Comp2 Unit9a Lecture Slides

The Culture of Healthcare
Privacy, Confidentiality, and

Security
Lecture a
This material (Comp2_Unit9a) was developed by Oregon Health and Science University, funded by the Department of Health
and Human Services, Office of the National Coordinator for Health Information Technology under Award Number
IU24OC000015.
Privacy, Confidentiality, and Security
Learning Objectives
Define and discern the differences between privacy,
confidentiality, and security (Lecture a)
Discuss the major methods for protecting privacy
and confidentiality, including through the use of
information technology (Lecture b)
Describe and apply privacy, confidentiality, and
security under the tenets of HIPAA Privacy Rule
(Lecture c)
Describe and apply privacy, confidentiality, and
security under the tenets of the HIPAA Security Rule
(Lecture d)
2
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Lecture a
Privacy, Confidentiality, and
Security
Definitions
Concerns
Privacy
Security
Tools for protecting health information
HIPAA
Privacy Rule
Security Rule
Enhancements in HITECH
Implications

3
Lecture a
Definitions
Privacy
The right to be left alone
The right to keep personal information secret
The right to control personal information
Confidentiality
Sharing or disseminating data only to those with a
need to know
Security
Mechanisms to assure the safety of data and
systems in which the data reside
4
Lecture a
Definitions (continued)
Individually identifiable health information (IIHI)
any data that can be correlated with an
individual
Protected health information IIHI as defined by
HIPAA Privacy Rule
Consent (in context of privacy) written or
verbal permission to allow use of your IIHI
5
Lecture a
Concerns about Privacy
Personal privacy vs. common good
Continued disclosures
Concerns of public
De-identified data
6
Lecture a
Personal Privacy vs. the Common Good
Concerns expressed in ACLU video (ACLU, nd.)
http://www.aclu.org/ordering-pizza
There is a spectrum of views
One end holds that while personal privacy is important,
there are some instances when the common good of
society outweighs it, such as in biosurveillance (Gostin,
2002; Hodge, 1999)
The other end holds that personal privacy trumps all other
concerns (Privacy Rights Clearinghouse, 2009; see also
Deborah Peel, MD and www.patientprivacyrights.org)
More balanced views? (CHCF, 2008; Detmer, 2010;
ACP, 2011)
Where do your views fit?
7
Lecture a
Patient Information Disclosures
Continue
Some high-profile earlier instances
Portland, OR Thieves broke into a car with back-up disks and
tapes containing records of 365,000 patients (Rojas-Burke,
2006)
Several episodes from VA, e.g., laptop with data of >1 million
veterans, recovered without apparent access (Lee, 2006)
Recent data documents continuing instances
Privacy Rights Clearinghouse provides searchable Chronology
of Data Breaches not limited to medical
http://www.privacyrights.org/data-breach
HHS must post list of breaches of unsecured protected health
information affecting 500 or more individuals (wall of shame)
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationru
le/breachtool.html
By end of 2011, 380 incidents posted affecting 18,059,831 individuals
8
Lecture a
Breaches adversely impact
organizations (Ponemon, 2011)
Number increased by 32% in 2011 over 2010
Average cost per breach to organization was $2.2
million, taking 1-6 months to resolve
Significant part of cost was lost business
41% discovered as result of patient complaint
Top causes of data breaches
Unintentional employee action
Lost or stolen computing devices
Third-party problem
Most organizations believe EHR makes data more
secure
9
Lecture a
Newer Challenges from Proliferation of
Technologies and Applications
Growing use of electronic data in clinical workflows
Health information exchange (HIE) moves data
across networks
Cloud computing changes perimeter of data
protection
New models of care (e.g., accountable care
organizations) require more members of team to
access information
Clinicians want to use their own devices (e.g.,
personal laptops, tablet devices, smartphones, etc.)
10
Lecture a
Some Technologies Can Worsen the
Problem
USB (thumb) drives run programs when plugged into
USB port; can be modified to extract data from computer
(Wright, 2007)
Personal health records based on Microsoft Access can
easily have encryption compromised (Wright, 2007)
10% of hard drives sold by a second-hand retailer in
Canada had remnants of personal health information (El
Emam, 2007)
Peer-to-peer (P2P) file sharing 0.5% of all US IP
addresses have PHI (El Emam, 2010)
Digital photocopiers store all copies made (Keteyian,
2010)
11
Lecture a
Healthcare Organizations are not Well-
Prepared for Security
Deloitte, 2009
Data leakage is a primary threat
Identity and access management is a top priority
Trend towards outsourcing raises many third-party security
concerns
Role of Chief Information Security Officer (CISO) has taken on
greater significance
As security environment becomes more complex and regulation
continues to grow, security budgets not keeping pace
HIMSS Analytics annual security readiness survey (2010)
Healthcare organizations not keeping pace with security threats
