User:MaiSawangduan/sandbox

= Confidentiality in eHealth =

What is eHealth
Fundamentally, eHealth is a practice whose main focus is to establish electronic processes that provide a communication platform on matters relating to health. On a broader definition, eHealth is similar to health informatics when it covers the issue of digital processes in the healthcare system. Consequently, combining the two aspects of digital processes and electronic processes in the healthcare system provides a platform that establishes an eHealth record keeping system. Such a system collects health records of a population, a group, or an individual and stores the records electronically for various purposes .Moreover, eHealth, an electronic supporter, is operated and developed for maintaining and improving healthcare system with the advance process of information sharing and accessing. In effect, the stored information is used in various ways by stakeholders in the healthcare sector in order to provide researchers, the government, healthcare practitioners, and other policy makers with data to use for their own objectives. In effect, the data varies and includes data related to patients’ billing, lab tests, allergies, demographic data, immunization status, and any other data related to the healthcare sector.

Electronic Health Records
Stakeholders, in the medical sector, are increasingly using information technology to improve the quality of care and enhance safety in sector. One approach that highlights the use of information technology in this front is in the approaches that health records are being stored and used by various players. In Australia, the government started to plan and design systems for electronic health records in the early 2003 with the launching of these systems bound to take place in 2011 (Bushell, 2004). In line with this, the government wanted to implement a system that would enable the sharing of information, which would benefit the healthcare sector in the country (Bushell, 2004). One important factor that contributes to the implementation of electronic health records system in a country is their ability to improve the decisions that are made by caregivers in the healthcare system (Blumenthal & Tavenne, 2010). In retrospect, improving decision-making by caregivers is essential in improving patients’ outcomes. Other than improving patients’ outcome, nurses prefer electronic health records due to their ability to improve the quality of documentation, which they believe is essential in improving their patients’ safety and care (Moody, Slocumb, Berg, & Jackson, 2004).

Personally Controlled Electronic Health Records (PCEHR)
One concept that has provided effective use of this data regards the concept of Personally Controlled Electronic Health Records (PCEHR). By their very definition, personal health records contains data related to copies of the medical history of a patient, their diagnosed medical conditions, personal information related to their age and weight, immunization status, medications, adverse drug reactions, allergy and any vital signs important to a healthcare provider. From the concept of personal health records, stakeholders in the healthcare sector have developed the personally controlled health records, which when operated electronically become Personally Controlled eHealth Records (PCEHR). It is crucial to point out that PCEHR were developed with a focus on the patient. In this case, PCEHR responded to the need to avoid disempowering and disengaging patients of their health records that were already fragmented. In addition, PCEHR were developed with a need to establish information systems that promote the monitoring process of a patient and enhance research in the healthcare sector. By their very nature, PCEHR’s are user-controlled, which helps the patients – users – play a fundamental role in the process of care giving, which is crucial in promoting the quality of care given.

PCEHR in Australia
In Australia, PCEHR is a summary of a user’s health information that is securely stored online and shared electronic health. Since the system is user-controlled, the person manages their records and controls the system by allowing people they preferred to gain access and view the contents that go into the records. These personally controlled health records are crucial in providing the doctors, treating the user, with the requisite information to provide accurate diagnosis. Other than doctors, other healthcare providers and hospitals may also use the information shared by the user to provide the best care that was high quality and safe. As a commitment of the Australian government to providing safer, more efficient, and better quality healthcare, the government launched the personally controlled electronic health eHealth  record on 1 July, 2012 and provided users with a secure summary for their essential health information.

Confidentiality
While the Australian model is a paragon for adoption in other countries, challenges abound related to the implementation of similar programs in other nations. The greatest challenge regards the issue of confidentiality. Simply defined, confidentiality involves securing the data of an individual patient in order to ensure that the data is secure enough to be accessible to authorised parties only. In the contemporary society, the continued adoption of information and technology has promoted various forms of crimes that are electronically related, which has contributed to a distrust of electronically based health information systems. However, there are various standards that the Australian government has implemented in order to promote confidentiality and they are applicable to other nations that adopt PCEHR systems. Through a combination of technical and regulatory mechanisms, the government has enhanced the security and protection of this record keeping system, which has promoted confidentiality. These mechanisms include the storage of data; transit of data; encryption of the data; software that detect and prevent incidents of fraud; establishment of an audit trail’ systems that detect, analyse, and report unauthorised access; standards for firewalls, gateways, and portals that ensure authorised access among other standards.

