tals specifies information management (IM) standards. IM.2 states that the "confidentiality, security and integrity of data and information are maintained." IM.2.2 states that "the hospital determines appropriate levels of security and confidentiality for data and information . .. " and continues by stating that the "collection, storage and retrieval systems are designed to allow timely and easy use of data and information without compromising its security and confidentiality." IM.2.2.3 states that "records and information are protected against loss, destruction, tampering and unauthorized access or use.''
The intent of these standards is to ensure that a hospital maintains the security and confidentiality of data and is especially careful about preserving the confidentiality of sensitive data. The hospital is expected to determine the level of security and confidentiality maintained for different types of information. Access to each category of information is based on need and defined by job title and function.
According to the JCAHO, an effective process defines the following:
JCAHO examines hospital practices in the area of information management during its triennial reviews. The reviews address information management practices at an overall level but do not directly ascertain the occurrence of specific instances in which hospital practices may have been violated. JCAHO reviews are nominally voluntary, but organizations that participate in the Medicare and Medicaid programs (and expect to be reimbursed for services offered under these programs) are required to receive JCAHO accreditation.
Better protection of electronic health information will require efforts at the national level. The lack of uniform national standards for the privacy and security of health information creates particular problems for health care organizations that serve constituents in multiple states and creates additional confusion for patients regarding their rights. The re-