Information Privacy in the Evolving Healthcare Environment


What Is Privacy?The Right to PrivacyPrivacy and FreedomThe Fair Information PracticesApplication of FIPs to the Healthcare EnvironmentFIPs for Electronic Health InformationThe Consumer Bill of RightsPrivacy ModelsSolove's TaxonomyContextual IntegrityPrivacy Challenges in the Healthcare EnvironmentElectronic Health Records and Health Information ExchangeDe-Identified DataBig Data AnalyticsConsumer Health Devices and ApplicationsInternet of ThingsHealth Information BreachesConclusionNotesConsidering Ethics in PrivacySetting PrinciplesSample PrinciplesOrganizations Should Treat Everyone according to the Same Ethical PrinciplesEveryone Now Living Will Die SomedayQuality of Life Has a Higher Value than Quantity of LifeHuman Life and Limb Hold Very High ValueHuman Life Is More Valuable than a Human LimbA Patient's Personal Principles Should Be Valued Higher than Organizational Principles When Applied to That Individual Patient's CareA Patient's Personal Principles and Choices Should Not Be Permitted to Violate the Rights or Principles of Another PersonA Competent Patient Should Have the Absolute Right to Limit the Sharing of His or Her Personal Clinical DataA Guardian's Principles Should Have Great Weight in the Management of a Patient Not Deemed Competent to Make His or Her Own DecisionsStaff May Not Use Patient Data for Any Purpose Other than Direct Performance of Their JobsHealthcare Organizations Should Not Sell Patient Data without Patient ConsentHealthcare Organizations Should Limit Secondary Use of Patient Data to Those Permitted by HIPAAFinding BalanceExamplesPrivacy Among PartnersContemplated ActivityA Celebrity in Our MidstDeveloping AnswersNotesThe Role of Information Security in Protecting Privacy in the Healthcare EnvironmentWhat Is Information Security?Information Security Safeguards in the Healthcare EnvironmentAdditional Security Incident Response RequirementsTools for Selecting and Assessing Security and Privacy Measures in the Healthcare EnvironmentInformation Security and Privacy as Distinct DisciplinesHow Security and Privacy Efforts Work TogetherAccess ControlAccountabilityAggregationData MinimizationDisclosureIntegrityDestructionPrivacy and Security and Risk ManagementProtecting Information Security and Privacy in OperationsConclusionNotesThe Legal Framework for Health Information PrivacyHealth Insurance Portability and Accountability ActStatutory and Regulatory HistoryApplicability of HIPAA: Definition of Covered EntitiesScope of Data CoveredDefinition of Protected Health InformationStandards for De-Identification of Health InformationRestrictions on Use and Disclosure of PHITreatment, Payment, and Healthcare OperationsUses and Disclosures for Public Interest PurposesThe Minimum Necessary RequirementElements of Valid Patient AuthorizationBusiness AssociatesPrivacy SafeguardsPatient RightsBreach NotificationRelationship to State Privacy LawsPenaltiesFederal Protection of Substance Abuse Treatment RecordsTypes of Organizations Covered by Part 2 RulesElements of a Valid ConsentExceptions to Consent RequirementMandatory Warning Notice Accompanying DisclosuresRelationship between Programs and Qualified Service OrganizationsPenaltiesOther Federal Health Privacy Statutes and RegulationsTitle X Family Planning ProgramMedicare and MedicaidState Privacy LawsComprehensive Medical Privacy LawsLaws Governing Sensitive Health InformationHIV/AIDS InformationMental Health InformationGenetic Testing InformationFamily Planning InformationInformation about MinorsLaws Relating to Licensure of Facilities and ProfessionalsPrivilege StatutesPatient Access LawsBreach Notification LawsRecent Regulation of Regional and Other Health Information ExchangesConclusionNotesPrivacy Challenges in Health Information ExchangeThe Need