Medical privacy

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Various methods have been used to protect patient's privacy. This drawing by Jacques-Pierre Maygnier (1822) shows a "compromise" procedure, in which the physician is kneeling before the woman but cannot see her genitalia.

Medical privacy or health privacy is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) has raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

Medical privacy standards by country[edit]

Australia – eHealth[edit]

On July 1, 2012, the Australian Government launched the Personally Controlled Electronic Health Record (PCEHR) (eHealth) system.[1] Once the system is fully implemented, it will incorporate an electronic summary prepared by nominated healthcare providers along with consumer-provided notes. Further, the summary will include information on the individual's allergies, adverse reactions, medications, immunizations, diagnoses, and treatments. The consumer notes will operate as a personal medical diary that only the individual can view and edit.[2] The opt-in system gives people the option to choose whether to register for the eHealth record or not.[3]

As of January 2016, the Commonwealth Department of Health changed the name PCEHR to My Health Record.

Privacy – Governance[edit]

The Personally Controlled Electronic Health Records Act 2012 and Privacy Act 1988 governs how eHealth record information is managed and protected.[4] The PCEHR System Operator abides by the Information Privacy Principles in the Privacy Act 1988 (Commonwealth) as well as any applicable State or Territory privacy laws.[5] A Privacy Statement sets out the application of the collection of personal information by the System Operator. The statement includes an explanation of the types of personal information collected, what the information is used for, and how the information is stored. The statement covers measures in place to protect personal information from misuse, loss, unauthorized access, modification, and disclosure.[6]

Privacy – Security measures[edit]

Security measures include audit trails so that patients can see who has accessed their medical records along with the time the records were accessed. Other measures include the use of encryption as well as secure logins and passwords. Patient records are identified using an Individual Health Identifier (IHI), assigned by Medicare, the IHI service provider.[6][7]

Privacy – Issues[edit]

A 2012 nationwide survey in Australia assessed privacy concerns on patients' health care decisions, which could impact patient care. Results listed that 49.1% of Australian patients stated they have withheld or would withhold information from their health care provider based on privacy concerns.[8]

  • How does consent impact privacy?

One concern is that personal control of the eHealth record via consent does not guarantee the protection of privacy. It is argued that a narrow definition, 'permission' or 'agreement', does not provide protection for privacy and is not well represented in Australian legislation. The PCEHR allows clinicians to assume consent by consumer participation in the system; however, the needs of the consumer may not be met. Critics argue that the broader definition of 'informed consent' is required, as it encompasses the provision of relevant information by the healthcare practitioner, and understanding of that information by the patient.[9]

  • Is it legitimate to use personal information for public purposes?

Data from the PCEHR is to be predominantly used in patient healthcare, but other uses are possible, for policy, research, audit and public health purposes. The concern is that in the case of research, what is allowed goes beyond existing privacy legislation.[9]

  • What are ‘illegitimate’ uses of health information?

The involvement of pharmaceutical companies is viewed as potentially problematic. If they are perceived by the public to be more concerned with profit than public health, public acceptance of their use of PCEHRs could be challenged. Also perceived as problematic, is the potential for parties other than health care practitioners, such as insurance companies, employers, police or the government, to use information in a way which could result in discrimination or disadvantage.[9]

  • What are the potential implications of unwanted disclosure of patient information?

Information 'leakage' is seen as having the potential to discourage both patient and clinician from participating in the system. Critics argue the PCEHR initiative can only work, if a safe, effective continuum of care within a trusting patient/clinician relationship is established. If patients lose trust in the confidentiality of their eHealth information, they may withhold sensitive information from their health care providers. Clinicians may be reluctant to participate in a system where they are uncertain about the completeness of the information.[10]

  • Are there sufficient safeguards for the protection of patient information?

Security experts have questioned the registration process, where those registering only have to provide a Medicare card number, and names and birth dates of family members to verify their identity. Concerns have also been raised by some stakeholders, about the inherent complexities of the limited access features. They warn that access to PCEHR record content, may involve transfer of information to a local system, where PCEHR access controls would no longer apply.[7]


The privacy of patient information is protected at both the federal level and provincial level in Canada. The health information legislation established the rules that must be followed for the collection, use, disclosure and protection of health information by healthcare workers known as "custodians". These custodians have been defined to include almost all healthcare professionals (including all physicians, nurses, chiropractors, operators of ambulances and operators of nursing homes). In addition to the regulatory bodies of specific healthcare workers, the provincial privacy commissions are central to the protection of patient information.

Much of the current legislation concerning privacy and patient information was enacted since 2000 as a result of the proliferation of the use electronic mobile devices in Canada.[11] As a result, both large and small private businesses created smartphone and EMR solutions that comply with applicable legislation.[12]


The privacy of patient information is guaranteed by articles 78 and 100 of legal code 5510.

