1.  A security architecture for health information networks

Author(s): Kailar R, Muralidhar V

Source: AMIA Annu Symp Proc 2007 (NULL);(NULL)((NULL)):379-83.

Summary: 

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Health information network architectures need to find the right balance between stringent security controls and ease of implementation. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

---

2.  A state-based approach to privacy and security for interoperable health information exchange

Author(s): Dimitropoulos L, Rizk S

Source: Health Aff (Millwood) 2009 Mar-Apr;28(2):428-34.

Summary: 

Ensuring the privacy and security of electronic health information is a key challenge for organizations that collect, store, and exchange such information. For the past three years, a collaboration of states and territories has examined the variation in organization-level practices, policies, and state laws governing the privacy and security of health information; this project is commonly referred to as the Health Information Security and Privacy Collaboration (HISPC). An interoperable system of health information exchange (HIE) will have difficulty accommodating the current variation in policy requirements; therefore, it is important for organizations to come to agreement on a common set of widely shared policies. The project has created a lasting, coordinated network of state-level stakeholders that work together to reduce variation and propose common policies to protect health information and facilitate electronic HIE. This paper traces the development of this project and draws some lessons for privacy and security assurances in the electronic exchange of health information.

---

3.  An ethical framework for sharing patient data without consent

Author(s): Navarro R

Source: Inform Prim Care 2008 (NULL);16(4):257-62.

Summary: 

Data privacy concepts are surveyed and a framework is presented for the safe sharing of sensitive patient data. Tailoring the data sharing to the privacy breach risks of each project allows the best compromise for 1) keeping the trust of the public and 2) providing for the best quality data where detailed patient consent is not possible. The first step is an agreement on an acceptable privacy breach risk. Next, proceed to measure that risk for the proposed data when held by a given recipient. Finally, select from a menu of mitigation strategies (people, process and technical) to achieve acceptable risk. The framework is tested against the current UK approach administered by the Patient Information Advisory Group. The hard problem of non-consented data sharing should be divided into the easier (though non-trivial) ones of data and recipient breach risk measurement. Directed research in these two areas will help move the data sharing problem into the 'solved' pile.

---

4.  An 'Honest Broker' mechanism to maintain privacy for patient care and academic medical research

Author(s): Boyd AD, Hosner C, Hunscher DA, Athey BD, Clauw DJ, Green LA

Source: Int J Med Inform 2007 May-Jun;76(5-6):407-11.

Summary: 

As information systems move to more integrated architectures, the aggregation of data and the desire of other entities to access this data is putting serious strains on our ability to maintain the security of patients’ medical data. In order to address this issue, groups at the University of Michigan are developing a system called the "Honest Broker" to help manage this problem. The Honest Broker will offload the burden of housing identifiable data elements of protected health information (PHI) as well as manage data transfer between clinical and research systems. This two-component architecture increases the burden on attackers who now need to compromise two systems, one of which is seriously hardened, in order to match health data with a patient's actual identity. By redesigning the method of integrating clinical care and research, we have enabled projects that would be cost prohibitive to conduct otherwise.

---

5.  Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security

Author(s): Collmann J, Cooper T

Source: J Am Med Inform Assoc 2007 Mar-Apr;14(2):239-43.

Summary: 

This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

---

6.  Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules

Author(s): Choi YB, Capitan KE, Krause JS, Streeper MM

Source: J Med Syst 2006 Feb;30(1):57-64.

Summary: 

The use of computers to electronically store and transmit patient data has revolutionized the modern health care system. While the benefits gained by the health care industry through the use of electronic information storage and transmission are innumerable, these gains must not be accepted at the cost of individual privacy. This paper discusses the challenges associated with privacy in health care in the electronic information age based on the Health Insurance Portability and Accountability Act (HIPAA) and the Security Rules. We examine the storing and transmission of sensitive patient data in the modern health care system and discuss current security practices that health care providers institute to comply with HIPAA Security Rule regulations. Based on our research results, we address current outstanding issues that act as impediments to the successful implementation of security measures and conclude the discussion and offer possible avenues of future research.

---

7.  Compelled authorizations for disclosure of health records: magnitude and implications

Author(s): Rothstein MA, Talbott MK

Source: Am J Bioeth 2007 Mar;7(3):38-45.

