Privacy, Confidentiality and Security of Patient Care Information
Privacy in the healthcare context amounts to the freedom and ability to share an individual's personal and health information in confidence. Confidentiality is the actual protection such information receives from the provider organizations. An individual's personal and health information include those that were supplied by the individual and those observed by the care giver during the course of the delivery of care. Security is the measure that an organization has employed to protect the confidentiality of the patient information. In essence, privacy of an individual's health information depends on the level of confidentiality maintained by organizations, which in turn depends on the security measures implemented by them. Respect for privacy and confidentiality of patient information must be adopted and fostered as an essential organizational policy and culture. Security measures that are failsafe must be utilized. Yet, the organizational security measures can work only within the walls of the organization and among its employees. Protection outside the provider organization requires federal legislative measures, in addition to an organization's security measures. Therefore, protecting the privacy of patient information is a joint responsibility of individuals, organizations and the nation as a whole; appropriate effort must be put forth by all of them.
Unique Patient Identifier's Role in Protecting the Privacy of Patient Care Information
Patient Identifiers play a vital role in the management of patient care delivery and the patient care information. They are also essential for the protection of patient care information. Access to patient care information is managed through the use of the patient identifier. Therefore, Unique Patient Identifiers can assist in the prevention of unauthorized access and accurate identification of the required information. The use of a Unique Patient Identifier to access patient care information helps standardize the access method and strengthens the access control. Unique Patient Identifier eliminates the need for the repetitive use and disclosure of an individual's personal identification information (i.e. name, age, sex, race, marital status, place of residence, etc.) for routine internal and external communications (e.g. orders, results, medication, consultation, etc.) and protects the privacy of the individual. It helps preserve the patient anonymity while facilitating communication and information sharing. Healthcare is fundamentally a multi-disciplinary process. A Unique Patient Identifier enables the integration and the availability of critically needed information from multi-disciplinary sources and multiple care settings. Therefore, the integrity and security of the patient information depend on the use of a reliable Unique Patient Identifier.
One of the risks associated with the use of a Unique Patient Identifier is that it can be misused to link an individual's medical information with his/her personal information such as financial data, purchasing habit, family details, etc. This may result in discrimination (employment, social & financial) and loss of privacy. Since access to healthcare information is possible even without the use of a Unique Patient Identifier, the solution to this and other legitimate concerns does not lie in eliminating the use of a Unique Patient Identifier. The primary mission of the industry is healthcare delivery. The privacy and confidentiality concerns must be addressed fully and effectively; but it should be done without sacrificing any of the required basic components of patient care. Critical needs of timely patient care (such as accurate identification of the patient information and timely access) should not be jeopardized. The risk associated with the use of a Unique Patient Identifier rather sheds light on the overall lack of a public policy relating to the patient care information. The NRC report, For the Record Protecting Electronic Health Information, observes, "Unscrupulous people could of course, collect, collate, and use such data in ways that are prohibited, but the threat of a well-defined and rigorously enforced legal sanctions would help limit such abuses." Therefore, a uniform federal and state legislation is required to protect against misuse of Unique Patient Identifiers, unauthorized access and illegal linkages. Since, Unique Patient Identifier is an integral part of patient care information, it requires the same security and confidentiality protection as the patient care information itself.
How do we link patient record, yet mitigate privacy concerns? How do we associate patient information accurately with the proper patient record, yet protect patient anonymity? How can we maximize the benefit of UPI and eliminate risks? Some of the alternatives to Unique Patient Identifier include the use of patient demographic information for indexing, searching and matching. This will subject the patient information to greater privacy risks. Other strategies such as the use of multiple identifiers for the same patients (within the same institution among multiple services or among multiple institutions) will make it difficult for legitimate access to information and subject patient care to undue risks. Some of those who are concerned with the privacy and security risks recommend these alternative methods to prevent unauthorized access. However, computer systems and communication technology are rapidly becoming so powerful and sophisticated that these methods will not be adequate as barriers to prevent unauthorized access. Use of non-standard methods of access to patient care information will increase the level of exposure. Provider organizations will find it difficult to monitor and exercise control over such methods.
On the other hand, the Unique Patient Identifier has the potential to effectively satisfy both of these critical functions (i.e. prevent unauthorized access and perform identification functions). Use of a Unique Patient Identifier to access patient care information helps standardize the access method and enable the organizations to use a single point of access and solidify their access control. They can monitor the access and continuously improve and strengthen the access control with appropriate measures such as authentication, audit trails, etc. This in turn will ensure timely access to authorized users and better enforcement of security against unauthorized users. The Unique Patient Identifier accomplishes this both within the same organization and across the entire nation. Therefore, the steps required to overcome the privacy and confidentiality challenges are:
1) a judicious design of the identifier
2) organizational security measures to control access
3) uniform federal legislation
4) developing security procedures and instilling responsibility among individuals.
How can we design an identification system that can both fulfill the patient care need and protect the privacy and confidentiality of the patient information? Answer to this most difficult challenge consists of the following design approaches:
a) authentication
b) access privilege
c) audit trails
d) separate access to ID segment and patient care information
6. Provide the option to store Unique Patient Identifier in an encrypted
format
7. Support the option to communicate it in an encrypted format.
Such a design architecture will keep the identification of patient care information and access as two distinct and separate functions within healthcare. The identifier's role is limited merely to identify the patient record by accessing only the identification segment of patient record and not its content. The access to the patient record, including the identification segment will be handled by the access control function. Both functions are exclusive and mandatory. Policies and procedures to deal with the behavior of individuals and technical measures to protect the data from unauthorized access are functions of the access mechanism and not that of the identifier. Access control will deal with authentication, user identification, access privileges, authorization by way of passwords, audit trails, physical security, etc. This will enable the identification function and security access to complement and support each other by performing exclusively their own distinct roles rather than assuming each other's.
The following are examples of measures that can be implemented by organizations that generate, access and use patient care information:
a. secure hardware
b. secure operating systems
c. secure application software
d. secure communication protocols and methods
Federal legislative mandate must:
The Health Insurance Portability and Accountability Act (HIPAA) 1996 requires the U.S. Congress to pass privacy legislation within 36 months. Multiple bills have been introduced for this purpose.
Public education of the value of privacy and confidentiality of healthcare information and the legal consequences of violation must be provided nation-wide. Healthcare organizations must provide ongoing staff training to enforce patient's privacy and confidentiality and promote security awareness among employees.