for Nationwide Electronic Health Information ExchangeMaking Electronic Health Information Exchange a RealityEHR AdoptionData Standards and InteroperabilityPrivacy Considerations for Health Information ExchangeChallenges in Addressing Privacy of Health Information ExchangeState and Federal Health Information Privacy Policy and RegulationManagement of State Consent RequirementsBehavioral Health Data ExchangeInterstate Information Exchange in the Event of a DisasterNew Day, New Challenges: Establishing Trusted EntitiesDiscussionNotesMaintaining a Holistic Approach to PrivacyThe Benefits and Risks of Health ITHealth IT BenefitsPrivacy Risks and HarmsThe Success of Health IT Depends on Public TrustThere Is a Healthy, Ongoing Debate regarding the Effectiveness of Patient Consent to Protect Patient PrivacyCurrent Practice under the Privacy RuleAn Argument for More Patient Control via ConsentAn Argument for Limited Sharing of PHI without Prior Patient ConsentA Broad, Holistic Approach to Data Privacy Remains a Valuable Method for Protecting Patient PrivacyBenefits of a Holistic ApproachExamples of Privacy Frameworks That Embrace FIPPsConclusionNotesTransparencyThe Principle of Transparency in the Precision Medicine InitiativeTransparency: Its Meaning, Justifications, and MeansTransparency: Barriers to Achieving Successful CommunicationNotice as a Method for Achieving TransparencyCase Study: Office of the National Coordinator for Health Information Technology's Model Personal Health Record Privacy Notice and BeyondBeyond Posted Notices: Prescribed Product Labels and Other Techniques for Informing ConsumersConclusionNotesSecondary Use of Protected Health InformationPrivacy Rule Requirements for Secondary UseThe Value of Secondary UseDe-IdentificationHealth Information ExchangeBig DataGenomic DataDetailed Argument for the Practical Limitations of De-Identification Resulting from Genomics and Computer-Based Re-IdentificationObservationsObservation 1: Current Status of Commercial Clinical GenomicsObservation 2: Logarithmic Decline in Cost of Genomic SequencingObservation 3: Valid Genomic Signatures Are Always Self-IdentifyingObservation 4: Legal Requirements for Providers to Retain RecordsObservation 5: Consumer Rights to Retain a Copy of Their RecordsAssumptionsAssumption 1: Affordability of Full Genomic Signature for Every PatientAssumption 2: Ubiquity of Full Genomic Signatures as Part of the Medical RecordAssumption 3: Genomic Signatures as a Prerequisite for Routine Medical CareAssumption 4: Necessity of Clinical Access to Full Genomic SignatureAssumption 5: Current Methods for Modifying Data to Protect IdentityAssumption 6: Community Standard to Use Digital Genomic SignaturesAssumption 7: Publishing Genomes of Cohorts for Clinical Research Will Become RoutineAssumption 8: Strong Binding of Genomic Signatures to Health RecordAssumption 9: "Weakest Link" Phenomenon for Computer Re-IdentificationInferencesInference 1: Value Proposition for the IndividualInference 2: Value Proposition for the Healthcare ProviderInference 3: Decreasing Effectiveness of De-Identification in the Traditional SenseInference 4: Implications for Policy, Law, and EnforcementInference 5: Implications for Public DialoguePolicy ConsiderationsSummaryNotesThe Past, Present, and Future of Healthcare PrivacyThe Globalization of PrivacyThe Healthcare IndustryThe Role of the Patient in Data SharingConsistent Information Privacy PrinciplesIndustry Codes of Conduct/PracticeAccountabilityEnforcementBig Data and the Impact on HealthcareUse of De-Identified InformationBeneficial Uses of De-Identified DataDe-Identification Process (HIPAA)Practical De-IdentificationAn Overall Approach to De-Identification: The HITRUST FrameworkProgram ComponentsDe-Identification MethodologyProtecting De-Identified DataSummaryNotes
 
Next >