and readiness for them
85% of organizations share electronic data but only 61% perform
a risk analysis annually or more frequently
12
Lecture a
What is the Role of Governments?
National Center for Vital & Health Statistics (NCVHS)
recommendations
26 recommendations for policy concerning health privacy
for the Nationwide Health Information Network (NHIN)
(Cohn, 2006)
Further elaborated recommendations for personal control
and call for consistent and coherent policy (Cohn, 2008)
Health Information Security and Privacy Collaboration
(HISPC) assessed 42 states and territories, finding diverse
approaches and laws, making nationwide approaches difficult
(HHS, 2010)
ONC has established Privacy & Security Tiger Team to
develop policies and vet with other policy and standards
committees
13
Lecture a
What Do Other Governments Do?
European Commission Directive 95/46/EC (EC,
2007)
Stringent rules allow data processing only
with consent or highly specific circumstances
(legal obligation, public necessity)
Countries that implement Directive 95/46/EC
provide examples for how consent for use of
information on Nationwide Health Information
Network (NHIN) may proceed in US (Pritts,
2007)
14
Lecture a
Related Issues for Medical Privacy
Who owns medical information?
Easier to answer with paper systems, but growing view is the
patients own it, which has economic implications (Hall, 2009;
Rodwin, 2009)
Compelled disclosures (Rothstein, 2006)
We are often compelled to disclose information for non-clinical
care reasons
The ultimate personal identifier may be ones genome (McGuire,
2006)
Even de-identified data may compromise privacy (Malin, 2005)
Genome of family members can identify siblings (Cassa, 2008)
Data from genome-wide association studies can reveal individual
level information (Lumley, 2010)
15
Lecture a
Health Information Rights
Declaration of Health Data Rights from a group of
(mostly) PHR vendors (HealthDataRights.org)
Have the right to our own health data
Have the right to know the source of each health data
element
Have the right to take possession of a complete copy
of our individual health data, without delay, at minimal
or no cost; if data exist in computable form, they must
be made available in that form
Have the right to share our health data with others as
we see fit
AHIMA Health Information Bill of Rights (2009)
Slightly more detailed but with similar provisions
16
Lecture a
Is de-identified data more secure?
Not necessarily
Sweeney, 1997; Sweeney, 2002
87% of US population uniquely identified by five-digit
zip code, gender, and date of birth
Identified William Weld, governor of Massachusetts,
in health insurance database for state employees by
purchasing voter registration for Cambridge, MA for
$20 and linking zip code, gender, and date of birth to
de-identified medical database
Genomic data can aid re-identification in clinical
research studies (Malin, 2005; Lumley, 2010)
Social security numbers can be predicted from public
data (Acquisti, 2009)
17
Lecture a
How Governor Weld was Identified
9.1 Figure. The overlapping data enabled identification of the Governor. (Adapted from Sweeney, 1997).
18
Lecture a
Summary Lecture a
Privacy is the right to keep information to ones
self, whereas confidentiality is the right to keep
information about ones self from being
disclosed to others
For many reasons, breaches and disclosures of
patient information are increasing
De-identified information is not necessarily
more secure
19
Lecture a
References Lecture a
References
ACLU. (nd.). Video depicting a pizza company having access to a customers medical records.
http://www.aclu.org/ordering-pizza. Last accessed Jan 2012.
Acquisti, A., & Gross, R. (2009). Predicting Social Security numbers from public data. Proceedings of the National
Academy of Sciences, 106, 10975-10980.
Anonymous. (2005). National Consumer Health Privacy Survey 2005. Oakland, CA: California Health Care
Foundation. Retrieved from http://www.chcf.org/topics/view.cfm?itemID=115694
Anonymous. (2007). Data Protection in the European Union. Brussels, Belgium: European Commission. Retrieved
from http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm
Anonymous. (2010c). The Health Information Security and Privacy Collaboration (HISPC). Washington, DC:
Department of Health and Human Services. Retrieved from
http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&cached=true&objID=1240
Anonymous. (2011a). Health Information Technology & Privacy. Philadelphia, PA: American College of Physicians.
Retrieved from http://www.acponline.org/advocacy/where_we_stand/policy/hit_privacy.pdf
Anonymous. (2011b). Second Annual Benchmark Study on Patient Privacy and Data Security. Traverse City, MI:
Ponemon Institute. Retrieved from http://www2.idexpertscorp.com/ponemon-study-2011/
Cassa, C., Schmidt, B., Kohane, I., & Mandl, K. (2008). My sister's keeper?: genomic research and the
identifiability of siblings. BMC Medical Genomics, 1, 32. Retrieved from http://www.biomedcentral.com/1755-
8794/1/32
Cohn, S. (2006). Privacy and Confidentiality in the Nationwide Health Information Network. Washington, DC:
National Committee for Vital and Health Statistics. Retrieved from http://www.ncvhs.hhs.gov/060622lt.htm