On the other hand, the Social Security Institution (SGK), which regulates and administers state-sponsored social security / insurance benefits, sells patient information after allegedly anonimizing the data, confirmed on October 25, 2014.[13]

United Kingdom[edit]

The National Health Service is increasingly using electronic health records, but until recently, the records held by individual NHS organisations, such as General Practitioners, NHS Trusts, dentists and pharmacies, were not linked. Each organisation was responsible for the protection of patient data it collected. The programme, which proposed to extract anonymised data from GP surgeries into a central database, aroused considerable opposition.

In 2003, the NHS made moves to create a centralized electronic registry of medical records. The system is protected by the UK's Government Gateway, which was built by Microsoft. This program is known as the Electronic Records Development and the Implementation Programme (ERDIP). The NHS National Program for IT was criticized for its lack of security and lack of patient privacy. It was one of the projects that caused the Information Commissioner to warn[citation needed] about the danger of the country "sleepwalking" into a surveillance society. Pressure groups[according to whom?] opposed to ID cards also campaigned against the centralized registry.

Newspapers feature stories about lost computers and memory sticks but a more common and longstanding problem is about staff accessing records that they have no right to see. It has always been possible for staff to look at paper records, and in most cases, there is no track of record. Therefore, electronic records make it possible to keep track of who has accessed which records. NHS Wales has created the National Intelligent Integrated Audit System which provides "a range of automatically generated reports, designed to meet the needs of our local health boards and trusts, instantly identifying any potential issues when access has not been legitimate". Maxwell Stanley Consulting will use a system called Patient Data Protect (powered by VigilancePro) which can spot patterns – such as whether someone is accessing data about their relatives or colleagues.[14]

United States[edit]

A nurse shredding papers in order to be compliant with the physical safeguard section of the Health Insurance Portability and Accountability Act (HIPAA).

See: Health Insurance Portability and Accountability Act of 1996

Since 1974, numerous federal laws have been passed in the United States to specify the privacy rights and protections of patients, physicians, and other covered entities to medical data.[15] The most comprehensive law passed is the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which was later revised after the Final Omnibus Rule in 2013.[16] HIPAA provides a federal minimum standard for medical privacy, sets standards for uses and disclosures of protected health information (PHI), and provides civil and criminal penalties for violations.

According to HIPAA, the covered entities that must follow the law's set mandates are health plans, health care clearinghouses, and health care providers that electronically transmit PHI. Business associates of these covered entities are also subject to HIPAA's rules and regulations.[17]

In 2008, Congress passed the Genetic Information Nondiscrimination Act of 2008 (GINA), which aims to prohibit genetic discrimination for individuals seeking health insurance and employment. The law also includes a provision which mandates that genetic information held by employers be maintained in a separate file and prohibits disclosure of genetic information except in limited circumstances.

In 2013, after GINA was passed, the HIPAA Omnibus Rule amended HIPAA regulations to include genetic information in the definition of Protected Health Information (PHI). This rule also expanded HIPAA by broadening the definition of business associates to include any entity that sends or accesses PHI such as health IT vendors.[18]

California-Specific Laws[edit]

In California, the Confidentiality of Medical Information Act (CMIA), provides more stringent protections than the federal statutes.[19] HIPAA expressly provides that more stringent state laws like CMIA, will override HIPAA's requirements and penalties. More specifically, CMIA prohibits providers, contractors and health care service plans from disclosing PHI without prior authorization.

These medical privacy laws also set a higher standard for health IT vendors or vendors of an individual's personal health record (PHR) by applying such statutes to vendors, even if they are not business associates of a covered entity. CMIA also outlines penalties for violating the law. These penalties range from liability to the patient (compensatory damages, punitive damages, attorneys’ fees, costs of litigation) to civil and even criminal liability.[20]

Likewise, California's Insurance Information and Privacy Protection Act[21] (IIPPA) protects against unauthorized disclosure of PHI by prohibiting unapproved information sharing for information collected from insurance applications and claims resolution.

Privacy and Electronic Health Records (EHRs)[edit]

The three goals of information security, including electronic information security, are confidentiality, integrity, and availability. Organizations are attempting to meet these goals, referred to as the C.I.A. Triad[22], which is the "practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction."