Summary: 

Each year individuals are required to execute authorizations for the release of health records as a condition of employment, applying for various types of insurance, and submitting claims for benefits. Generally, there are no restrictions on the scope of information released to these compelled authorizations, and the development a nationwide system of interoperable electronic health records will increase the amount of health information released. Unless some limitations are imposed, health records generated today will be maintained indefinitely and might become the old, possibly irrelevant, and highly sensitive information about which individuals are deeply concerned. To allow for limited disclosures, legislation must be enacted to restrict the scope of disclosures to the information needed by the third-party user. A fast, cheap, and easy method to limit these disclosures is the second element. Third, there must be a public realization of the extent and consequences of compelled disclosures and a willingness to accept the political and economic costs of limiting these disclosures.

---

8.  Electronic medical records. Privacy, confidentiality, liability

Author(s): Steward M

Source: J Leg Med 2005 Dec;26(4):491-506.

Summary: 

Electronic medical records (EMRs) have the potential to decrease health care costs, increase the quality of patient care, facilitate better departmental communication, create less paper confusion, allow use with authorized access only, allow storage of digital images, and increase overall efficiency in the health care system, but are patients really better off with a paperless system? To avoid the potential problems an electronic system may cause, primarily the undue invasion of patient privacy, caution must be taken to ensure that paperless system will keep patient information secure and confidential. In Section I, this commentary addresses the importance of patient medical records to our health care system, as well as the background of regulations that protect patient privacy. Section II discusses potential benefits and current controversies concerning the electronic storage of medical records. Section III considers judicial decisions regarding personal privacy. Finally, Section IV discusses an example of an organization that currently is using an interoperative electronic database.

---

9.  Ensuring the privacy and confidentiality of electronic health records

Author(s): Terry NP, Francis LP

Source: University of Illinois Law Review 2007 (NULL);2007(2):681-736.

Summary: 

In 2004, President Bush announced his plan to ensure that more Americans would have electronic health records (EHRs) within ten years.  Although substantial progress has been made toward achieving that goal, this progress has primarily reflected institutional interests and priorities by focusing on system architecture and technical standards.  This article argues that in order for a nationwide transition to EHRs to be successful, however, the system must receive acceptance from patients and physicians. Thus, it must address and protect issues at the forefront of their concerns; namely, privacy and confidentiality.  Instead of merely adopting the minimal protections afforded by the Health Insurance Portability and Accountability Act (HIPAA), the EHR system must embrace an autonomy-based, default position of full patient control over personal information, with very limited exceptions. Consequently, hard choices must be made as to the architectural and patient consent models that may involve subjugating some interoperability and comprehensiveness ambitions to principled protections of patient autonomy.

---

10.  Ethical and legal issues in the use of health information technology to improve patient safety

Author(s): Berner ES

Source: HEC Forum 2008 Sep;20(3):243-58.

Summary: 

The Institute of Medicine reports, To Err is Human and the subsequent Crossing the Quality Chasm spurred an increased attention nationally to problems in patient safety, in particular medication errors. Health information technology (HIT) was seen as a key mechanism to improve patient safety and health care quality, by reducing handwriting errors through electronic health records (EHRs) and providing clinical decision support (CDS). While the adoption rate of HIT has been increasing, the related legal and ethical issues have not received as much attention as other issues. In addition to concerns about privacy and security, the key ethical issues in the use of HIT revolve around the principles of providing safe and effective care and avoiding harm. Like other interventions, the legal issues revolve around regulating the use of these systems and monitoring their impact to assure that they are used properly and safely.

---

11.  Ethical issues and the electronic health record

Author(s): Layman EJ

Source: Health Care Manag (Frederick) 2008 Apr-Jun;27(2):165-76.

Summary: 

Ethical issues (beneficence, autonomy, fidelity, and justice) related to electronic health records (EHRs) confront health personnel, health leaders, and health policy makers. EHRs are seen as beneficent because of alleged increased access to health care, but research has not consistently demonstrated access for disadvantaged persons. Autonomy is jeopardized when patients' health data are shared or linked without the patients' knowledge. Fidelity is breached by the exposure of thousands of patients' health data through mistakes or theft. Lack of confidence in the security of health data may induce patients to conceal sensitive information, and as a consequence, patients’ treatment may be compromised. Justice is breached when persons, because of their socioeconomic class or age, do not have equal access to health information resources and public health services. Health personnel, leaders, and policy makers should discuss the ethical implications of EHRs before the occurrence of conflicts among the ethical principles. Recommendations to guide health personnel, leaders, and policy makers are provided.

