Patient Privacy and System Security Issues
in health care communication
Information privacy and security are contentious issues throughout the whole of society. The Internet has brought into focus the fact that information (data) about individuals is a very valuable commodity and vulnerable to theft. In marketing terms, the ability to target individuals with tailored messages at the correct moment by the right method is worth billions of dollars. In addition, consumers want the personalization, but only on their own terms and under their control, which increases the cost of obtaining and manipulating the information on individuals.
This dynamic tension between the individual’s control of his or her own information and the cost of doing business is nowhere more evident than in health care. This tension is behind the genesis and implementation of HIPAA. The privacy regulations included in HIPAA regarding how health care is going to use and protect personal health information (PHI) have gotten a great deal of attention in all aspects of health care. The basic principles of the HIPAA privacy section reflect ethical principles that involve asking permission about use of personal information, limiting data access to only those with a legitimate need to know, and providing patients with access to their own health care records for review and comment. The patient’s e-mail address is considered part of their PHI and is subject to the same protections as his or her name, mailing address,
and phone number.
Computer system security involves not only the threat of a terrorist attack. How frequently security violations occur or will occur in the future is unknown. Advocates of e-mail communication tend to downplay interception of individual communication between patients and practitioners or between different providers as being a low-probability event. However, well-publicized examples of security violations include a county health department epidemiologist mistakenly sending a list of HIV patient names to 800 department employees, the theft of nearly 60,000 patient records from a managed care company, and thefts of computers
containing PHI . Public perception of the security risks involved, fueled by examples such as those identified above, makes security an important issue that needs to be carefully addressed. Electronic means of communication among providers are resulting in startling changes in the delivery of health care. Many providers are using e-mail to better coordinate care of individual patients. Research has shown that pharmacists and physicians who are within the same health care system can facilitate communication by using electronic mail . Unfortunately, use of e-mail among providers related to the care of a patient has the same privacy and system security concerns and risks of HIPAA (Health Insurance Portability and Accountability Act) violations as does use of e-mail between providers and patients. If you send or receive patient information to anyone via your computer, either with computer-generated fax or e-mail, you are required to be HIPAA compliant.