In a 2004 editorial in the Washington Post, U.S. Senators Bill Frist and Hillary Clinton supported this observation, stating "[patients] need...information, including access to their own health records... At the same time, we must ensure the privacy of the systems, or they will undermine the trust they are designed to create".[23] A 2005 report by the California Health Care Foundation found that "67 percent of national respondents felt 'somewhat' or 'very concerned' about the privacy of their personal medical records".[24]

The importance of privacy in electronic health records became prominent with the passage of the American Recovery and Reinvestment Act (ARRA) in 2009. One of the provisions (known as the Health Information Technology for Economic and Clinical Health [HITECH] Act) of the ARRA mandated incentives to clinicians for the implementation of electronic health records by 2015.[25] Privacy advocates in the United States have raised concerns about unauthorized access to personal data as more medical practices switch from paper to electronic medical records.[26] The Office of the National Coordinator for Health Information Technology (ONC) explained that some of the safety measures that EHR systems can utilize are passwords and pin numbers that control access to such systems, encryption of information, and an audit trail to keep track of the changes made to records.[27]

Providing patient access to EHRs is strictly mandated by HIPAA's Privacy Rule. One study found that each year there are an estimated 25 million compelled authorizations[28] for the release of personal health records.[29] Researchers, however, have found new security threats open up as a result.[29] Some of these security and privacy threats include hackers, viruses, and worms. These privacy threats are made more prominent by the emergence of "cloud computing", which is the use of shared computer processing power. Health care organizations are increasingly using cloud computing as a way to handle large amounts of data. This type of data storage, however, is susceptible to natural disasters, cybercrime and technological terrorism, and hardware failure.[30] Health information breaches accounted for the 39 percent of all breaches in 2015.[31]

Medical data outside of HIPAA[edit]

Many patients mistakenly believe that HIPAA protects all health information.[32] HIPAA does not usually cover fitness trackers, social media sites and other health data created by the patient.[33] Health information can be disclosed by patients in emails, blogs, chat groups, or social media sites including those dedicated to specific illnesses, "liking" web pages about diseases, completing online health and symptom checkers, and donating to health causes.[34] In addition, credit card payments for physician visit co-pays, purchase of over the counter (OTC) medications, home testing products, tobacco products, and visits to alternative practitioners are also not covered by HIPAA.

A 2015 study reported over 165,000 health apps available to consumers. Disease treatment and management account for nearly a quarter of consumer apps. Two-thirds of the apps target fitness and wellness, and ten percent of these apps can collect data from a device or sensor.[35] Since the Food and Drug Administration (FDA) only regulates medical devices and most of these applications are not medical devices, they do not require FDA approval. The data from most apps are outside HIPAA regulations because they do not share data with healthcare providers. "Patients may mistakenly assume that mobile apps are under the scope of HIPAA since the same data, such as heart rate, may be collected by an application that is accessible to their physician and covered by HIPAA, or on a mobile app that is not accessible to the physician and not covered by HIPAA."[34]

New Zealand[edit]

In New Zealand, the Health Information Privacy Code (1994) sets specific rules for agencies in the health sector to better ensure the protection of individual privacy. The code addresses the health information collected, used, held and disclosed by health agencies. For the health sector, the code takes the place of the information privacy principles.


The introduction of a nationwide system for the exchange of medical information and access to electronic patient records led to much discussion in the Netherlands.[36]

Privacy for research participants[edit]

In the course of having or being part of a medical practice, doctors may obtain information that they wish to share with the medical or research community. If this information is shared or published, the privacy of the patients must be respected. Likewise, participants in medical research that are outside the realm of direct patient care have a right to privacy as well.

See also[edit]


