safety informationsafety informationsafety informationsafety information
ORCJSC
11 views
58 slides
Jul 02, 2024
Slide 1 of 58
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
About This Presentation
safety information
Slide Content
Medical Data:
It’s Only Sensitive
If It Hurts When You Touch It
Daniel Masys, M.D.
Director of Biomedical Informatics
UCSD School of Medicine
Professor of Medicine
[email protected]
PORTIA Sensitive Data Workshop
It’s Only Sensitive
If It Hurts When You Touch It
Daniel Masys, M.D.
Director of Biomedical Informatics
UCSD School of Medicine
Professor of Medicine
[email protected]
PORTIA Sensitive Data Workshop
Topics
•A brief history of confidentiality and
information security in healthcare:
Hippocrates to HIPAA
•Security vulnerabilities in healthcare
settings
•Why is this so hard to do?
•Models for medical information access
•A brief history of confidentiality and
information security in healthcare:
Hippocrates to HIPAA
•Security vulnerabilities in healthcare
settings
•Why is this so hard to do?
•Models for medical information access
“What I may see or hear
in the course of treatment
or even outside of the treatment
in regard to the life of men,
which on no account one must spread
abroad, I will keep to myself
holding such things
shameful to be spoken about.”
-Hippocrates
in the course of treatment
or even outside of the treatment
in regard to the life of men,
which on no account one must spread
abroad, I will keep to myself
holding such things
shameful to be spoken about.”
-Hippocrates
Professional Ethics
•AMA Principles of Medical Ethics (sect.
4, 1920 edition): “A physician shall
respect the rights of patients…, and
shall safeguard patient confidences
within the constraints of the law”
•Many state medical boards incorporated
professional society ethics codes into
medical practice acts
•AMA Principles of Medical Ethics (sect.
4, 1920 edition): “A physician shall
respect the rights of patients…, and
shall safeguard patient confidences
within the constraints of the law”
•Many state medical boards incorporated
professional society ethics codes into
medical practice acts
Legal Context
•Right to control one’s bodily integrity
•Right to control one’s interpersonal
relationships
•Utility or instrumental value is trust
between patient and physician.
•Right to control one’s bodily integrity
•Right to control one’s interpersonal
relationships
•Utility or instrumental value is trust
between patient and physician.
HIPAA Rules
(Health Insurance Portability and Accountability Act of 1996)
•1996 Health Privacy Legislation with 1999
Congressional action deadline
•Congress failed to enact legislation
•Secretary of HHS required to issue regulations for
medical data privacy and security
•“Covered entities” compliance with Privacy Rule
effective April, 2003, small health plans by April
2004
•Compliance with HIPAA Security Rule for
electronic systems containing Protected Health
Information (PHI) required April, 2005
(Health Insurance Portability and Accountability Act of 1996)
•1996 Health Privacy Legislation with 1999
Congressional action deadline
•Congress failed to enact legislation
•Secretary of HHS required to issue regulations for
medical data privacy and security
•“Covered entities” compliance with Privacy Rule
effective April, 2003, small health plans by April
2004
•Compliance with HIPAA Security Rule for
electronic systems containing Protected Health
Information (PHI) required April, 2005
HIPAA, not HIPPA :-)
“Misspelling is not a violation of the Rule”
Director, US Office of Civil Rights
Speaking at UCSD, 2/5/03
“Misspelling is not a violation of the Rule”
Director, US Office of Civil Rights
Speaking at UCSD, 2/5/03
HIPAA Definitions
•Health informationmeans any information,
whether oral or recorded in any form or
medium, that:
1) Is created or receivedby a health care
provider…, and;
2) Relates to past, present, or future physical
or mental health or condition of an
individual…or provision of health care..or
payment for provision of health care.
•Health informationmeans any information,
whether oral or recorded in any form or
medium, that:
1) Is created or receivedby a health care
provider…, and;
2) Relates to past, present, or future physical
or mental health or condition of an
individual…or provision of health care..or
payment for provision of health care.
HIPAA definitions
•“Covered entity” -organization responsible for
HIPAA compliance.
•Protected Health Information (PHI) -
information generated in the course of
providing healthcare that can be uniquely
linked to them
•Information “use” = use within organization
•Information “disclosure” = release outside of
organization
•“Covered entity” -organization responsible for
HIPAA compliance.
