Sunteți pe pagina 1din 11

1

Running head: SECURITY AND PRIVACY OF HEALTH DATA

Security and Privacy of Health Data

Course

Name

School
2
Security and Privacy Health Data
Introduction

The research proposal on the security and privacy of health data aims to know the

definition of health data. It seeks to identify when a piece of health-related information is to be

classified as health data and who are the sources and keepers of health data. It also would like to

know the value of security and privacy of one’s health information from the health care provider

and the patients. How important is it for them is ensuring the security and privacy of health data?

This will also look at the legal background of ensuring the security and privacy of health data.

Who are the governing bodies that ensure the health data are secure and the privacy of

information is being checked? Further, the research would want to know the current practices

implemented to support the security and privacy of the data. Finally, the research would like to

find out what challenges have been experienced concerning the implementation of the related

rules and regulations or laws covering the subject. A conclusion and recommendation for the

researcher should cap everything.

There have been several researches conducted on the different aspects of Heath Data. One

such research focused on the value and importance of health information privacy based on the

perspectives of the public, the health care providers and the patients. Health research that utilizes

health information is very important to progress the general health of the community and the

health care is provided. Ethical research needs to preserve the rights of their patients. However, it

is also a well-known fact that the collection of health information in researches will eventually

benefit society when results have been tested. However, privacy should be top-most priority

because the disclosure of someone’s health record could affect his dignity (Institute of Medicine

(US) Committee on Health Research and the Privacy of Health Information).


3
Security and Privacy Health Data
With the advancement of technology, holders of health records have resorted to numerous

digital systems that aim to facilitate the recording and filing of patient’s records. Together with

this issue on how digital information security and privacy have been enforced by the users of the

systems still arises. Current literature on techniques in implementing the security of records for

health care providers using systems to store health data is analyzed and compared (Appari &

Johnson).

Definition of Health Data

According to the McGraw-Hill Concise Dictionary of Modern Science (2002), health data

is any type of data that is related to “health conditions, reproductive outcomes, causes of death,

and quality of life” for a certain population. The General Data Protection Regulation (GDPR)

defines health data as a personal information that reveals information about the health status of

an individual. It further categorizes health data as a type of sensitive information.

To further differentiate health data from other types of data, health data are clinical metrics

as well as socio-economic, environmental, and behavioral information that is associated with

health and wellness. These data are usually collected by health workers such as doctors and

nurses and these would consist of records of services that were received in a specific hospital or

health institution, the conditions of those services, and the clinical outcomes that concern the

services received (Tzourakis, 1996).

Holders of Health Data

While a lot of people would think that the primary owners or holders of health data are the

patients themselves, this is not actually the case. Any medical record would belong to the
4
Security and Privacy Health Data
physician as well as the health facility, institution, or hospital, or clinic where it was created.

This is the main reason why original copies of medical records are usually kept by the health

facility. Moreover, health facilities are mandated by the law to safeguard all original medical

records from damage, loss, or unauthorized use since these are considered legal documents.

Aside from physicians and health facilities, there are other institutions that are considered

holders of health data. This includes insurance companies, pharmaceutical companies, and

academic institutions.

Insurance companies would usually hold claims data which would tell them about their

beneficiaries. Claims data would include patient information such as diagnosis and treatments, as

well as billing codes that pharmacies, physicians, hospitals, and other health care providers

would forward to their payers such as insurance companies (Wilson & Block, 2012).

Pharmaceutical companies are also holders of health data since these health data contain

significant information that would help track how their medicines work. According to Hirschler

(2018), these health data would serve as real-world evidence which manufacturers consider to be

a powerful tool in proving the value of their drugs.

Value of Security and Privacy of Health Data

The conduct of health researches as well as the protection of health data of individuals are

both important to our society. To improve human health and the health care industry, health

researches needs to be conducted. For health researchers to conduct researches they need to

collect specific health data. On the other hand, patients have the right to protect their personal

health information to avoid prejudice. However, it can’t be denied that individuals benefit for

health researches. Take for example when results of these researches facilitated the access new
5
Security and Privacy Health Data
health technologies and diagnostics or more effective ways of preventing or curing an illness

(Institute of Medicine (US) Committee on Health Research and the Privacy of Health

Information).

If it is that important for ethical researchers to collect health data, then why is health data

privacy important? There are several reasons why it is important to protect the confidentiality,

security and privacy of health data. Different theorist has different views on why there is a need

for privacy. Some says that it is a basic right of a person and as such it is an it forms part of the

human well-being. Respecting the privacy is one characteristic of moral uniqueness of humans

that differentiates them to other living creatures (Harris Interactive, 2005). Personal autonomy,

respect, individuality and dignity and worth as human beings are the major reasons why privacy

of health data is regarded with high importance.

