Secure e-Health: managing risks to patient health data

e-Health, as an inter-jurisdictional enterprise, presents risks to patient health data that involve not only technology and professional protocols but also laws, regulations and professional security cultures. The USA Patriot Act is one example of how national laws can shape these concerns. Secure e-Health therefore requires not only national standardization of professional education and protocols but also global interoperability of regulations and laws. Some progress has been made in Europe; however, even those developments are incomplete, and nothing similar has been accomplished on a global scale. Professional health information organizations must take the lead in developing appropriate high-level principles for professional certification and security protocols, so they can provide a firm and consistent foundation for international treaties. Such developments should occur jointly with other health professions, so that coordinated requirements are integrated into revisions of the relevant codes of ethics. This paper identifies and addresses some of the ethical and legal issues and proposes a series of recommendations.