•Protected Health Information (PHI) -
information generated in the course of
providing healthcare that can be uniquely
linked to them
•Information “use” = use within organization
•Information “disclosure” = release outside of
organization
•Gives individuals the right to:
–A written notice of information practices from
health plans and providers
–Inspect and copy their Protected Health Info
–Obtain a record of disclosures
–Request amendments to their medical records
–Have reasonable requests for confidential
communications accommodated
–Request restrictions on uses and disclosures
–Complain about violations to the covered entity
and to HHS
Overview of effects of
HIPAA Privacy Rule
–A written notice of information practices from
health plans and providers
–Inspect and copy their Protected Health Info
–Obtain a record of disclosures
–Request amendments to their medical records
–Have reasonable requests for confidential
communications accommodated
–Request restrictions on uses and disclosures
–Complain about violations to the covered entity
and to HHS
Overview of effects of
HIPAA Privacy Rule
•Requires covered entities to:
–Make a good faith effort to get signed acknowledgement of
information practices related to Protected Health Information (PHI)
used in treatment, payment and operations (TPO)
–Obtain authorization for special additional uses of PHI
–Designate a privacy official
–Develop policies and procedures (including receiving complaints)
–Provide privacy training to their workforce
–Develop a system of sanctions for employees who violate the
entity’s policies
–Meet documentation requirements
–Implement appropriate administrative, technical, & physical
safeguards to protect privacy
Overview of effects of
HIPAA Privacy Rule
–Make a good faith effort to get signed acknowledgement of
information practices related to Protected Health Information (PHI)
used in treatment, payment and operations (TPO)
–Obtain authorization for special additional uses of PHI
–Designate a privacy official
–Develop policies and procedures (including receiving complaints)
–Provide privacy training to their workforce
–Develop a system of sanctions for employees who violate the
entity’s policies
–Meet documentation requirements
–Implement appropriate administrative, technical, & physical
safeguards to protect privacy
Overview of effects of
HIPAA Privacy Rule
The ‘spirit’of HIPAA
•Protected Health Information (PHI = person
identifiable) must be managed with the
same attention to consent for use, access
control, and documentation of actions
performed as are currently applied to
physical objects such as tissue.
•Access to PHI is based on the general
principle of “need to know” and “minimum
necessary” rather than professional role
•Protected Health Information (PHI = person
identifiable) must be managed with the
same attention to consent for use, access
control, and documentation of actions
performed as are currently applied to
physical objects such as tissue.
•Access to PHI is based on the general
principle of “need to know” and “minimum
necessary” rather than professional role
HIPAA Round 2:
the Security Rule
the Security Rule
Overview
•Affects HIPAA Covered Entities that
maintain Protected Health Information
(PHI) in electronic form
•Directs CE’s to ‘develop, implement,
maintain, and document’ security
measures, and keep them current.
•Affects HIPAA Covered Entities that
maintain Protected Health Information
(PHI) in electronic form
•Directs CE’s to ‘develop, implement,
maintain, and document’ security
measures, and keep them current.
