Personal Health Record - Privacy and Ethical Concerns

Privacy and Ethical Concerns

One of the most controversial issues for PHRs is how the technology could threaten the privacy of patient information. Network computer break-ins are becoming more common, thus storing medical information online can cause fear of the exposure of health information to unauthorized individuals. In addition to height, weight, blood pressure and other quantitative information about a patient's physical body, medical records can reveal very sensitive information, including fertility, surgical procedures, emotional and psychological disorders, and diseases, etc. Various threats exist to patient information confidentiality, some of which are listed below:

• Accidental disclosure: During multiple electronic transfers of data to various entities, medical personnel can make innocent mistakes to cause disclosure of data.

• Insider curiosity: Medical personnel may misuse their access to patient information out of curiosity or for another purpose.

• Insider subordination: Medical personnel may leak out personal medical information for spite, profit, revenge, or other purposes.

• Uncontrolled secondary usage: Those who are granted access to patient information solely for the purpose of supporting primary care can exploit that permission for reasons not listed in the contract, such as research.

• Outsider intrusion: Former employees, network intruders, hackers, or others may access information, damage systems or disrupt operations

Unlike paper-based records that require manual control, digital health records are secured by technological tools. Rindfleisch (1997) identifies three general classes of technological interventions that can improve system security:

• Deterrents – These depend on the ethical behaviour of people and include controls such as alerts, reminders and education of users. Another useful form of deterrents has been Audit Trails. The system records identity, times and circumstances of users accessing information. If system users are aware of such a record keeping system, it will discourage them from taking ethically inappropriate actions

• Technological obstacles – These directly control the ability of a user to access information and ensure that users only access information they need to know according to their job requirements. Examples of technological obstacles include authorization, authentication, encryption, firewalls and more.

• System management precautions – This involves proactively examining the information system to ensure that known sources of vulnerability are eliminated. An example of this would be installing antivirus software in the system

The extent of information security concerns surrounding PHRs extends beyond technological issues. For some ethicist, each transfer of information in the treatment process must be authorized by the patient even if it is for patient’s betterment. As mentioned previously, no set of clearly defined architectural requirements and information use policies is available.