Google Answers Logo
View Question
 
Q: data privacy and data protection in electronic health info systems ( Answered 5 out of 5 stars,   0 Comments )
Question  
Subject: data privacy and data protection in electronic health info systems
Category: Health
Asked by: darkandstormynight-ga
List Price: $20.00
Posted: 24 Apr 2003 01:55 PDT
Expires: 24 May 2003 01:55 PDT
Question ID: 194689
What I need is a list of issues surrounding data protection and data
privacy in electronic health info systems and links to specific parts
of sites dealing with them.  I am looking at this from the view of
health service consumers, providers and Australian state and govt
authorities. Basically, I'm looking for relevant sources once the
issues are defined. "Health Online" is the Australian govt health
online site.
Answer  
Subject: Re: data privacy and data protection in electronic health info systems
Answered By: easterangel-ga on 24 Apr 2003 04:01 PDT
Rated:5 out of 5 stars
 
Hi! Thanks for the question. 

The National Privacy Code is the main law being seen as the answer to
the issues as regards to data protection in the health sector. The act
is mentioned because it is the main source of arguments for the
articles that mentions the issue of data protection in the healthcare
industry of Australia.

Note: Some of the documents here are in PDF format so you would need a
reader like Adobe Acrobat to view them. If you haven’t installed it in
your PC yet you can download the software here
(http://www.adobe.com/products/acrobat/readstep2.html). Furthermore, I
will provide small snippets from the articles cited so as to save you
time but I highly recommend that you read them in their entirety so as
to get a more comprehensive understanding of the issues.

The following are issues as regards to data protection in the
Australian health sector.

The National Privacy Code aims to address the following issues of data
protection in the health sector of Australia.

a.) Collection:
“This principle requires health service providers (and by definition,
nurses) to only collect information that is necessary to deliver the
health service and it must be collected with the person’s consent.”

b.) Use and disclosure:
“Health service providers (and nurses)may use or disclose the
information collected only for the primary purpose for which it was
collected, or if the person gives consent to further disclosure.”
 
c.) Data quality:
“Nurses and other health service providers are required to take
reasonable steps to keep health information up-to-date, accurate and
complete.”
 
d.) Data security:
“Nurses and other health service providers must take reasonable steps
to protect and secure health information from loss, misuse and
unauthorized access.”

e.) Openness:
“This principle refers to the requirement that health service
providers must convey to consumers / patients how their sensitive
health information will be handled.”

f.) Access and correction:
“Under this principle,consumers have a general right of access to
their own health records.”
 
g.) Identifiers:
Commonwealth Government identifiers, such as the Medicare number or
Veterans ’ Affairs number, have restricted use and cannot be used by
health service providers as identifiers for record keeping purposes.”

h.) Anonymity:
“Where it is lawful and practical, consumers must be given the option
to use health services without identifying themselves.”

i.) Transborder data flows:
“Health information should only be transferred out of Australia if the
recipient country has similar privacy protection laws, or if the
consumer consents to the transfer.”

j.) Sensitive information:
“This principle dictates that an organisation must not collect
sensitive information unless the individual has consented; it is
required by law; or, in circumstances such as the provision of health
services and individual or public health or safety.”

National Privacy Code
http://www.anf.org.au/pdf/anj_feature_0208.pdf 

a.) “However, these 'private sector' laws do not affect public State
hospitals or other State health organisations and the NSW, ACT and
Victorian governments have passed their own legislation governing
privacy and health”

b.) “Interestingly, the definition of 'health service' includes an
activity performed that is intended or claimed by the service provider
to improve the individuals health or treat the individual's illness.
This means that the individual service provider does not necessarily
have to be a health 'professional' and includes all forms of medical
treatment, including alternative and other non-traditional therapies.”

c.) “The NHPPs will not apply to exempted health information or health
services or health service providers that are exempted in accordance
with a State or Territory Act.”

Focus: Health - February 2003
http://www.aar.com.au/pubs/bio/fohfeb03.htm 

a.) “The level of data security should be adequate”

b.) “The trend is towards the use of a Public Key Infrastructure
Framework to ensure acceptable data security when transmitting
information across an open network such as the Internet.”

c.) “Informed consent of the client/patient”

d.) “Clinicians’ notes must acknowledge that the consultation was
conducted using videoconferencing technology and note any disruptions
which occur in the course of the consultation.”

e.) “…paper records containing personal health information should not
be copied unless it is essential to do so.”

f.) “The anonymity of clients/patients should be maintained during
case presentations, consultations with other health care providers,
research activities and at seminars and conferences.”

g.) “It is important to ensure that client/patient information is not
discussed in public areas such as corridors or lifts or indeed
anywhere it is likely to be overheard.”

h.) “Computer screens in emergency departments, admission and
outpatient areas and other public areas should, where possible, be so
placed that they cannot be seen other than by the staff member
entering the information.”

i.) “Clients/patients whose preferred language is other than English
should be informed in their own language of their rights to access
their health records.”