What is the public view, health care provider’s point of view and patient’s point of view

about the value of privacy and security of health data? A study conducted by Forrester Research

in 1999 found out that three out of four persons says that the confidentiality and privacy of their

medical records is very important to them. In a more recent research conducted by the same

agency, 67 percent of the respondents say that the Health Insurance Portability and

Accountability Act (HIPAA) Privacy rule is not yet fully implemented and that they are have

concerns regarding the privacy of their medical records (Institute of Medicine (US) Committee

on Health Research and the Privacy of Health Information).

Another research conducted by Harris Interactive in 2007 showed that the respondents

believed that there has been a lot of improvement in the handling of medical records of

individuals in different organizations holding health data. However, the privacy and

confidentiality of their health records remains to be a concern because more that half of their
6
Security and Privacy Health Data
respondents thought that “Patients have lost all control today over how their medical records are

obtained and used by organizations outside the direct patient health care such as life insurers,

employers, and government health agencies.” (Harris Interactive, 2007)

Based on these different studies, it seems that the public is concerned that their health records

will be accessed companies or organizations working in the various heath care industries without

them knowing it and utilized the data for their own benefit or even service discrimination.

On the part of the patients themselves, a study conducted in 2018 found out that the

respondents (who are patients) preferred that they be given access to their medical data and

would not want their data to be shared to both health insurance and pharmaceutical companies.

When asked if they want to add lifestyle data to their medical records to supplement what data is

regularly recorded, majority of them does not want to. In addition, the patients wanted to access

and control to their data, but they have limited knowledge to the concern on privacy and

confidentiality of their data (Wetzels, 2018). The last finding that the patients have limited

knowledge to privacy and confidentiality of their health data could be a concern. An enhanced

explanation of the privacy rights to a patient can be helpful.

I. In another study, it shows that there have been limited studies on patient perspectives in

relation to the Privacy Rule. However, surveys conducted also reveals that patients are not

comfortable when their health information is used for health research with the exception when

necessary notice or consent is given. In contradiction, a separate survey conducted reveals that

63% of the respondents says that consents can be forgo when it is for specific health researches

and the researcher can ensure that no personally identifiable information would be released. In

yet another study, 70% of the respondents says that they trust the health researches to keep their

health data confidential and private when used in health researches. (Westin, 2007).
7
Security and Privacy Health Data
To summarize, there have been limited studies to access the effectiveness or the value of the

HIPAA Privacy Rule, although some studies have revealed that privacy and confidentiality of

health data has improved since its implementation. Generally, the patients do not oppose that use

of personal health records in conducting ethical heath researches, however, the researchers

should ensure the privacy and confidentiality of the data they collected. On the other hand, the

patients are not amendable to the idea of giving their health data to insurance and

pharmacological companies. However, the ultimate decision of the patient to provide health data

sometime depends on the patient’s trust to the researcher that the privacy and confidentiality of

the patient’s data will be protected.

Legal Background

There have several laws that tries to regulate privacy and confidentiality of health data.

Although some of the laws offer patient protection, most of them are implemented to ensure that

the health care industry has the information they need rather than making sure that health data of

patients are kept private and confidential.

The main law that governs the privacy of health data is the Privacy Law of the Health

Insurance Portability and Accountability Act (HIPAA) which was implemented staring April 14,

2003. Basically, the privacy law “creates a structure for how personal health information may be

disclosed and establishes the rights individuals have concerning their health information, sets out

security standards for maintaining and transmitting electronic patient information, and requires a

common format and data structure for the electronic exchange of health information” (Electronic

Frontier Foundation, 2020).

It was updated in 2013 with the introduction of the HITECH Omnibus Rule which extended

the protection and control of protected health information (PHI). It specifically extended the
8
Security and Privacy Health Data
“disclosure requirements and associated liabilities under HIPAA to business associates” (HIM

Body of Knowledge, 2020). It consolidated the state and federal rules and “strengthened the

privacy and security requirements and broadened patient rights to accessing and restricting the

uses and disclosures of PHI.” (HIM Body of Knowledge, 2020)

The implementation or enforcement of HIPAA is done by the Department of Health and

Human Services’ Office for Civil Rights.

