Privacy protection for personal health information and shared care records.

Informatics in Primary Care Pub Date : 2014-01-01 DOI:10.14236/jhi.v21i2.55

Roderick L B Neame

{"title":"Privacy protection for personal health information and shared care records.","authors":"Roderick L B Neame","doi":"10.14236/jhi.v21i2.55","DOIUrl":null,"url":null,"abstract":"Background: The protection of personal information privacy has become one of the most pressing security concerns for record keepers: this will become more onerous with the introduction of the European General Data Protection Regulation (GDPR) in mid-2014. Many institutions, both large and small, have yet to implement the essential infrastructure for data privacy protection and patient consent and control when accessing and sharing data; even more have failed to instil a privacy and security awareness mindset and culture amongst their staff. Increased regulation, together with better compliance monitoring, has led to the imposition of increasingly significant monetary penalties for failure to protect privacy: these too are set to become more onerous under the GDPR, increasing to a maximum of 2% of annual turnover.Objective: There is growing pressure in clinical environments to deliver shared patient care and to support this with integrated information. This demands that more information passes between institutions and care providers without breaching patient privacy or autonomy. This can be achieved with relatively minor enhancements of existing infrastructures and does not require extensive investment in inter-operating electronic records: indeed such investments to date have been shown not to materially improve data sharing. REQUIREMENTS FOR PRIVACY: There is an ethical duty as well as a legal obligation on the part of care providers (and record keepers) to keep patient information confidential and to share it only with the authorisation of the patient. To achieve this information storage and retrieval, communication systems must be appropriately configured. There are many components of this, which are discussed in this paper. Patients may consult clinicians anywhere and at any time: therefore, their data must be available for recipient-driven retrieval (i.e. like the World Wide Web) under patient control and kept private: a method for delivering this is outlined.","PeriodicalId":30591,"journal":{"name":"Informatics in Primary Care","volume":"21 2","pages":"84-91"},"PeriodicalIF":0.0000,"publicationDate":"2014-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatics in Primary Care","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14236/jhi.v21i2.55","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Background: The protection of personal information privacy has become one of the most pressing security concerns for record keepers: this will become more onerous with the introduction of the European General Data Protection Regulation (GDPR) in mid-2014. Many institutions, both large and small, have yet to implement the essential infrastructure for data privacy protection and patient consent and control when accessing and sharing data; even more have failed to instil a privacy and security awareness mindset and culture amongst their staff. Increased regulation, together with better compliance monitoring, has led to the imposition of increasingly significant monetary penalties for failure to protect privacy: these too are set to become more onerous under the GDPR, increasing to a maximum of 2% of annual turnover.

Objective: There is growing pressure in clinical environments to deliver shared patient care and to support this with integrated information. This demands that more information passes between institutions and care providers without breaching patient privacy or autonomy. This can be achieved with relatively minor enhancements of existing infrastructures and does not require extensive investment in inter-operating electronic records: indeed such investments to date have been shown not to materially improve data sharing. REQUIREMENTS FOR PRIVACY: There is an ethical duty as well as a legal obligation on the part of care providers (and record keepers) to keep patient information confidential and to share it only with the authorisation of the patient. To achieve this information storage and retrieval, communication systems must be appropriately configured. There are many components of this, which are discussed in this paper. Patients may consult clinicians anywhere and at any time: therefore, their data must be available for recipient-driven retrieval (i.e. like the World Wide Web) under patient control and kept private: a method for delivering this is outlined.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

个人健康信息和共享护理记录的隐私保护。

背景:个人信息隐私保护已经成为记录保管人最紧迫的安全问题之一:随着2014年中期欧洲通用数据保护条例(GDPR)的引入，这将变得更加繁重。许多机构，无论大小，在访问和共享数据时，尚未实施数据隐私保护和患者同意和控制的必要基础设施;甚至更多的公司未能向员工灌输隐私和安全意识的心态和文化。越来越多的监管，加上更好的合规监控，导致对未能保护隐私的企业实施越来越严重的罚款:在GDPR下，这些罚款也将变得更加繁重，最高可达年营业额的2%。目的:在临床环境中，提供共享的患者护理和支持集成信息的压力越来越大。这要求在不侵犯患者隐私或自主权的情况下，在机构和护理提供者之间传递更多信息。这可以通过对现有基础设施进行相对较小的改进来实现，并且不需要在互操作电子记录方面进行大量投资:事实上，迄今为止这种投资已被证明不会实质性地改善数据共享。隐私要求:护理提供者(和记录保管人)有道德责任和法律义务对患者信息保密，只有在患者授权的情况下才能分享。为了实现这种信息存储和检索，必须适当地配置通信系统。这其中有许多组成部分，本文对此进行了讨论。患者可以随时随地咨询临床医生:因此，他们的数据必须在患者控制和保密的情况下可用于接受者驱动的检索(如万维网):概述了一种交付方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Informatics in Primary Care

自引率

0.00%

发文量

审稿时长

14 weeks