Definition of Privacy, Confidentiality and Security
Privacy In medical parlance, the capacity of an individual to be in command of information regarding them – with the information being personal or medical in nature – in secret and free from the knowledge of other people is known as privacy. It is important to note that there is no single definition of the term privacy, which is universal in nature. In this regard, there are different interpretations for the term privacy due to various aspects associated with culture, individual philosophies, and national perspectives. Despite the various definitions of privacy, there is an existing tension between the right to privacy and the importance attached to sharing information for the greater good. In Australia, the Privacy Act (1988) forms a basis for ensuring the privacy of an individual’s medical information since it outlines specifics on protection of information regarding various issues

Confidentiality The concept of privacy is linked to confidentiality. In this case, an individual may reveal personal information, which might be medical or health information, in nature, to another individual, which highlights the importance of the second party to avoid disclosing the information provided by the other party. In effect, the assurance that information about identifiable persons, the release of which would constitute an invasion of privacy to any individual, will not be disclosed without consent except as allowed by law is confidentiality. For instance, in the nursing field, and the entire medical field, confidentiality is the most important issue that should be considered. In addition, it is important to ensure that electronic health records are kept confidential. Conversely, the Nursing & midwifery Council code of professional conduct emphasises the importance of medical practitioners in : •	Respecting people’s right to confidentiality

•	Ensuring that individuals are properly informed about the importance and approaches of sharing their information by the people who provide care to them.

•	Disclosing information only if there is a strong belief that a patient may be at risk of harm. Based on this, it is the role of clinicians and related staff who handle electronic health records, and other health records of an individual, to consider the following factors when dealing with issues of privacy and confidentiality of electronic health records of an individual:

•	First, they should gain consent to share information. This consent may include verbal consent through asking patients for permission to share their information to other members of staffs. •	Maintaining confidentiality during the sharing of information. In this case, some patients are happy to discuss their health in public while others find it challenging to discuss and share this information in public, and thus prefer sharing the information in private. Hence, maintenance of information should be carried out in private. In terms of confidentiality, it is important to point out that the concept of ‘public interest’ is interacts with the issue of confidentiality. The concept of public interest simply means something that is of serious concern or benefit to the public, but not to the individual of interest. In this case, disclosure of information for public interest public interest. However, the Australian government has enacted the Human Research Ethics Committees (HREC), which identifies incidents that call for the disclosure of information on grounds of public interest. Importantly, it is essential to strike a balance between the issues of public interest in research and public interest in the privacy of an individual. In this regard, medical research, which is of public interest, should be carried out in a manner that minimises the intrusion of an individual’s privacy with consent being obtained while information used is de-identified in order to avoid intrusion into an individual’s privacy.

Security Following the concept of confidentiality, it is important to implement various policies that enhance the approaches towards maintaining confidentiality and enhancing privacy of medical information. In line with this, the process through which the implementation of confidentiality policies takes place in computer systems through making available provisions for access control, integrity, and availability of information is known as security In Australia, the provision for security in electronic health records focuses on the personally controlled electronic health records (PCEHR). In this regard, security of information in PCEHR focuses on various aspects related to accuracy in the authentication of users accessing the systems, vigorous audit trails that are accessible to individuals, practical monitoring of access of a system by its operator to consequently detect issues related to suspicious and inappropriate behaviour, training users, testing of security issues and concerns, and the approaches that guide authorised access to a system by the operator or administrator.

Purpose of information security in Health Care
The Department of Health (2003) identifies the following purposes of policies on information security on health records in the healthcare sector:

•	Security supports the timely availability of health information to authorised individuals or organisations that need the information to provide continuity of health care for clients.

•	Security is essential in maintaining the privacy and confidentiality of clients when sharing health information for continuity of healthcare.

