For the Record Protecting Electronic Health Information (1997) / Chapter Skim
Currently Skimming:
1 Introduction
1 Introduction
Pages 19-36
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 19... ...
Over the centuries, changes in the practice of medicine and in the structure of the health care industry have required a continuing expansion of the notion of patient privacy beyond the traditional patient-provider relationship and into other organizations that collect and analyze health information. Insurers, managed care organizations, public health officials, researchers, and others with a need for patient information have had to develop policies and practices for protecting the information they collect and, ultimately, the privacy of the individuals to whom the information pertains.
|
From page 20... ...
The health care industry spends approximately $10 billion to $15 billion a year on information technology, and expenditures are expected to grow by 15 to 20 percent a year for the next several years.4 Health care organizations are developing electronic medical records (EMRs) for stor 2 The terms privacy, confidentiality, and security are used in many different ways to discuss the protection of personal health information.
|
From page 21... ...
7 Many terms are used to describe the electronic storage of patient-specific information; apart from electronic medical record (EMR) , the two most commonly used terms are computerbased patient record and electronic health record.
|
From page 22... ...
A 1996 survey by Deloitte and Touche indicates that 24 percent of U.S. hospitals already belong to an IDS, and an additional 47 percent are participating in the development of an IDS.8 The move toward integrated delivery systems is motivated by promises of cost savings through consolidations, expansions of market share to protect current business, improvements in the quality of care by managing care over a continuum of time and encounters, and improvements in bargaining position with respect to payers.
|
From page 23... ...
As a result, managed care organizations have an opportunity to assess patient health risks and define optimal approaches to the management of the chronically ill, in addition to improving the efficacy of specific patient encounters with a health care provider. They also have an opportunity to use information about the health care needs of enrolled subpopulations of patients with common characteristics (whether gender, age, or condition)
|
From page 24... ...
Examples include medical and surgical suppliers, pharmaceutical companies, reference laboratories, and companies that provide information technology services. Some of these companies have seen profit margins decline in their core businesses and see synergistic opportunities in the collection and analysis of patient-identifiable health data for health care organizations.
|
From page 25... ...
They also include the provider's assessment and plans, advance directives, information on the patient's assent to and understanding of therapy, and permission for disclosure of information for use by other care providers or bill payers. Originally, the medical record existed in abbreviated form to refresh the memory of the family doctor, who may have known more than patients themselves about familial risk factors and a patient's history of diseases or conditions.
|
From page 26... ...
PROTECTING THE PRIVACY AND SECURITY OF HEALTH INFORMATION The application of information technology to health care especially the development of electronic medical records and the linking of clinical
|
From page 27... ...
In a recent poll almost half of those questioned stated that they were "very concerned" about their personal privacy, and a third stated that they were very concerned about the possible negative consequences of EMRs.l5 Such concerns are growing as more sensitive information, such as HIV status, psychiatric records, and genetic information, is stored in medical records. Addressing these concerns requires both a better understanding of the vulnerabilities of health information in electronic form and the various mechanisms available for protecting such information.
|
From page 28... ...
The existence of the Internet means that data can be moved across administrative, legal, and national jurisdictions as easily as it can be moved to the next desk; intrusions can be mounted with equal facility. Electronic medical records also raise the possibility that much more accurate and complete composite pictures of individuals can be more easily drawn so much more so that reasonable people would raise concerns about the aggregate even if they had no concerns about any single data element.
|
From page 29... ...
a medical records department with responsibility for ensuring only legitimate access to health records, the integrity of data contained in those records, and the confidentiality of those records. Health care organizations established policies regarding the collection, use, and release of health information to maintain privacy and security, and they evaluated the relative costs and benefits of alternative mechanisms for protecting health information.
|
From page 30... ...
Life insurance companies created the Medical Information Bureau Inc. to improve the underwriting process and help detect possible instances of fraud in the use of health information (Box 1.1~.
|
From page 31... ...
A variety of mechanisms exist for protecting electronic health information.21 These include both technical measures for improving computer and network security as well as organizational measures for ensuring that workers understand their responsibility to protect information and for detecting and reporting violations. Understanding the efficacy, costs, and trade-offs between protection and access inherent in each of these mechanisms is central to implementing sound programs for improving privacy and security in the health care industry.
|
From page 32... ...
32 FOR THE RECORD: PROTECTING ELECTRONIC HEALTH INFORMATION information that have been demonstrated in health care settings, this report attempts to demonstrate ways in which privacy and security can be maintained in health care applications of the national information infrastructure. The content of this report is structured to provide illustrations of practical initiatives that can be pursued by health care organizations and to allow a more informed public debate over policy.
|
From page 33... ...
INTRODUCTION 33 GOALS AND LIMITATIONS OF THIS REPORT Objectives This report attempts to guide the debate over the privacy and security of electronic medical information by evaluating practices for better protecting health information. To this end, the report has the following objectives: 1.
|
From page 34... ...
Additional mechanisms that are not yet feasible for application to health care are also identified as research needs. What This Report Does Not Do The original charge to the committee called for an assessment of mechanisms to protect the privacy and security of electronic health care information.
|
From page 35... ...
Despite its efforts to address many aspects of privacy and security, the committee cannot claim that this report is comprehensive. Many other health care organizations are likely to have developed innovative solutions for protecting electronic medical information that are not described in this report.
|
From page 36... ...
as well as those still under development. Chapter 6 contains the committee's findings and its recommendations for increasing the privacy and security of electronic health information.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.