20
Lecture a
References Lecture a (continued)
References (continued)
Cohn, S. (2008). Individual control of sensitive health information accessible via the Nationwide
Detmer, D. (2010). Activating a full architectural model: improving health through robust population health records.
Journal of the American Medical Informatics Association, 17, 367-369.
ElEmam, K., Neri, E., Jonker, E., Sokolova, M., Peyton, L., Neisa, A., & Scassa, T. (2010). The inadvertent
disclosure of personal health information through peer-to-peer file sharing programs. Journal of the American
Medical Informatics Association, 17, 148-158.
Gostin, L., & Hodge, J. (2002). Personal privacy and common goods: a framework for balancing under the national
health information privacy rule. Minnesota Law Review, 86, 1439-1479. Retrieved from
http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID346506_code021104630.pdf
Hall, M., & Schulman, K. (2009). Ownership of medical information. Journal of the American Medical Association,
301, 1282-1284.
Hodge, J., Gostin, L., & Jacobson, P. (1999). Legal issues concerning electronic health information: privacy,
quality, and liability. Journal of the American Medical Association, 282, 1466-1471.
Keteyian, A. (2010, April 15, 2010). Digital Photocopiers Loaded With Secrets. CBS News. Retrieved from
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
Lee, C., & Goldfarb, Z. (2006, June 30, 2006). Stolen VA Laptop and Hard Drive Recovered, Washington Post, p.
A01. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2006/06/29/AR2006062900352.html
Lumley, T., & Rice, K. (2010). Potential for revealing individual-level information in genome-wide association
studies. Journal of the American Medical Association, 303, 859-860.
McGuire, A., & Gibbs, R. (2006). No longer de-identified. Science, 312, 370-371.
Malin, B., & Sweeney, L. (2005). How (not) to protect genomic data privacy in a distributed network: using trail re-
identification to evaluate and design anonymity protection systems. Journal of Biomedical Informatics, 37, 179-
192.

21
Lecture a
References Lecture a (continued)
References (continued)
Ponemon, L., & Kam, R. (2010). Benchmark Study on Patient Privacy and Data Security. Traverse City, MI:
Ponemon Institute. Retrieved from http://www2.idexpertscorp.com/ponemonstudy
Pritts, J., & Connor, K. (2007). The Implementation of E-consent Mechanismsin Three Countries: Canada,
England, and the Netherlands. Washington, DC: Substance Abuse and Mental Health Services Administration.
Retrieved from http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf
Rodwin, M. (2009). The case for public ownership of patient data. Journal of the American Medical Association,
302, 86-88.
Rojas-Burke, J. (2006, January 27, 2006). Providence critics push for safer records, The Oregonian. Retrieved
from http://www.oregonlive.com/news/oregonian/index.ssf?/base/news/1138334121232950.xml&coll=7
Rothstein, M., & Talbott, M. (2006). Compelled disclosure of health information: protecting against the greatest
potential threat to privacy. Journal of the American Medical Association, 295, 2882-2885.
Sweeney, L. (1997). Guaranteeing anonymity when sharing medical data, the Datafly System. Proceedings of the
1997 AMIA Annual Fall Symposium, Nashville, TN, 51-55.
Wright, A., & Sittig, D. (2007a). Encryption characteristics of two USB-based personal health record devices.
Journal of the American Medical Informatics Association, 14, 397-399.
Wright, A., & Sittig, D. (2007b). Security threat posed by USB-based personal health records. Annals of Internal
Medicine, 146, 314-315.El Emam, 2007

Figure
9.1 Figure 1 Adapted from Sweeney, L. (1997). Guaranteeing anonymity when sharing medical data, the Datafly
System. Proceedings of the 1997 AMIA Annual Fall Symposium, Nashville, TN, 51-55.

22
Lecture a

Comp2 Unit9a Lecture Slides

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Comp2 Unit9a Lecture Slides

Uploaded by

Copyright:

Available Formats

The Culture of Healthcare

Privacy, Confidentiality, and

You might also like