Security Rule: Basic Concepts
•Scalable: burden relative to size and
complexity of healthcare organization
•Not linked to specific technologies, and
anticipates future changes in technology
•Unlike Privacy Rule, affects only electronic
information
•Applies security principles well established
in other industries
•Scalable: burden relative to size and
complexity of healthcare organization
•Not linked to specific technologies, and
anticipates future changes in technology
•Unlike Privacy Rule, affects only electronic
information
•Applies security principles well established
in other industries
HIPAA Security Rule
Functional areas
•Information Availability
•Protection against unauthorized:
–Access
–Alteration
–Deletion
–Transmission
•Monitoring (audit trails)
Functional areas
•Information Availability
•Protection against unauthorized:
–Access
–Alteration
–Deletion
–Transmission
•Monitoring (audit trails)
Covered entities are required to:
•Assess potential risks and vulnerabilities
•Protect against threats to information
security or integrity, and against
unauthorized use or disclosure
•Implement and maintain security
measures that are appropriate to their
needs, capabilities and circumstances
•Ensure compliance with these
safeguards by all staff
•Assess potential risks and vulnerabilities
•Protect against threats to information
security or integrity, and against
unauthorized use or disclosure
•Implement and maintain security
measures that are appropriate to their
needs, capabilities and circumstances
•Ensure compliance with these
safeguards by all staff
Security Vulnerabilities in
Healthcare Settings
•Unintentional disclosures
•Well-intentioned but inappropriate
employee behavior
•Disgruntled employees
•Self-insured employers
•? Competitors
•VIP patients
•Hackers
•Data mining
Healthcare Settings
•Unintentional disclosures
•Well-intentioned but inappropriate
employee behavior
•Disgruntled employees
•Self-insured employers
•? Competitors
•VIP patients
•Hackers
•Data mining
Ethnicity
Visit date
Diagnosis
Procedure
Medication
Total charge
ZIP
Birth
date
Sex
Name
Address
Date
registered
Party
affiliation
Date last
voted
“Anonymous”
Medicare Data
Voter List
Data mining as confidentiality
threat
Latanya Sweeney, MIT, 1997
Visit date
Diagnosis
Procedure
Medication
Total charge
ZIP
Birth
date
Sex
Name
Address
Date
registered
Party
affiliation
Date last
voted
“Anonymous”
Medicare Data
Voter List
Data mining as confidentiality
threat
Latanya Sweeney, MIT, 1997
Birth date alone 12%
Birth date & gender 29%
Birth date & 5-digit ZIP 69%
Birth date & full postal code 97%
Birth date includes month, day and year.
Total 54,805 voters.
Uniqueness in Cambridge
voters
Birth date & gender 29%
Birth date & 5-digit ZIP 69%
Birth date & full postal code 97%
Birth date includes month, day and year.
Total 54,805 voters.
Uniqueness in Cambridge
voters
Information Security Elements
•Availability-when and where needed
•Authentication-a person or system is who they
purport to be (preceded by Identification)
•Access Control-only authorized persons, for
authorized uses
•Confidentiality-no unauthorized information
disclosure
•Integrity-Information content not alterable except
under authorized circumstances
•Attribution/non-repudiation-actions taken are
reliably traceable
•Availability-when and where needed
•Authentication-a person or system is who they
purport to be (preceded by Identification)
•Access Control-only authorized persons, for
authorized uses
•Confidentiality-no unauthorized information
disclosure
•Integrity-Information content not alterable except
under authorized circumstances
•Attribution/non-repudiation-actions taken are
reliably traceable
Why is this so hard in
healthcare contexts?
1.The nature of biomedical data
healthcare contexts?
1.The nature of biomedical data
The nature of biomedical data
•Variable levels of sensitivity; “sensitive” is in the
eye of multiple beholders, and highly context-
dependent
•No bright line between person-identifiable and
“anonymous” data
–So inherently rich in attributes that re-identification
potential never reaches zero
•Genome as Future Diary: An individual’s
medical data may have implications for other
family members who have much different values
and preferences, and for future generations
•Variable levels of sensitivity; “sensitive” is in the
eye of multiple beholders, and highly context-
dependent
•No bright line between person-identifiable and
“anonymous” data
–So inherently rich in attributes that re-identification
potential never reaches zero
•Genome as Future Diary: An individual’s
medical data may have implications for other
family members who have much different values
and preferences, and for future generations
Why is this so hard?
1.The nature of biomedical data
2.Complex interpersonal and organizational
roles with respect to data
1.The nature of biomedical data
2.Complex interpersonal and organizational
roles with respect to data
Complex roles: entities with justifiable
(and variable) rights to medical data
•First order role definitions:
–Provider, Patient, Payer, “Society”
•Second order:
–Providers: primary vs. consultant provider,
ancillary support staff
–Patient: self, family, legally authorized reps
–Payer: billing staff and subcontractors,
clearinghouses, insurers
–Society: public health agencies, state medical
boards, law enforcement agencies
(and variable) rights to medical data
•First order role definitions:
–Provider, Patient, Payer, “Society”
•Second order:
–Providers: primary vs. consultant provider,
ancillary support staff
–Patient: self, family, legally authorized reps
–Payer: billing staff and subcontractors,
clearinghouses, insurers
–Society: public health agencies, state medical
boards, law enforcement agencies
Complex roles: entities with justifiable
(and variable) rights to medical data
•Third order:
–Providers: internal and external QA entities
(peer review, JCAHO), sponsors of clinical
research
–Patient: community support groups, personal
friends
–Payers: fraud detection (Medical Information
Bureau), business consultants
–Society: national security, bioterrorism
detection
(and variable) rights to medical data
•Third order:
–Providers: internal and external QA entities
(peer review, JCAHO), sponsors of clinical
research
–Patient: community support groups, personal
friends
–Payers: fraud detection (Medical Information
Bureau), business consultants
–Society: national security, bioterrorism
detection
Healthcare Information
Access Roles
ProviderPatient
PayerSociety
Primary care
Specialists
Ancillaries
Immediate
Family
Extended
Family
Community
Support
Friends
Legally Authorized
Reps
Admin.
