Ethics, Privacy, and Security

Ethics, Privacy, and Security

Modernization in healthcare has led to the tendency of most practitioners to rely on the use of
mechanical aids throughout the process of providing patient treatment. However, the fact
remains that human values should continue to govern research and practice in the healthcare
profession. Healthcare informatics encompasses issues of proper and improper behaviour,
honourable actions, and of right and wrong.
Ethical questions in medicine, nursing, human subject research, psychology, and other related
fields continue to become more twisted and complex, but some overarching issues are common
among them. Ethical issues in health informatics, on the other hand, are less familiar, even if
some of them have been controversial for decades. Privacy and confidentiality might be the
more popular sources of debates, but the rest of the field is surrounded with other ethical issues
of significant concern, such as the use of appropriate informatics tools in clinical settings,
determination of users of those tools, system evaluation, system development and maintenance,
and the use of computers in tracking clinical outcomes. Informatics also raises questions about
various legal and regulatory requirements (Goodman, 2016).
The rest of the discussion directs us to a set of ethical principles for appropriate use of decision-
support systems, particularly in Informatics, as described by Shortlife and Cimino (2013):

a. A computer program should be used in clinical practice only after appropriate evaluation of
its efficacy and the documentation that it performs its intended task at an acceptable cost
in time and money.
b. All uses of informatics tools, especially in patient care, should be preceded by adequate
training and instruction, which should include review of applicable product evaluations.
c. Users of most clinical systems should be health professionals who are qualified to address
the question at hand on the basis of their licensure, clinical training, and experience.
Software systems should be used to augment or supplement, rather than to replace or
supplant, such invididual’s decision making.Â

Ethics in Health Informatics

Figure 14.1:Overview of Health Informatics Ethics
Health informatics ethics is the application of the principles of ethics to the domain of health
informatics. There are three main aspects of health informatics: healthcare, informatics, and
software. Information systems are developed in order to assist in the dispensation of healthcare
or other supplementary services. In addition, health informatics also dwells in the efficiency of
processing data. Voluminous patient information has to be stored for future use, to be retrieved
when needed. Transfer of information also needs to be facilitated with proper security (Samuel
and Zaïane, 2014). Figure 14.1 above further enumerated the different principles
14.1.1 General Ethics
Autonomy
In a general sense, autonomy is defined as either allowing individuals to make their own
decisions in response to a particular societal context, or as the idea that no one human person
does not have the authority nor should have power over another human person. Electronic
health records (EHR) must maintain respect for patient autonomy, and this entails certain
restrictions about the access, content, and ownership of records. A compromise must be
reached between levels of patient autonomy and quality of patient records. When patients are
given too much control over their EHRs, this could defeat the purpose of the use of such a
document because critical information might be modified or deleted without the knowledge of
the health professionals. Limiting patient access and control over patient records improves
document quality because they can become proofreaders of their own patient history (Mercuri,
2010).
Beneficence and Non-maleficence
These two principles are respectively defined as “do good” and “do no harm.” In
health informatics, beneficence relates most significantly with the use of the stored data in the
EHR system, and non-maleficence with data protection.
Deeply-integrated EHR systems will contain substantial amounts of raw data, and great potential
exists for the conduction of groundbreaking biomedical and public health research. These kinds
of research will be beneficial to both the individual patient, and to the entirety of society. With
this in mind, new EHR systems should be developed with the capacity to allow patients to
release information from their EHRs which can be valuable to researchers and scientists.
Similarly, the available consolidated from clinical data repositories will be able to allow
healthcare professionals to provide the best possible treatments for their patients, further
upholding the principle of beneficence.
However, the integrated data storage in health informatics is also a breeding ground for varying
threats. Temporary outages, at a minimum, might prevent healthcare professionals from
performing necessary procedures. At worst, it could even result to significant patient mortality.
Total system failures, however, may cause even greater damage. In order to avoid these
instances, all data must have multiple back-ups which may be recovered rapidly and easily. The
highest level possible of data security should also be upheld, because medical records contain
very sensitive information about an individual. Vulnerabilities in security put patients at a risky
position, and ultimately might lead to the violation of the principle of non-maleficence (Mercuri,
2010).
14.1.2. Informatics Ethics
Informatics ethics, on the other hand, involves the ethical behavior required of anyone handling
data and information, as prescribed by the International Medical Informatics Association (2016).
It covers seven principles: privacy, openness, security, access, legitimate infringement, least
intrusive alternatives, and accountability.
1. Principle of Information-Privacy and Disposition

All persons and group of persons have a fundamental right to privacy, and hence to
control over the collection, storage, access, use, communication, manipulation, linkage
and disposition of data about themselves.

2. Principle of Openness

The collection, storage, access, use, communication, manipulation, linkage and

disposition of personal data must be disclosed in an appropriate and timely fashion to the
subject or subjects of those data.

