For the Record: Protecting Electronic Health Information

Questions? Call 800-624-6242

About | Ordering | New

LoginRegister

| Items in cart [0]

HARDBACK
price:$32.95
add to cart

Rights & Permissions

Free PDF Access

Free Resources

Related Titles

For the Record: Protecting Electronic Health Information (1997)
Computer Science and Telecommunications Board (CSTB)

Citation Manager Export the bibliographic data for this book in your chosen format
Web Search Builder Use this book's key terms to search within this book, across our collection, or across the Web.
Skim This Chapter Skim this chapter and use this chapter's key terms to search within this book.
Reference Finder Paste in your own text to find books that relate to your topic.

Citation Manager

. "5 Organizational Approaches to Protecting Electronic Health Information." For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press, 1997.

Please select a format:

Page
138


E-mail Share on facebook Facebook Share on delicious Delicious Share on stumbleupon Stumble Share on twitter Twitter More Sharing ServicesMore

The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy.

tions will, upon request, analyze the audit logs of accesses to a particular patient's record. This practice is useful in detecting alleged violations of confidentiality. Though exposing health care organizations to possible legal action, such reviews can, in the long run, help reduce patients' suspicions and provide the motivation for organizations to develop strong measures for protecting patient information.

Organizational Structures

Formal organizational structures are needed to develop, implement, and enforce policies regarding privacy and security. These structures take on a variety of forms, depending largely upon the nature and culture of the institution in which they will operate, and serve as a focal point for both management and technical issues related to the safeguarding of privacy and security in paper and electronic medical records. Institutions with strong organizational policy tend to have well-defined structures with clear lines of responsibility. They typically include groups charged with developing policy; offices or departments for implementing policy, and structures for granting access privileges to users of the institution's information systems. A fourth structure—the institutional review board—is discussed above in the section titled "Policies on Research Uses of Health Information."

Policy Development Process

Health care organizations develop privacy and security policies in many different ways: by a small cadre of senior executives, by a committee process that solicits input from across the organization, or by some combination of the two. Committee members saw a range of approaches during their site visits. One site developed policy primarily within senior management, with limited input from department heads, users, and patients. Another organization used committee structures for all policy development activities. Policy developed by a small group of high-level executives has the advantage of being less time-consuming than a committee process and inherently carries with it the authoritative power of management. At the same time, it is becoming increasingly understood that employee input into policy decisions increases the likelihood of acceptance and effective implementation.¹³

Most sites visited for this study developed policy by committee. These