than any other business enterprise in this regard, except that many are pressed to catch up with the state of the art and science of computer-based information systems.

Providers of clinical medicine have had mixed reactions to the information revolution. On the one hand, some lament the passing of an era of personal ties between patient and physician—one usually carefully documented in the handwritten paper chart of the provider. On the other, many recognize the advantages of standardized health records as continuity of care becomes more difficult and physicians increasingly practice in groups and often substitute for one another in caring for patients enrolled in health care plans. Health information databases have become the professional memories through which the continuity and quality of patient care can be ensured for individual patients over time. As organizations become larger and more complex, electronic health information systems become more important as a means of monitoring and controlling both the quantity and the quality of care. The purposes for which health information is collected and the ways in which it is used have much to do with the way information systems are viewed by users.

Cultural Constraints

Organizational culture can either enhance or impede the intended effect of information confidentiality and security policies because it reflects the values, norms, understandings, and experiences of organizational participants. Some health care organizations have never really accepted the idea of patients as organizational participants; hence, when matters of privacy and security are raised, discussion centers on the proprietary value of such information, not on the threats to individual patient's rights to privacy. Health care organizations are focused on providing care, not on providing security.26 Accordingly, technology is valued inasmuch as it supports that goal and does so in a way that is convenient to caregivers. To the extent that mechanisms to support privacy and security are introduced, they are tolerated only if they are relatively transparent to the main goal. Health care providers often believe that security


A recent study survey of information systems trends conducted by Modern Healthcare and Coopers & Lybrand indicated that improving managed-care capabilities was the driving force behind priorities over the next 24 months. Maintaining or improving the security of patient information did not appear as a concern. See Morrissey, John. 1996. "A Broader Vision: CIOs Shift Strategy to Look Beyond the Hospital," Modern Healthcare, March 4, pp. 110-113.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement