that does not fluctuate (Goodman,
2016).

Level of Security in the Hospital Information System

- Safeguards are the solutions and tools which may be utilized to implement security policies at different
levels of health organization. At the administrative level, they may be implemented by the
management as organization-wide policies and procedures. Mechanisms can be put in place to protect
equipment, systems, and locations at the physical level, while automated processes to protect the
software and database access and control can be implemented at the technical level.
- It is important to note that the types of safeguards may be prescribed or restricted by law. Another
important consideration is the cost-benefit principle. If it is not cost effective for the institution to avail
of an expensive technology to mitigate a risk to electronic health information, an alternative is to
require the staff to follow a new administrative procedure that equally reduces that risk. Conversely, if
they cannot afford to place additional burden on the staff due to possibilities of human error, they may
choose to purchase a technology that staff due to possibilities of human error, they may choose to
purchase a technology that automates the procedures in order to minimize the risk.
- Regardless of the type of safeguard chosen to be implemented, it is important to monitor its
effectiveness and regularly assess the health IT environment to determine if new risks are present.

Examples

Administrative  Regular risk assessment of the health IT environment

Safeguards  Continuous assessment of the effectiveness of safeguards for employed for
electronic health information
 Provide detailed processes and procedure for viewing and administering electronic
health information
 Prompt reporting of security breaches (e.g., to those entities required by law or
contract) and ensure continued health IT operations

Physical  Place office alarm systems

Safeguards  Lock offices and areas that contains computing equipment that store electronic
health information
 Have security guards that makes regular rounds in the vicinity

Technical  Configure computing equipment to ensure security (e.g., virus checking, firewalls)
Safeguards  Use certified applications and technologies that store or exchange electronic health
information
 Set up access controls to health IT and electronic health information (e.g.,
authorized computer accounts)
 Encrypt the electronic health information
 Regular audit of the health IT operations
 Have backup capabilities (e.g., regular backups of electronic health information to
another computer file server)
- The National Research Council (1997) emphasizes that technological security tools are essential
components of modern distributed health care information systems, and that they serve five key
functions:
1. Availability – ensuring that accurate and up-to-date information is available when needed at
appropriate places.
2. Accountability – helping to ensure that health care providers are responsible for their access to
and use of information, based on a legitimate need and right to know.
3. Perimeter identification – knowing and controlling the boundaries of trusted access to the
information system, both physically and logically.
4. Controlling access – enabling access for health care providers only to information essential to
the performance of their jobs and limiting the real pr perceived temptation to access
information beyond a legitimate need.
5. Comprehensibility and Control – ensuring that record owners, data stewards, and patients
understand and have effective control over appropriate aspects of information privacy and
access.
- McPherson and Pincus (2017) narrate the following flow of information, in a specific portion of the
Hospital Information System such as the Laboratory Information System.

Steps Description

Register Patient - The patient record (e.g., ID number,

name, sex age, location) must be created
in the LIS prior to the test/s. the LIS
usually receives these data automatically
from the hospital registration system
when a patient was admitted.

Order Tests - The attending physician orders the tests

for the patient and the procedures is
requested as part of the laboratory’s
morning blood collection rounds. These
orders are entered into the CIS and
electronically it is sent to the LIS.

Collect Sample - The LIS prints a list of all patients who

have to be drawn which also includes the
appropriate number of sample bar-code
labels for each patient order. Each
barcode contains the patient ID, sample
contained, and laboratory workstation
which is used to sort the tube once it
reaches the laboratory. An increasingly
popular approach is for caregivers or
nurses to collect the blood sample.
Sample barcode labels can be printed (on
demand) at the nursing station on an LIS
printer or portable bedside printer prior
collection.
Receive Sample - Once the sample arrives in the laboratory,
the status is updated in the LIS from
“collected” to “received.” This is done by
scanning each sample container’s barcode
ID into the LIS. Once the status becomes
“received” the LIS then transmits the test
order to the analyzer who will perform
the required test.

Run Sample - The sample is loaded to the analyzer, and

the bar code is then read. No work list is
needed because the analyzer knows what
test to perform from the order provided
by the LIS. The work list should contain
the names of the patients and the tests
ordered on each and next to each test is a
space to record the result.

Review Results - The analyzer then produces the results

and sends the same to the LIS. The result
is only viewable to the assigned
technologists until it is released for
general viewing. The LIS can also be
programmed to flag certain results-for
example, critical values-so the
technologist can easily identify what
needs to be repeated or further
evaluated.

Release Results - The technologist is responsible for the

release of the results. Unflagged results
are reviewed and released at the same
time. The LIS can be programmed to
automatically review and release normal
results or results that fall within a certain
range. This approach reduces the number
of tests that a technologist has to review.
The results are automatically transmitted
to the CIS upon release.

Report Results - The physician can now view the results on

the CIS screen. Reports can be printed
when needed.