“GENERAL SAFEGUARDS FOR PROTECTION OF PERSONAL INFORMATION”
http://216.239.37.100/search?q=cache:Fc3KpTm8mBEC:www.health.nsw.gov.au/iasd/information-privacy/ipcop98/safeguards.html+%22health+sector%22+%22data+security%22+Australia&hl=en&ie=UTF-8

- IT education of hospital staff
- Resistance to technology change by the health care staff
- Organizational structure which includes the physical layout of the
premises, existing technology, signs, rituals, stories and values.

“Preparing staff for Information Technology”
http://infocom.cqu.edu.au/HNI/BooksOnline/chapter_24.pdf

Our next article provides data security issues confronting
pharmacists.

a.) “Collecting health information, dispensing medication and
discussing symptoms in a
public space.”

b.) “Change of business circumstances and pharmacies”

c.) “Access to health records”

d.) “Children’s privacy” – “The Privacy Act does not set an age limit
at which a child or young person can exercise their own privacy rights
– this occurs when the individual becomes competent to make such
decisions.”

e.) “Providing personal information to others – the collection of
medication by friends,
neighbours or relatives”

“New Privacy Law & the Private Health Sector” 
http://www.privacy.gov.au/publications/hics2.pdf 

 a.) “a person could not be penalised or discriminated against for not
participating in the
system”

b.) “stringent security measures would be in place wherever health
information was collected, stored or exchanged in the network”

c.) “information collected and stored on the network could be used
only for agreed purposes and would be restricted to the health sector”

“PRIVACY, CONFIDENTIALITY AND SECURITY”
http://www.health.gov.au/healthconnect/pdf_docs/fsp.pdf

Search terms used:          
"health sector" "data security" Australia
              
I hope these links would help you in your research. Before rating this
answer, please ask for a clarification if you have a question or if
you would need further information.
              
Thanks for visiting us.               
              
Regards,               
Easterangel-ga               
Google Answers Researcher

Request for Answer Clarification by darkandstormynight-ga on 24 Apr 2003 07:49 PDT
Hi, thanks for the quick response. The answer concentrated heavily in
the direction of general health privacy issues, and privacy principles
used in legislation but I really need to relate data protection &
privacy back to electronic health info systems eg clinical and
telehealth. I need to know in what ways data protection and privacy
will be different in electronic health to the traditional paper-based
health record system so that I can identify strengths, weaknesses and
diferences between the two systems.  I don't need info on paper-based
systems, just electronic.  Hope that makes it a little clearer.

Clarification of Answer by easterangel-ga on 24 Apr 2003 17:52 PDT
Hi again! Thanks for asking a clarification before providing a rating.

I have found here privacy issues that relate directly to electronic
health info systems in terms of the clinical and telehealth aspects in
Australia.

Our first link provides a comparison of the security issues of having
an electronic health records systems as regards to paper based ones.
They are compared according to the following concerns:

a. "Loss of confidential information"

b. "Theft of and/or unauthorised access to confidential information"

c. "Confidential information becoming known to the public"

d. "Misuse and abuse of confidential information, or loss of integrity
of confidential information"

e. "Availability of confidential information"

Security - Key risks
http://www.gpcg.org/topics/security_key_risks.html
 
Other issues that must be addressed are discussed in this paper.

a. "Computer technology makes the creation of new databases and data
entry easy, so that databases can be created and maintained readily.
This could result in a proliferation of data and information that is
easily searchable."

b. "Computerization allows for storage of large amounts of data in a
very small physical medium."

c. "Computers provide for the possibility of "invisible theft" —
stealing data without taking anything physical — so that patients and
providers remain unaware that the data has been stolen, altered, or
abused."

d. "Computers allow for the possibility of "invisible" modification,
deletion, or addition of data."

e. "Computers create the potential for the easy linking of data that
were not intended to be collated."

f. "Computers allow a large number of people to handle or access data;
the potential vulnerability of the data to large-scale intrusion is
significantly increased in a computerized environment."

"PRIVACY, CONFIDENTIALITY AND SECURITY ISSUES" 
http://www.dhs.vic.gov.au/ahs/archive/telemed/8.htm  
 
a. "Currently, the majority of health care records in Australia exist
as discrete paper-based entities held at a variety of different
locations, resulting in a fragmented picture of individuals’ health
needs and health histories."

b. "Access to appropriate information at the time of care delivery is
central to good clinical decision making – practitioners and consumers
need the right information at the right time."

c. "First, the consumer must provide consent for access to occur."

d. "Once a right of access is established the identity of the person
accessing the record needs to be authenticated to ensure that access
is only granted to approved parts of the record."

e. "What mechanisms should be used to control access to data?"

"Issues Paper: A National Approach to Electronic Health Records for
Australia"
http://www.gpcg.org/publications/docs/Ehrissue.doc 

A study on the issues in Privacy and Confidentiality in Clinical Data
Management Systems is available in this link. Although it is not in
the Ausralian setting, I think it will be good background information
for your research.

"Privacy and Confidentiality in Clinical Data Management Systems: Why
You Should Guard the Safe"
http://www.netreach.net/%7Ewmanning/cdm.htm

In case you would need futher assistance as regards to this question,
just let me know through clarification.

Best Regards,
Easterangel-ga
darkandstormynight-ga rated this answer:5 out of 5 stars
Thanks Easterangel, just what I needed.

Comments  
There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy