Difference between revisions of "Privacy, Confidentiality, and Electronic Medical Records"
(→Goals of Informational Security in Health Care) |
(→Security Policy) |
||
Line 13: | Line 13: | ||
== Security Policy == | == Security Policy == | ||
+ | A security policy is essential in protecting health care data. Organizations should define a policy that will not only protect their patients but also their personnel who are authorized to view data and outside vendors such as insurance companies and managed care organizations. | ||
− | + | Organizations should define their security policy based on the following factors: | |
+ | ** Functional requirements of an information system | ||
+ | ** Security requirements for the system | ||
+ | ** A threat model | ||
== Privacy and Confidentiality in Health Care == | == Privacy and Confidentiality in Health Care == |
Revision as of 19:04, 8 April 2015
This is a review on Barrows, R., & Clayton, P. (1996) article, Privacy, Confidentiality, and Electronic Medical Records. [1]
Contents
Goals of Informational Security in Health Care
An electronic medical record (EMR) allows providers and clinicians to access and share a patient's medical health information among authorized individuals. Because there is a risk of a potential breach of privacy and confidentiality, healthcare organizations should establish security measures to protect their data.
To assist organizations, the goals of informational security in health care should be considered.
- Ensure the privacy of patients and confidentiality of health care data
- Ensure the integrity of health care data
- Ensure the availability of health data for authorized persons
Security Policy
A security policy is essential in protecting health care data. Organizations should define a policy that will not only protect their patients but also their personnel who are authorized to view data and outside vendors such as insurance companies and managed care organizations.
Organizations should define their security policy based on the following factors:
- Functional requirements of an information system
- Security requirements for the system
- A threat model
Privacy and Confidentiality in Health Care
Conclusion
Comments
References
- ↑ Privacy, Confidentiality, and Electronic Medical Records Randolph C. Barrows , Paul D. Clayton Journal of the American Medical Informatics Association Mar 1996, 3 (2) 139-148; DOI: 10.1136/jamia.1996.96236282 Retrieved from http://jamia.oxfordjournals.org/content/3/2/139