For the Record: Protecting Electronic Health Information
Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure, Commission on Physical Sciences, Mathematics, and Applications, Computer Science and Telecommunications Board, Division on Engineering and Physical Sciences, National Research Council
National Academies Press, Jun 23, 1997 - Medical - 247 pages
When you visit the doctor, information about you may be recorded in an office computer. Your tests may be sent to a laboratory or consulting physician. Relevant information may be transmitted to your health insurer or pharmacy. Your data may be collected by the state government or by an organization that accredits health care or studies medical costs. By making information more readily available to those who need it, greater use of computerized health information can help improve the quality of health care and reduce its costs. Yet health care organizations must find ways to ensure that electronic health information is not improperly divulged. Patient privacy has been an issue since the oath of Hippocrates first called on physicians to "keep silence" on patient matters, and with highly sensitive data--genetic information, HIV test results, psychiatric records--entering patient records, concerns over privacy and security are growing.
For the Record responds to the health care industry's need for greater guidance in protecting health information that increasingly flows through the national information infrastructure--from patient to provider, payer, analyst, employer, government agency, medical product manufacturer, and beyond. This book makes practical detailed recommendations for technical and organizational solutions and national-level initiatives.
For the Record describes two major types of privacy and security concerns that stem from the availability of health information in electronic form: the increased potential for inappropriate release of information held by individual organizations (whether by those with access to computerized records or those who break into them) and systemic concerns derived from open and widespread sharing of data among various parties.
The committee reports on the technological and organizational aspects of security management, including basic principles of security; the effectiveness of technologies for user authentication, access control, and encryption; obstacles and incentives in the adoption of new technologies; and mechanisms for training, monitoring, and enforcement.
For the Record reviews the growing interest in electronic medical records; the increasing value of health information to providers, payers, researchers, and administrators; and the current legal and regulatory environment for protecting health data. This information is of immediate interest to policymakers, health policy researchers, patient advocates, professionals in health data management, and other stakeholders.
What people are saying - Write a review
We haven't found any reviews in the usual places.
EXECUTIVE SUMMARY 1
THE PUBLIC POLICY CONTEXT 37
PRIVACY AND SECURITY CONCERNS REGARDING
TECHNICAL APPROACHES TO PROTECTING ELECTRONIC
ORGANIZATIONAL APPROACHES TO PROTECTING
FINDINGS AND RECOMMENDATIONS 160
Other editions - View all
access control access privileges agencies Alice’s attacks audit trails authentication authorized Bob’s CERT Coordination Center clinical collect committee committee’s companies Computer-based Patient Record CPRI database Deloitte and Touche develop disclosure ELECTRONIC HEALTH INFORMATION electronic medical records employees EMRs encryption ensure example federal firewall Health and Human health care industry health care information health care organizations health care providers health data health information systems Health Insurance health records hospital http://www.nap.edu/catalog/5595.html TECHNICAL APPROACHES implement improve individual information security information technology Institute integrity Internet Kerberos linking mechanisms Medical Information ment National on-line organization’s organizational passwords patient information patient privacy patient-identifiable health physicians policies privacy and security privacy concerns procedures programs PROTECTING ELECTRONIC HEALTH protecting health information Recommendation record systems SECURITY CONCERNS sites visited specific standards telemedicine threats tion types unauthorized users violations vulnerabilities