Issues of Privacy, Confidentiality and Access in Electronic Health Records
With the advent of electronic health records, issues of confidentiality are essential in protecting a patient’s information. In fact, issues of privacy and confidentiality pose a challenge to the adoption of the electronic system of maintaining records in the healthcare sector. In line with this, the issue of unauthorized access to information has long been the main issue that compromise privacy and confidentiality of electronic health records in the healthcare sector, which is compromised by data breach issues.

Data Breach
Simple defined, data breach involves situations in which an individual’s information has been compromised by either unauthorised access or disclosure. However, various regulations have been put in place to ensure effective management of data breach issues.For example, Australia has established data breach notifications that protect individual information and help people to take requisite action that limit undesirable effects of breach of their data, which effectively motivates organizations to improve their infrastructure of the health records system in order to prevent privacy and confidentiality of personal information through the Office of the Australian Information Commissioner

inform consent and access control
Other than the issue of data breach, informed consent and access control are twin issues in privacy, confidentiality, and access in electronic health records. In this regard, informed consent involves notifying the patient to provide voluntary agreement to confide or allow the use of their medical information by another person. Consent might be implied or explicit depending on the nature of the approach used to provide information to another party. In the United Kingdom, the Data Protection Act (1998) acknowledges the importance of explicit consent in processing medical information of an individual by another who owes duty of confidentiality. In Australia, the Health Practitioner Regulation National Law Act (2009) identifies various conditions to be followed by medical practitioners when applying for informed consent from the patients. In this case, the act provides that:

•	It is essential to provide information to individuals in a manner that they understand before asking for their consent.

•	Before engaging an individual’s health records whether for examination, investigation, research, or any other utility, it is essential to ask for their informed consent.

These guidelines are essential in obtaining the informed consent to use an individual’s health records for various purposes. On the other hand, access control is the process through which an individual’s health records are protected for privacy by controlling users who can access the information. In the US, the Department of Health and Human Services provides guidelines to healthcare providers to decide, on their full discretion, the amount of information they can include when providing health records of their patients to other practitioners. In Australia, guidelines are provided in 1997 by the Australian Medical Association’s provide patients the right to access their health records although this right is not absolute. Further, the National Privacy Principle 6 identifies the importance of providing individuals with access to information that is personal and health in nature apart from instances in which an access to the information may pose a danger or risk to the individual.

Paper based record and electronic record
Principles of protecting the privacy and ensuring confidentiality apply equally to records that are either paper-based or electronically-based. In this case, it is evident that an individual can steal paper based records and use them for their own purpose. On the other hand, hackers can infiltrate an electronic health records system and access information that should be private and confidential. For this reason, it is important for electronic systems’ administrators to be aware of threats posed on their systems and find approaches that adequately address these threats in order to ensure that the privacy and confidentiality of individuals is guaranteed. Importantly, detection and prevention of unauthorized access is essential in protecting electronic health records. In this case, system administrators should use strong passwords and other encryptions, firewall, network system management tools, system vulnerability tools, software management tools, and other tools that provide security against vulnerabilities.

Privacy Legislation
July 2012 marked the launching of the Personally Controlled Electronic Health Record (PCEHR) by the Australian Government. Following the launching of the system, it was crucial to identify the legislative laws that would guide the privacy of the systems. In line with this the Privacy Act (1988) and the Personally Controlled Electronic Health Records Act (2012) govern the protection and management of personally controlled health records that are stored electronically. Under the (PCEHR Act), there are a number of mechanisms that provide transparency and inspection of an individual’s records and makes provisions for controlling access and systems operation on an individual’s health records. Other than these two legislative acts, the Australian Government has established a Privacy Statement explains categories of personal information collected and the uses and storage of health information records. Moreover, the statement addresses issues related to authorised representatives to a system and the entities that systems’ operators use while disclosing an individual’s health information. The Information Management Policy Number P08/0703 (2003) identifies the approaches that govern the sharing of health information records in the healthcare sector. In this regard, the policy outlines procedures on the public sector’s duty of confidentiality. Moreover, the policy stipulates the interaction between the private and public health sectors’ issues on confidentiality by requiring the private sector to abide to legislations guiding confidentiality.