  1. ^ "Australian Government - Department of Health and Ageing". PCEHR Governance. Retrieved 18 May 2013. 
  2. ^ "National E-Health Transition Authority (NEHTA)". Our Work - PCEHR. Retrieved 18 May 2013. 
  3. ^ "Australian Government - Department of Health and Ageing". Expected benefits of the national PCEHR system. Retrieved 18 May 2013. 
  4. ^ "Australian Government - ComLaw". Personally Controlled Electronic Health Records Act 2012. Retrieved 18 May 2013. 
  5. ^ "Australian Government - Office of the Australian Information Commissioner". Information Privacy Principles under the Privacy Act 1988. Retrieved 18 May 2013. 
  6. ^ a b "Australian Government - Department of Health and Ageing". Privacy. Retrieved 18 May 2013. 
  7. ^ a b Showell, CM (2011). "Citizens, patients and policy: a challenge for Australia's national electronic health record". Health Information Management Journal. 40 (2): 39–43. doi:10.1177/183335831104000206. PMID 28683627.
  8. ^ Anonymous (2012). "e-Health". Australian Nursing Journal. 20 (2): 20. 
  9. ^ a b c Spriggs, Merle; Arnold, Michael V; Pearce, Christopher M; Fry, Craig (2012). "Ethical questions must be considered for electronic health records" (Submitted manuscript). Journal of Medical Ethics. 38 (9): 535–539. doi:10.1136/medethics-2011-100413. PMID 22573881. 
  10. ^ Liaw, S. T; Hannan, T (2011). "Can we trust the PCEHR not to leak?". The Medical Journal of Australia. 195 (4): 222. PMID 21843131. 
  11. ^ Chan, N; Charette, J; Dumestre, D. O; Fraulin, F. O (2016). "Should 'smart phones' be used for patient photography?". Plastic Surgery (Oakville, Ont.). 24 (1): 32–4. PMC 4806754Freely accessible. PMID 27054136. 
  12. ^ "About TELUS". Retrieved 2016-05-24. 
  13. ^ ""Sağlık Bakanlığı SGK bilgilerini sattığını doğruladı: İsim vermeden sattık" ("The Miistry of Health confirms the sale of information [to third parties] through SGK database: 'We sold [data] without [patients'] names'")". Birgün. Archived from the original on 26 October 2014. Retrieved 25 October 2014. 
  14. ^ "Paperless NHS supplement: Data protection – it's a breach of trust". Health Service Journal. 13 March 2015. Retrieved 28 April 2015. 
  15. ^ "" (PDF). Retrieved October 8, 2016. 
  16. ^ (OCR), Office for Civil Rights (2015-10-30). "Omnibus HIPAA Rulemaking". Retrieved 2016-10-08. 
  17. ^ (OCR), Office for Civil Rights (2015-11-23). "Covered Entities and Business Associates". Retrieved 2016-10-08. 
  18. ^ Baum, Stephanie (2013-09-23). "10 things you need to know about HIPAA Omnibus final rule". MedCity News. Retrieved 2016-10-08. 
  19. ^ "The Law and Medical Privacy". Electronic Frontier Foundation. Retrieved 2016-10-08. 
  20. ^ Henry, Davis Wright Tremaine LLP-Karen A.; Keville, Terri D. "What you don't know about California's Confidentiality of Medical Information Act might hurt you! | Lexology". Retrieved 2016-10-08. 
  21. ^ "California Legislative Information". Retrieved 2016-10-08. 
  22. ^ "What is confidentiality, integrity, and availability (CIA triad)? - Definition from". Retrieved 2016-10-08. 
  23. ^ Frist and Clinton (August 25, 2004). "Washington Post". How to Heal Health Care. 
  24. ^ Bishop, L.S. "National Consumer Health Privacy Survey 2005" (PDF). 
  25. ^ "What is HITECH Act (Health Information Technology for Economic and Clinical Health Act)? - Definition from". SearchHealthIT. Retrieved 2016-10-08. 
  26. ^ Mountain, Iron. "Electronic Health Records Security and Privacy Concerns". Retrieved 2016-10-08. 
  27. ^ "Privacy, Security, and Electronic Health Records - Health IT Buzz". Health IT Buzz. 2011-12-12. Retrieved 2016-10-08. 
  28. ^ Rothstein, Mark A; Talbott, Meghan K (2007). "Compelled Authorizations for Disclosure of Health Records: Magnitude and Implications". The American Journal of Bioethics. 7 (3): 38–45. doi:10.1080/15265160601171887. PMID 17366232. 
  29. ^ a b Rothstein, Mark A; Talbott, Meghan K (2007). "Compelled Authorizations for Disclosure of Health Records: Magnitude and Implications". The American Journal of Bioethics. 7 (3): 38–45. doi:10.1080/15265160601171887. PMID 17366232. 
  30. ^ Sahi, Aqeel; Lai, David; Li, Yan (2016). "Security and privacy preserving approaches in the e Health clouds with disaster recovery plan". Computers in Biology and Medicine. 78: 1–8. doi:10.1016/j.compbiomed.2016.09.003. PMID 27639895. 
  31. ^ Landi, Heather (April 13, 2016). "Identity Theft Resource Center data report states there is a connection between the growing trend of healthcare breaches exposing Social Security numbers and the increase in tax-related identity theft". Healthcare Informatics. Retrieved October 8, 2016. 
  32. ^ Tipton, Stephen J; Forkey, Sara; Choi, Young B (2016). "Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle". Journal of Medical Systems. 40 (4): 100. doi:10.1007/s10916-016-0465-x. PMID 26872782. 
  33. ^ "ONC to Congress: Protect patient health data that falls outside HIPAA". MobiHealthNews. 2016-07-19. Retrieved 2016-10-08. 
  34. ^ a b Glenn, Tasha; Monteith, Scott (2014). "Privacy in the Digital World: Medical and Health Data Outside of HIPAA Protections". Current Psychiatry Reports. 16 (11): 494. doi:10.1007/s11920-014-0494-4. PMID 25218603. 
  35. ^ "Mobile Healthcare Apps Expand Patient Options". IMS Health. 2016-08-23. Retrieved 2016-10-08. 
  36. ^ EPD enquête, archived from the original on 2016-01-12 

External links[edit]