---

12.  Health Information Privacy, Patient Safety, and Health Care Quality: Issues and Challenges in the Context of Treatment for Mental Health and Substance Use

Author(s): Beckerman JZ, Pritts J, Goplerud E, Leifer JC, Borzi PC, Rosenbaum S

Source: BNA Health Care Policy Report 2008 Jan;16(2):(NULL).

Summary: 

In an era of heightened concern over health care quality and patient safety on the one hand, and health information privacy on the other, finding the right balance between these two broad goals can represent a major policy challenge. No health issues better illustrate this challenge than the debate over use and disclosure of individualized information regarding mental health conditions and substance use disorders. Following an overview of the social and legal traditions underlying health information privacy, this article examines the federal and state legal framework for information privacy relating to treatment for mental health conditions and substance use, focusing on privacy and information-sharing in a treatment context. Examples of "real world" scenarios are presented and various issues brought up are discussed. Various recommendations include using technology to standardize consent systems, ensuring that patients’ decision to withhold information is truly informed, and strengthening tools of enforcement for violations of privacy.

---

13.  Health information, the HIPAA privacy rule, and health care: what do physicians think?

Author(s): Slutsman J, Kass N, McGready J, Wynia M

Source: Health Aff (Millwood) 2005 May-Jun;24(3):832-42.

Summary: 

This study examines physicians' attitudes toward key Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule requirements and assesses the effects of their implementation. We found that despite physicians' generally negative views toward the Privacy Rule, they rated organizations implementing more rule requirements better at protecting the privacy of patient records to provide high-quality care than organizations that have not implemented the requirements. Most importantly, the physicians gave the organizations that are meeting more Privacy Rule requirements higher ratings in terms of one key area of concern: physicians' ability to interact with colleagues to provide high-quality care. The policy implications corroborate with findings from the Government Accounting Office (GAO) that the Privacy Rule implementation has not hindered the provision of health care. In view of these results, it is time to move forward with the development of reliable indicators of the effects of compliance on quality of care, conduct of medical research, and practitioners' work patterns.

---

14.  Privacy as an enabler, not an impediment: building trust into health information exchange

Author(s): McGraw D, Dempsey JX, Harris L, Goldman J

Source: Health Aff (Millwood) 2009 Mar-Apr;28(2):416-27.

Summary: 

Building privacy and security protections into health information technology (IT) systems will bolster trust in such systems and promote their adoption. The privacy issue, too long seen as a barrier to electronic health information exchange, can be resolved through a comprehensive framework that implements core privacy principles, adopts trusted network design characteristics, and establishes oversight and accountability mechanisms. The public policy challenges of implementing this framework in a complex and evolving environment will require improvements to existing law, new rules for entities outside the traditional health care sector, developing privacy rules for personal health records, a more nuanced approach to the role of consent, and stronger oversight, accountability, and enforcement mechanisms. The challenge is to find the right mix of statutory direction, regulatory implementation, and industry best practices to build trust in e-health systems and enable the widespread adoption of health IT.

---

15.  Regulatory and policy barriers to effective clinical data exchange: lessons learned from MedsInfo-ED

Author(s): Gottlieb LK, Stone EM, Stone D, Dunbrack LA, Calladine J

Source: Health Aff (Millwood) 2005 Sep-Oct;24(5):1197-204.

Summary: 

The need to deploy automated clinical information systems in hospitals and ambulatory care settings has recently been identified as a top priority. MedsInfo-ED is a proof-of-concept clinical data exchange project that uses prescription claims data to deliver patient medication history to emergency department clinicians at the point of care. The goal of the project is to serve as a prototype for building and testing a community clinical data exchange model that uses available technology and operational solutions for improved quality and patient safety outcomes. This patient safety initiative, while limited in scope and scale, has been crucial in identifying numerous policy and regulatory barriers to successful clinical data exchange. The lessons learned and strategies to overcome the barriers are the focus of this paper. Through commitment and effective collaboration, MA-SHARE was able to address some of these barriers that are embedded in existing government regulations and corporate business practice.

