Confidentiality Issues In Health Informatics

Replies to This Discussion

Permalink Reply by Abbas Shojaee on March 5, 2009 at 3:11am

Dear Leen

I'd like to recommend the very interesting book: "E-Health care information systems" by Joseph-Tan, Part 4, Chapter 14 : "E-Security: Frameworks for Privacy and Security in E-Health Data Integration and Aggregation". A seamless introduction to the topic.

Regards

▶ Reply to This

Permalink Reply by Leen on March 5, 2009 at 4:00pm

thanks..i will try to find the book u had recommended but here i'm not pretty sure if the book is available or not...but i am sure that book will help me a lot..thanks again..

▶ Reply to This

Permalink Reply by Danver Roman on March 10, 2009 at 2:59am

Hi Leen

if you wish to attend to the issue based on health informatics, there are 3 issues that you should address: 1) ethical/legal considerations about pt information, 2) How should a health system protect such information and 3) how should a health information system protect such information. All of this is based on the premise that a clinician should keep a the pt information privileged/confidential. confidentiality is needed to protect the pt and the health system. The latter is especially if the person fucntion in a private rather than a public setup. If a pt know his/her information is confidential they feel much more at ease to divulge private information. This confidentiality is however waived in situations of a malpractice suit or where the life of another person is endangered. In the case of the latter it is advisable to place the patient in the position to divulge it. If it does not happen the pt should be informed that the therapist shpould do it. This is normally done in cases of HIV and AIDS and possible homicide or suicide cases. In America a case that I am aware of isthe tarasof case of 1976 where a pt informed the therapist that he is going to kill tatiana tarasoff. The court ruled that in such cases there is a duty on the therapist to also protect the person who is in danger. In cases of adolescents it is important to inform parents of an impemding or threat of suicide. Question is does information system fit into this and how does it fit into the health system. The health system normally have a PR that manage questions about the Health System or the pt. Internal process should be structured to give effect to this, so that information flows are properly in place to indicate the quality of data and where the information is allowed to be made avilable in the system. Information systems/ICT should be password protected/encrypted to only make information available to those who must have access to the information. Statistics that is available should be aggragated data and not personal data. The person's name should be ommitted and the pt reference should be used, in cases where a reference is needed.. Hope this helps.

▶ Reply to This

Permalink Reply by Leen on March 12, 2009 at 10:56pm

thanks a lot..but i got confuse about the word 'pt', was it an abbreviation for a keyword or what? need to know this urgent..thanks again

▶ Reply to This

Permalink Reply by Bobby Moeng on March 13, 2009 at 12:38am

Hi Leen!From my understanding on Danver's comment, "pt" is an abbreviation for patient. just re-read his comment again replacing pt with patient and you'll see that it now makes better sense ;-)

Regards

▶ Reply to This

Permalink Reply by Leen on March 16, 2009 at 3:31pm

ok..now i see what's the point danver wanted to say...thank you and the word 'patient' do make a sense...hehehe

▶ Reply to This

Permalink Reply by Leen on March 16, 2009 at 3:34pm

Hi Danver...just wanted to ask..do you have any idea about Critical evaluation of issues relating to security. I do understand its about how we manage the security of system and data but i dont really get it when it comes to critical evaluation..is it related to how we evaluate the security and all its issues?

▶ Reply to This

Permalink Reply by Danver Roman on March 19, 2009 at 8:35pm

Hi Leen

I did not receive your comment on my and bobby's comment. I just followed up to see whether you have any response to what I wrote. If I did not comment at least within a day or two, you may send me an email at droman@pgwc.gov.za or dlroman@telkomsa.net.

In South Africa your name would have been considered a shortened version of and petname for "Helen". It still stays a powerfull and beautiful name for a woman, especially if one consider women like Helen of Troy. I like the bunch of flowers that you have in place of your picture, it shows that you have appreciation for life and nature.

The "pt" did refer to patient. Nurses and doctors use different abbreviations for "speed writing" like "pt" for patient, "Rx " treatment and "Mx" for management. I unfortunately fall into the trap of using these abbreviations without considering tha other might not be informed about about it.

About critical Evaluation of issues relating to Security; I am not a boffin on security issues in ICT, but in doing a critical evaluation of something one must establish the norms/values/principles/standards/elements/tools ect of what you will assess and criticise. One would consider this in different sections that are linked to each other>

I would do the following: 1) establish what the available literature indicate about security systems 2) establish what is regarded as the best practices 3) What are the elements/principles etc that materialise about a good information security system, like having a password for each person/ having encryption etc. 4) Evaluate a system or two in your environment and establish whether it complies with the literature best practice and elements 5) comment on your own experience and 6) Draw comparisons between the literature, best practices, the information system that was evaluated/audited your own experience.

conclude by whether you agree or do not agree and what are the reasons for your agreement and non-agreement.

Danver

▶ Reply to This