Staff
Claims
Processors
Subcontractors
Clearinghouses
Insurers
Public Health
State Licensure
Boards
Law
Enforcement
Internal QA
External
accreditation
orgs
Clinical
Trials
Sponsors
Fraud
Detection
Medical
Information
Bureau
Business
Consultants
National
Security
Bioterrorism
Detection
Access Roles
ProviderPatient
PayerSociety
Primary care
Specialists
Ancillaries
Immediate
Family
Extended
Family
Community
Support
Friends
Legally Authorized
Reps
Admin.
Staff
Claims
Processors
Subcontractors
Clearinghouses
Insurers
Public Health
State Licensure
Boards
Law
Enforcement
Internal QA
External
accreditation
orgs
Clinical
Trials
Sponsors
Fraud
Detection
Medical
Information
Bureau
Business
Consultants
National
Security
Bioterrorism
Detection
Why is this so hard?
1.The nature of biomedical data
2.Complex interpersonal and organizational
roles with respect to data
3.Patients who wish to exercise control
over access to their data seldom
understand the implications of their
decisions
1.The nature of biomedical data
2.Complex interpersonal and organizational
roles with respect to data
3.Patients who wish to exercise control
over access to their data seldom
understand the implications of their
decisions
Why is this so hard?
1.The nature of biomedical data
2.Complex interpersonal and organizational
roles with respect to data
3.Patients who wish to exercise control
over access to their data seldom
understand the implications of their
decisions
4.Personal preferences regarding data
access change, sometimes suddenly
1.The nature of biomedical data
2.Complex interpersonal and organizational
roles with respect to data
3.Patients who wish to exercise control
over access to their data seldom
understand the implications of their
decisions
4.Personal preferences regarding data
access change, sometimes suddenly
Why is this so hard?
1.The nature of biomedical data
2.Complex interpersonal and organizational roles
with respect to data
3.Patients who wish to exercise control over
access to their data seldom understand the
implications of their decisions
4.Personal preferences regarding data access
change, sometimes suddenly
5.“Privacy Fundamentalism” –irrational political
forces (“Nothing about me without me”) block
efficient systems approaches
1.The nature of biomedical data
2.Complex interpersonal and organizational roles
with respect to data
3.Patients who wish to exercise control over
access to their data seldom understand the
implications of their decisions
4.Personal preferences regarding data access
change, sometimes suddenly
5.“Privacy Fundamentalism” –irrational political
forces (“Nothing about me without me”) block
efficient systems approaches
Why is this so hard?
1.The nature of biomedical data
2.Complex interpersonal and organizational roles
with respect to data
3.Patients who wish to exercise control over access
to their data seldom understand the implications
of their decisions
4.Personal preferences regarding data access
change, sometimes suddenly
5.“Privacy Fundamentalism” –irrational political
forces (“Nothing about me without me”) block
efficient systems approaches
6.Differing perceptions of risk and benefit
1.The nature of biomedical data
2.Complex interpersonal and organizational roles
with respect to data
3.Patients who wish to exercise control over access
to their data seldom understand the implications
of their decisions
4.Personal preferences regarding data access
change, sometimes suddenly
5.“Privacy Fundamentalism” –irrational political
forces (“Nothing about me without me”) block
efficient systems approaches
6.Differing perceptions of risk and benefit
$995
This wonderful video
camera can be yours if
you’ll just send us your
Visa or MasterCard
World Wide Web
Dixie Baker, Ph.D.
Chief Scientist
Center for Information Security Technology
Science Applications International Corp.
Daniel R. Masys, M.D.
Director of Biomedical Informatics
University of California, San Diego
Patient-Centered Access to
Secure Systems Online
A National Library of Medicine
Telemedicine Research Contract
Hb 13.2
Hct38.0
WBC 4.2
This wonderful video
camera can be yours if
you’ll just send us your
Visa or MasterCard
World Wide Web
Dixie Baker, Ph.D.
Chief Scientist
Center for Information Security Technology
Science Applications International Corp.
Daniel R. Masys, M.D.
Director of Biomedical Informatics
University of California, San Diego
Patient-Centered Access to
Secure Systems Online
A National Library of Medicine
Telemedicine Research Contract
Hb 13.2
Hct38.0
WBC 4.2
Patient-Centered Access to Secure
Systems Online (PCASSO)
Design Goals
•To enable secure use of the Internet to access
sensitive patient information
•To enable providers AND patients to view medical
data online
•To develop a published, verifiable high-assurance
architecture
–Not proprietary
–No “black box” or trade secret security
Systems Online (PCASSO)
Design Goals
•To enable secure use of the Internet to access
sensitive patient information
•To enable providers AND patients to view medical
data online
•To develop a published, verifiable high-assurance
architecture
–Not proprietary
–No “black box” or trade secret security
PCASSO functions
•Protect healthcare information at multiple levels of
sensitivity
•Authorize user actions based on familiar healthcare
roles
•End-to-end user accountability
•Empower consumers to access their own medical
records
•Patient viewable audit trails
•Automated e-mail notification of records changes
•Security protection extended to user PC
•Protect healthcare information at multiple levels of
sensitivity
•Authorize user actions based on familiar healthcare
roles
•End-to-end user accountability
•Empower consumers to access their own medical
records
•Patient viewable audit trails
•Automated e-mail notification of records changes
•Security protection extended to user PC
PCASSO users
•218 physicians enrolled (started January,
1999)
•53 patients enrolled as of 9/30/99 (started
June, 1999)
•Enrollment criteria:
–Age 18 or older
–Receive health care from UCSD
–One or more visits in past 6 months
–Primary care physician co-signs consent
•218 physicians enrolled (started January,
1999)
•53 patients enrolled as of 9/30/99 (started
June, 1999)
•Enrollment criteria:
–Age 18 or older
–Receive health care from UCSD
–One or more visits in past 6 months
–Primary care physician co-signs consent
Differing user perceptions
of
multi-step login securityPPrroovviiddeerrssPPaattiieennttss
VVeerryy
RReeaassoonnaabbllee
00 7777%%
RReeaassoonnaabbllee 2255%% 1166%%
UUnnrreeaassoonnaabbllee 4411%% 00
IInnttoolleerraabbllee 3333%% 00
Two-tailed P < 0.001 by Mann Whitney
of
multi-step login securityPPrroovviiddeerrssPPaattiieennttss
VVeerryy
RReeaassoonnaabbllee
00 7777%%
RReeaassoonnaabbllee 2255%% 1166%%
UUnnrreeaassoonnaabbllee 4411%% 00
IInnttoolleerraabbllee 3333%% 00
Two-tailed P < 0.001 by Mann Whitney
Patient Comments on PCASSO
•“Love this program and really is super easy to use”
•“I was at the lab this morning and some results are posted
already…very impressed”
•“Thank you for this ‘peek’ into our own medical records.
So often patients seem to feel at the mercy of the HMO’s
and at least this may alieviate <sic> some of that
distrust.”
•“As one who has always been involved in my health care
decisions, I value that I have access to this information.
Great system, I find it very user friendly and feel very
confident that my privacy is maintained at all times…”
•“Love this program and really is super easy to use”
•“I was at the lab this morning and some results are posted
already…very impressed”
•“Thank you for this ‘peek’ into our own medical records.
So often patients seem to feel at the mercy of the HMO’s
and at least this may alieviate <sic> some of that
distrust.”
•“As one who has always been involved in my health care
decisions, I value that I have access to this information.
Great system, I find it very user friendly and feel very
confident that my privacy is maintained at all times…”
Provider Comments on PCASSO
•“The Kremlin is easier to get into.”
•“I signed on once, and have suffered enough.”
•“Unfortunately it’s so cumbersome to use that it is
virtually useless.”
•“…security is too tight…I will keep on using my cable
modem and PC Anywhere to get into my office
computer and then access labs that way.”
•“It would be wonderful when patients call me in the
evenings & weekends to be able to punch up their info
on my home pc and have instant access to their lab
results, X-rays, medications, etc.”
•“...It’s incredibly handy to have this stuff available on
the Internet. Nice work.”
•“The Kremlin is easier to get into.”
•“I signed on once, and have suffered enough.”
•“Unfortunately it’s so cumbersome to use that it is
virtually useless.”
•“…security is too tight…I will keep on using my cable
modem and PC Anywhere to get into my office
computer and then access labs that way.”
•“It would be wonderful when patients call me in the
evenings & weekends to be able to punch up their info
on my home pc and have instant access to their lab
results, X-rays, medications, etc.”
•“...It’s incredibly handy to have this stuff available on
the Internet. Nice work.”
Desiderata for electronic consent
in healthcare
1.Permits access to health data by
checking that patient consent exists
for the information requests, using
methods that check for explicit,
inferred or implied consent
2.Should allow access to patient
information to those who have been
explicitly permitted by a patient
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
in healthcare
1.Permits access to health data by
checking that patient consent exists
for the information requests, using
methods that check for explicit,
inferred or implied consent
2.Should allow access to patient
information to those who have been
explicitly permitted by a patient
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Desiderata for electronic consent
in healthcare, cont’d
3.Should never allow access to patient
information by those explicitly denied
access by the patient
4.Should allow access to patient
information to individuals determined to
have inferred or implied consent based
on their clinical roles, responsibilities, or
clinical circumstance
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
in healthcare, cont’d
3.Should never allow access to patient
information by those explicitly denied
access by the patient
4.Should allow access to patient
information to individuals determined to
have inferred or implied consent based
on their clinical roles, responsibilities, or
clinical circumstance
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Desiderata for electronic consent
in healthcare, cont’d
5.Does not endanger patient safety by
denying access to information by
clinically approved individuals when
consent is indeterminant
6.Does not impede clinical work by
clinically approved individuals, when
consent is indeterminant
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
in healthcare, cont’d
5.Does not endanger patient safety by
denying access to information by
clinically approved individuals when
consent is indeterminant
6.Does not impede clinical work by
clinically approved individuals, when
consent is indeterminant
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Desiderata for electronic consent
in healthcare, cont’d
7.Has security safeguards to prevent
access by circumventing consent
checking mechanism
8.Minimizes the number of requests made
to clinicians and patients to avoid
disruption of clinical care or the private
lives of individuals
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
in healthcare, cont’d
7.Has security safeguards to prevent
access by circumventing consent
checking mechanism
8.Minimizes the number of requests made
to clinicians and patients to avoid
disruption of clinical care or the private
lives of individuals
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Desiderata for electronic consent
in healthcare, cont’d
9.Does not require expensive or
burdensome infrastructure
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Author Observation: criteria are in conflict
with one another, and no single model
performs well against all 9 criteria
in healthcare, cont’d
9.Does not require expensive or
burdensome infrastructure
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Author Observation: criteria are in conflict
with one another, and no single model
performs well against all 9 criteria
Models for e-consent
1.General consent= “opt in”. Patient
accepts all provider policies (Notices of
Information Practices). Most common
current model.
2.General consent with specific denial.
Patient accepts provider policies but
denies consent for a) particular
information or b) particular parties’
access or c) disclosure for particular
purposes
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
1.General consent= “opt in”. Patient
accepts all provider policies (Notices of
Information Practices). Most common
current model.
2.General consent with specific denial.
Patient accepts provider policies but
denies consent for a) particular
information or b) particular parties’
access or c) disclosure for particular
purposes
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Models for e-consent
3.General denial with specific consent=
Paitent denies all access except for
consent for a) particular information or
b) particular parties’ access or c)
disclosure for particular purposes
4.General denial= “opt out”. Each new
episode of care requires explicit
consent. (Likely scenarios for opt out:
psychiatric care, drug rehab, sexually
transmitted disease treatment).