---

16.  Safeguarding patient privacy in electronic healthcare in the USA: the legal view

Author(s): Walsh D, Passerini K, Varshney U, Fjermestad J

Source: Int J Electron Healthc 2008 (NULL);4(3-4):311-26.

Summary: 

The conflict between the sweeping power of technology to access and assemble personal information and the ongoing concern about our privacy and security is ever increasing. In this paper, we take a legal perspective and examine the existing patchwork of laws and obligations governing health information in the USA. The study finds that as Electronic Medical Records (EMRs) increase in scope and dissemination, privacy protections gradually decrease due to the shortcomings in the legal system. The contributions of this paper are (1) an overview of the legal EMR issues in the USA, and (2) the identification of the unresolved legal issues and how these will escalate when health information is transmitted over wireless networks. More specifically, the paper discusses federal and state government regulations such as the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and judicial intervention. Based on the legal overview, the unresolved challenges are identified and suggestions for future research are included.

---

17.  Secure e-Health: managing risks to patient health data

Author(s): Kluge EH

Source: Int J Med Inform 2007 May-Jun;76(5-6):402-6.

Summary: 

e-Health, as an inter-jurisdictional enterprise, presents risks to patient health data that involve not only technology and professional protocols but also laws, regulations and professional security cultures. The USA Patriot Act is one example of how national laws can shape these concerns. Secure e-Health therefore requires not only national standardization of professional education and protocols but also global interoperability of regulations and laws. Some progress has been made in Europe; however, even those developments are incomplete, and nothing similar has been accomplished on a global scale. Professional health information organizations must take the lead in developing appropriate high-level principles for professional certification and security protocols, so they can provide a firm and consistent foundation for international treaties. Such developments should occur jointly with other health professions, so that coordinated requirements are integrated into revisions of the relevant codes of ethics. This paper identifies and addresses some of the ethical and legal issues and proposes a series of recommendations.

---

18.  Securing electronic health records without impeding the flow of information

Author(s): Agrawal R, Johnson C

Source: Int J Med Inform 2007 May-Jun;76(5-6):471-9.

Summary: 

The Hippocratic Database enables healthcare enterprises to comply with privacy and security laws without impeding the legitimate management, sharing, and analysis of personal health information (PHI). This approach to securing electronic health records (EHRs) involves (1) active enforcement of fine-grained data disclosure policies using query modification techniques, (2) efficient auditing of past database access to verify compliance with policies and track security breaches, (3) data mining algorithms that preserve privacy using randomization, (4) de-identification of PHI using an optimal method of k-anonymization, and (5) information sharing across autonomous data sources using cryptographic protocols. Our research confirms that policies concerning the disclosure of EHRs can be reliably and efficiently enforced and audited at the database level. Additionally, advanced data mining and anonymization techniques can be employed to analyze aggregate health records without revealing individual patient identities. Finally, web services and commutative encryption can be used to share sensitive information selectively among autonomous entities without compromising security or privacy.

---

19.  Shared expectations for protection of identifiable health care information: report of a national consensus process

Author(s): Wynia MK, Coughlin SS, Alpert S, Cummins DS, Emanuel LL

Source: J Gen Intern Med 2001 Feb;16(2):100-11.

Summary: 

The Ethical Force Program is a collaborative effort to create performance measures for ethics in health care. This report lays out areas of consensus for performance measurement on protecting the privacy, confidentiality and security of identifiable health information. The program's oversight body appointed a national Expert Advisory Panel on Privacy and Confidentiality in September 1998. This group compiled and reviewed existing norms, including governmental reports and legal standards, professional association policies, private organization statements and policies, accreditation standards, and ethical opinions. A set of specific and assessable expectations for ethical conduct in this domain was then drafted and refined through 7 meetings over 16 months; consensus was achieved on 34 measurable ethical expectations for the protection of privacy and confidentiality in health care. These expectations should apply to any organization with access to personally identifiable health information, including managed care organizations, physician groups, hospitals, other provider organizations, and purchasers. Performance measurement may improve accountability across the health care system.