3. Principle of Security

Data that have been legitimately collected about persons or groups of persons should be
protected by all reasonable and appropriate measures against loss degradation,
unauthorized destruction, access, use, manipulation, linkage, modification or
communication.
 4. Principle of Access

The subjects of electronic health records have the right of access to those records and
the right to correct them with respect to its accurateness, completeness and relevance.

5. Principle of Legitimate Infringement

The fundamental right of privacy and of control over the collection, storage, access, use,
manipulation, linkage, communication and disposition of personal data is conditioned
only by the legitimate, appropriate and relevant data-needs of a free, responsible and
democratic society, and by the equal and competing rights of others.

6. Principle of the Least Intrusive Alternative

Any infringement of the privacy rights of a person or group of persons, and of their right
of control over data about them, may only occur in the least intrusive fashion and with a
minimum of interference with the rights of the affected parties.

7. Principle of Accountability

Any infringement of the privacy rights of a person or group of persons, and of the right to
control over data about them, must be justified to the latter in good time and in an
appropriate fashion.

14.1.3. Software Ethics

Health informatics ethics heavily relies on use of software to store and process information. As a
result, activities carried out by software developers might significantly affect end-users. The
software developer has ethical duties and responsibilities to the following stakeholders: society,
institution and employees, and the profession.
Activities should be carried out with the best interest of the society in mind. Developers should
be mindful of social impacts of software systems. This includes disclosing any threats or known
defects in software. In addition, activities must be done in the best interests of the institution
and its employees, while balancing their duties to the public, including being straightforward
about personal limitations and qualifications.
Furthermore, software products should meet expected professional standards. Developers
should strive to build products that are of high standard, by thoroughly testing and
detailingunresolvedissues. Moreover, managers and leaders should prescribe ethical approaches
in software development. Realistic and effective costs, schedules, and procedures should be
encouraged(Samuel and Zaïane, 2014).

Privacy, Confidentiality and Security

Privacy and confidentiality are often used interchangeably, but they are not synonymous. Privacy
generally applies to individuals and their aversion to eavesdropping, whereas confidentiality is
more closely related to unintended disclosure of information. For example, someone who is
spying on a certain person and to find out about his visit to an acquired immunodeficiency
syndrome (AIDS) clinic is violating that person’s privacy. On the other hand, if someone
breaks into the clinic to view an individual’s patient record, that perpetrator is in violation of
confidentiality.
There are numerous significant reasons to protect privacy and confidentiality. One is that privacy
and confidentiality are widely regarded as rights of all people which merits respect without need
to be earned, argued, or defended. Secondly, protection of privacy and confidentiality is
ultimately advantageous for both individuals and society. Patients are more likely to be
comfortable to share sensitive health care data when they believe this information would not be
shared inappropriately. This kind of trust is essential in establishing a successful physician-patient
or nurse-patient relationship, and it enabled practitioners to perform their jobs better.
Privacy and confidentiality protection also benefits public health. When people are not afraid to
disclose personal information, they are more inclined to seek out professional assistance, and it
will diminish the risk of increasing untreated illnesses and spreading infectious diseases
(Goodman, 2016).
When patients trust you and your health information technology enough to disclose their health
information, you will have a more holistic view of patients’ overall health and both you and
your patient can formulate more-informed decisions. In addition, when breaches of privacy and
confidentiality occur, they can have serious consequences for your organization, such as
reputational and financial harm, or harm to your patients. Poor privacy and security practices
heighten the vulnerability of patient information and increases the risk of successful cyber-
attacks (USA Department of Health and Human Services, 2015).
In summary, the olden idea that physicians should hold health care information in confidence
should be applicable no matter what the circumstance. The obligations to protect privacy and to
keep confidences fall on system designers, maintenance personnel, administrators, and,
ultimately, to the physicians, nurses, and other frontline users of the information. The protection
of privacy and confidentiality is non-negotiable because it is a duty that does not fluctuate based
on the diseases, or the data-storage medium (Goodman, 2016).
14.2.1 Levels of Security in the Hospital Information System
Now that the importance of privacy and confidentiality in relation to security is established, the
next focus of the discussion would be on safeguards, or the solutions and tools which may be
utilized to implement your security policies. Safeguards can be on an Administrative (may be
implemented by the management as organization-wide policies and procedures), Physical
(mechanisms to protect equipment, systems, and locations), or Technical Level (automated
processes to protect the software and database access and control), examples of which are
enumerated in Table 14.1 below, as discussed by the USA Department of Health and Human
Services.
It is important to note that the types of safeguards you choose may be prescribed or restricted
by law. Another important consideration is the cost-benefit principle. If it is not cost effective for
your practice to avail of an expensive technology to mitigate a risk to electronic health
information, an alternative may be requiring your staff to follow a new administrative procedure
that equally reduces that risk. Conversely, if you cannot afford to place additional burden on
your staff due to possibilities of human error, you may choose to purchase a technology that
automates the procedure in order to minimize the risk.
Regardless of the type of safeguard your practice chooses to implement, it is important to
monitor its effectiveness and regularly assess your health IT environment to determine if new
risks are present.

Privacy, Confidentiality and Security

Table 14.1:Examples of Administrative, Physical, and Technical Safeguards

The National Research Council (1997) emphasizes that technological security tools are essential
components of modern distributed health care information systems, and that they serve five key
functions:
 1. Availability—ensuring that accurate and up-to-date information is available when
needed at appropriate places;
2. Accountability—helping to ensure that health care providers are responsible for their
access to and use of information, based on a legitimate need and right to know;
3. Perimeter identification—knowing and controlling the boundaries of trusted access to
the information system, both physically and logically;
4. Controlling access—enabling access for health care providers only to information
essential to the performance of their jobs and limiting the real or perceived temptation
to access information beyond a legitimate need; and
5. Comprehensibility and control—ensuring that record owners, data stewards, and
patients understand and have effective control over appropriate aspects of information
privacy and access.

14.2.2 Levels of Security in the Laboratory Information System

McPherson and Pincus (2017) narrate the following flow of information, described in Table 14.2,
in a specific portion of the Hospital Information System such as the Laboratory Information
System.

The principles abovementioned regarding administrative, technological, and physical safeguards

can be applied similarly to the Laboratory Information System in order to improve its security.
Examples are listed in Table 14.3.
Table 14.3: Safeguards for the Laboratory Information System

14.2.3. Philippine Data Privacy Act of 2012

Business Process Management, particularly involving Health Information Technology, is an
increasingly growing industry within the Philippine economy. With total IT expenditure reaching
$4.4 Billion in 2016, the industry is forecasted to more than double itself by the year 2020. In
addition, Filipinos utilize social media heavily, with a whopping 3.5 Million users on LinkedIn, 13
Million on Twitter, and 42.1 on Facebook (Wall, 2017).
Given the rapid evolution of the digital economy and heightened international data trading, the
Philippines has decided to strengthen its privacy and security protection by passing the Data
Privacy Act of 2012, with an aim “to protect the fundamental human right of privacy, of
communication while ensuring free flow of information to promote innovation and growth.―
(Republic Act. No. 10173, Ch. 1, Sec. 2).
The Data Privacy Act applies to individuals and legal entities that are in the business of
processing personal information. The law applies extraterritorially, applying both to companies
with offices in the Philippines, and even those located outside, but which use equipment based
in the Philippines. It covers personal information of Filipino citizens regardless of the place of
residence. The main principles that govern the approach for the Data Privacy act include:

1. Transparency;
2. Legitimacy of purpose; and
3. Proportionality.
4. Comprehensibility and control—ensuring that record owners, data stewards, and
patients understand and have effective control over appropriate aspects of information
privacy and access.

Consent is one of the major elements highly-valued by the Data Privacy Act. The act provides
that consent must be documented and given prior to the collection of all forms of personal data,
and the collection must be declared, specified, and for a legitimate purpose.
Furthermore, the subject must be notified about the purpose and extent of data processing, with
details specifying the need for automated processing, profiling, direct marketing, or sharing.
These factors ensure that consent is freely-given, specific, and informed.
However, an exception to the requirement of consent is allowed in cases of contractual
agreements where processing is essential to pursue the legitimate interests of the parties,
except when overridden by fundamental rights and freedom. Such is also the case in responding
to national emergencies.
Processing of sensitive and personal information is also forbidden, except in particular
circumstances enumerated below. The Data Privacy Act describes sensitive personal information
as those being:

 About an individual's race, ethnic origin, marital status, age, color, and religious,
philosophical or political affiliations;
 About an individual's health, education, genetic or sexual life of a person, or to any
proceeding or any offense committed or alleged to have committed;
 Issued by government agencies "peculiar" (unique) to an individual, such as social
security number;
 Marked as classified by executive order or act of Congress.

The exceptions are:

 Consent of the data subject;

 Pursuant to law that does not require consent;
 Necessity to protect life and health of a person;
 Necessity for medical treatment;
 Necessity to protect the lawful rights of data subjects in court proceedings, legal
proceedings, or regulation.
The provisions of the law necessitate covered entities to create a privacy and security program
to improve the collection of data, limit processing to legitimate purposes, manage access, and
implement data retention procedures.
Penalties
The act provides for different penalties for varying violations, majority of which include
imprisonment. These violations include:

 Unauthorized processing
 Processing for unauthorized purposes
 Negligent access
 Improper disposal
 Unauthorized access or intentional breach
 Concealment of breach involving sensitive personal information
 Unauthorized disclosure; and
 Malicious disclosure.

Any combination or series of acts enumerated above shall make the person subject to
imprisonment ranging from three (3) years to six (6) years, and a fine of not less than One million
pesos (Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00) (Republic Act.
No. 10173, Ch. 8, Sec. 33).