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
3.General denial with specific consent=
Paitent denies all access except for
consent for a) particular information or
b) particular parties’ access or c)
disclosure for particular purposes
4.General denial= “opt out”. Each new
episode of care requires explicit
consent. (Likely scenarios for opt out:
psychiatric care, drug rehab, sexually
transmitted disease treatment).
E. Coiera et. al., J. Am Med Informatics Assoc, 2004
Implementation:
e-Consent objects
Rights management wrappers associated
with clinical information that record the
assertion:
Access to(information)
by an(entity)
for a(purpose)
in a(context)
is{consented to | denied }
Could attach to specific facts, episodes of
care, or complete medical record
e-Consent objects
Rights management wrappers associated
with clinical information that record the
assertion:
Access to(information)
by an(entity)
for a(purpose)
in a(context)
is{consented to | denied }
Could attach to specific facts, episodes of
care, or complete medical record
Putting Health Information Security
into Perspective
•The current fervor related to health
information security is sometimes marked
by “irrational exuberance”
•Data available to date suggests that
breaches of confidentiality in healthcare
usually cause either no apparent harm or
some personal psychological harm, while
inaccessibility of healthcare data causes
preventable medical errors, up to and
including death
into Perspective
•The current fervor related to health
information security is sometimes marked
by “irrational exuberance”
•Data available to date suggests that
breaches of confidentiality in healthcare
usually cause either no apparent harm or
some personal psychological harm, while
inaccessibility of healthcare data causes
preventable medical errors, up to and
including death
Kohn L, et al. Committee on
Quality of Health Care in
America.
To Err is Human: Building a
Safer Health System.
Institute of Medicine, Dec 1999
Quality of Health Care in
America.
To Err is Human: Building a
Safer Health System.
Institute of Medicine, Dec 1999
Medical Errors
•Between 44,000-98,000 preventable deaths
each year in hospitals
•Injury rates from 2.9% (general med-surg) to
46% (ICU settings)
•7th leading cause of death in US
•Likely underestimates due to:
–Injury thresholds for reporting
–Errors had to be documented in clinical
record
•Between 44,000-98,000 preventable deaths
each year in hospitals
•Injury rates from 2.9% (general med-surg) to
46% (ICU settings)
•7th leading cause of death in US
•Likely underestimates due to:
–Injury thresholds for reporting
–Errors had to be documented in clinical
record
Medical Errors
•Majority of errors do not result from individual
recklessness, but from flaws in health system
organization (or lack of organization).
•Failures of information management are common:
–illegible writing in medical records
–lack of integration of clinical information
systems
–inaccessibility of records
–lack of automated allergy and drug
interaction checking
•Majority of errors do not result from individual
recklessness, but from flaws in health system
organization (or lack of organization).
•Failures of information management are common:
–illegible writing in medical records
–lack of integration of clinical information
systems
–inaccessibility of records
–lack of automated allergy and drug
interaction checking
Information Security Elements
•Availability-when and where needed
•Authentication-a person or system is who they
purport to be
•Access Control-only authorized persons, for
authorized uses
•Confidentiality-no unauthorized information
disclosure
•Integrity-Information content not alterable except
under authorized circumstances
•Attribution/non-repudiation-actions taken are
reliably traceable
•Availability-when and where needed
•Authentication-a person or system is who they
purport to be
•Access Control-only authorized persons, for
authorized uses
•Confidentiality-no unauthorized information
disclosure
•Integrity-Information content not alterable except
under authorized circumstances
•Attribution/non-repudiation-actions taken are
reliably traceable
Putting Health Information Security
into Perspective
•If ‘keeping the bad guys out’ causes even a single
additional death due to inaccessibility of
information to authorized providers, we have
failed to achieve a proper perspective on health
information security
•From HIPAA back to Hippocrates:Primum non
nocere-first do no harm
into Perspective
•If ‘keeping the bad guys out’ causes even a single
additional death due to inaccessibility of
information to authorized providers, we have
failed to achieve a proper perspective on health
information security
•From HIPAA back to Hippocrates:Primum non
nocere-first do no harm
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 11
- Slides 58
- Age 539 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
45 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
49 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
44 views
14
Fertility awareness methods for women in the society
Isaiah47
41 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
43 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
42 views