The Health Information Technology for Economic and Clinical Health Act (HITECH)

Omnibus Rule is a defined section of the American Recovery and Reinvestment Act (ARRA)

that is focused mainly on health information communication and technology. Its main content

focused on the strengthening of privacy rules protection. Among the highlights of the Omnibus

Rule are the provision of limitations on the use and disclosure of health information used in

marketing and fund-raising purposes, barring the sale of protected information without consent

of the owner, and the expansion of an individual’s rights to access ones electronic health data

(HIM Body of Knowledge, 2020).

Another law that touches on the privacy and confidentiality of data is the Privacy Act of 1974

which was primarily enacted to provide some sort of control of the information collected from

the people by the government agencies. However, only health care institutions under the federal

government are governed by this Act (HIM Body of Knowledge, 2020).

The Patriot Act or the Uniting and Strengthening America by Providing Appropriate Tools

Required to Intercept and Obstruct Terrorism Act is used by the US Government to enhance its

ability to monitor activities that are terrorism related. It does not particularly focused of the

protected health information, however, a demand for PHI data maybe made during investigation

processes (HIM Body of Knowledge, 2020).


9
Security and Privacy Health Data
The provision on the Confidentiality of Alcohol and Drug Abuse patient Records provides

for “additional privacy provisions for records of the identity, diagnosis, prognosis, or treatment

of patients maintained in connection with a federally assisted drug of alcohol abuse program”

(HIM Body of Knowledge, 2020). However, if the rules are less severe that those found the

privacy rule, the final privacy rule is followed.

There are still several “smaller” laws that may not directly affect the privacy and security of

health data but are relevant to, however, with the HIPAA and HITECH, anything that does not

conform with the set rules of these two will not prevail.

References

Appari, Ajit & Johnson, M. (2010). Information Security and Privacy in Healthcare: Current

State of Research1. International Journal of Internet and Enterprise Management. 6. 279-

314. 10.1504/IJIEM.2010.035624.

Electronic Frontier Foundation. (2020). “The Law and Medical Privacy.” Retrieved from

https://www.eff.org/issues/law-and-medical-privacy
10
Security and Privacy Health Data
Institute of Medicine (US) Committee on Health Research and the Privacy of Health

Information: The HIPAA Privacy Rule; Nass SJ, Levit LA, Gostin LO, editors. Beyond

the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research.

Washington (DC): National Academies Press (US); 2009. 2, The Value and Importance

of Health Information Privacy. Retrieved 13 March 2020 from

https://www.ncbi.nlm.nih.gov/books/NBK9579/

“health data". McGraw-Hill Concise Dictionary of Modern Medicine. McGraw-Hill. 2002.

Hirschler, B. (2018). "Big pharma, big data: why drugmakers want your health records." Reuters.

Retrieved from https://www.reuters.com/article/us-pharmaceuticals-data/big-pharma-big-

data-why-drugmakers-want-your-health-records-idUSKCN1GD4MM

Harris Interactive. Health Information Privacy (HIPAA) notices have improved public’s

confidence that their medical information is being handled properly. 2005. [accessed

April 3, 2007]. http://www.harrisinteractive.com/news/printerfriend/index.asp?

NewsID=849 .

Harris Interactive. Many U.S. adults are satisfied with use of their personal health

information. 2007. [accessed May 15,

2007]. http://www.harrisinteractive.com/harris_poll/index.asp?PID=743 .

HIM Body of Knowledge. (2020). “Laws and Regulations Governing the Disclosure of Health

Information (2014 update).” Retrieved from http://bok.ahima.org/doc?

oid=300245#.XoCVsYgzaUk
11
Security and Privacy Health Data
Tzourakis, Melissa (1996). Richard Y. Wang (ed.). The Healthcare Industry and Data Quality

(PDF). International Conference on Information Quality.

Wetzels, Mart et. al. (2018). “Patients Perspectives on Health Data Privacy and Management:

“Where is my data and Whose Is It?” Retrieved from

http://downloads.hindawi.com/journals/ijta/2018/3838747.pdf

Westin A. How the public views privacy and health research. Institute of Medicine; 2007.

[accessed November 11,

2007]. http://www.iom.edu/Object.File/Master/48/528/%20Westin%20IOM%20Srvy

%20Rept%2011-1107.pdf 

Wilson, J. and Block, A. (2012). "The benefit of using both claims data and electronic

medical record data in health care analysis." Retrieved from

https://www.optum.com/content/dam/optum/resources/whitePapers/Benefits-of-using-

both-claims-and-EMR-data-in-HC-analysis-WhitePaper-ACS.pdf

S-ar putea să vă placă și