Health Information System Privacy

Chapter 9 of 11



Many people use the term “privacy,” yet it has no universally accepted definition. Sociologists, scholars and philosophers find it difficult to define because the concept of privacy is complex and open to interpretation. Privacy has deep historical roots, but its definition remains shrouded in ambiguity.  In this modern age, people from different backgrounds have different concepts of privacy. Some believe that privacy is the right to bodily integrity whereas others define it as the condition of being free from intrusive searches or surveillance.

Most health information professionals believe that health information system privacy is closely intertwined with confidentiality and security. Although many use privacy interchangeably with “security” and “confidentiality,” these words have their own distinct meanings.

In the context of health information systems, privacy answers the question of who has the right to access personal information and under what conditions. It is mainly concerned with the process of collecting, storing and using personal information while examining whether the data should be collected in the first place.

Confidentiality: Confidentiality safeguards the collected information in the context of an intimate relationship. It aims to protect the information exchange within the relationship from being disclosed to a third party. It also prevents doctors from disclosing the private information shared with them by a patient throughout a physician-patient relationship. Unauthorized disclosure of this information is a breach of confidentiality.

Security: Security is the technical and procedural step required to prevent unauthorized access, use, dissemination and modification of data processed or stored within the computer system. Security protects the health information system from any physical hard drive and prevents any deliberate denial of server within the system. Hacking a computer system is a breach of security. Even those who are authorized to access patient records can intentionally or unintentionally invade a patient’s right to privacy.

Privacy and Security Gaps in the Health Information System: The patient-centered health information system ensures patients’ effective healthcare delivery and empowered access to personal health record. This ease of accessing patient records also raises significant challenges regarding patient privacy because of the overwhelming number of databases of patient health information. This mass collection of patient information has great economic value to pharmaceutical and insurance companies. Nevertheless, the ease of access to patient health information may not be in harmony with patients’ interests. [2]

Today’s health information systems have several privacy and security gaps, including:

Regulatory Issues: Sharing of protected health information has many legal implications. Therefore, health information organizations and their stakeholders need to seek appropriate legal advice as to how they should manage the consequences of sharing protected health information.  

The Health Insurance Portability and Accountability Act (HIPAA) aims to define and control the access needed to protect healthcare information while enabling users to the basic information for the continuity of care. Guidelines, policies and agreements should be developed in such a way that the access to information is only given to users who have a specific need for certain information. A healthcare organization that is aiming to adopt Health Information Exchange (HIE) must consider its impact on the privacy of their healthcare information as well as their need to seek separate legal counsel because of their initiative.

Organizations and users engaged in exchanging protected health information should enter into a mutual data sharing agreement. Common access standards should serve as the foundation to these agreements. The decision to make data accessible to parties involved should be based on their own organization’s policies that are consistent with the basic legal requirements.

Administrative Security Issues: The management of protected health information requires a complex technical environment under the influence of Health Information Exchange (HIE) initiative. Users, stakeholders and consumers need assurance that the access to and accuracy of entered data is managed and controlled effectively in an auditable way. As stated in HIPAA, administrative procedures, actions and policies should safeguard the management of selection, development, maintenance and implementation to preserve protected health information.

Technical and Physical Security Issues: Technical and physical security are essential elements of a strong security foundation that protects and enforces the integrity, confidentiality and availability of health information. The technological standards, timely knowledge and right equipment helps provide and maintain the ideal environment crucial for ensuring the privacy of participants involved while preserving the trust of its users. In 2010, HIMSS Analytics Report Security of Patient Data reported that several breaches in protected health information have increased from 6 percent to 19 percent of the overall respondents. This gap in the technical and physical security existed even though 87 percent of the respondents had policies in place to constantly monitor the access and share of health information. Other studies show that 84 percent of these breaches were due to incidents such as improper disposal of documents, stolen and lost laptops, stolen backup tapes, etc.

Access Management Issues: Authorization is the ability to accurately identify and confirm that a user or patient is who they say they are. This practice ensures that the right people are given access to applications and information. Authorization is one of the most important aspects when considering access to a health information exchange. It is the main mechanism that aims to give users access to only the protected health information and other applications that they can view or use. The privileges for access are assigned to individuals based on their organizational or professional position and their primary need for access to different applications and data. Access privileges may be different depending on the type of organization and the sensitivity of the data a person is trying to access. This is called the Attribute-Based Authorization Control (ABAC). It is one of the most common methods of authorization for health information exchange.

The Role Based Access Control (RBAC) is ABAC’s predecessor. It has been frequently criticized for its inflexibility in setting up initial role structure in a rapidly changing domain. Many experts believe that it provides inadequate support for dynamic attributes when determining user permissions. However, the introduction of ABAC has made rules and attributes simpler and more flexible, making it preferred access control in more recent health information designs and workflows.

Public Health and Population Health Issues: The policies to determine the usefulness of public health data for the improvement of population health is now an emerging major criterion for Meaningful Use. The use of health information initiatives for public health purposes is still under development. With this rapidly changing dimension in the exchange of public health information, privacy and security concerns are also rapidly emerging. Patient consent issues and de-identification still need to be addressed not only in the organization of concern but also at the national level. Development of appropriate de-identified data and the process of re-identification are still underway.

Consumer Privacy Issues: Additional authorization such as patient consent is still in its infancy stage in the expanded opportunity to share health information and other data via health information exchange. Patient consent was not a major issue before the birth of electronic records and health information exchange. The patient implied consent when he or she accepted a treatment or signed the consent for treatment or services in a healthcare facility. With the introduction of electronic records in the healthcare practice, the ability of providers to easily share a patient’s record with another caregiver outside the provider’s facility becomes a common practice. However, the concept of patient consent became an issue of national interest. [9]


The purpose of health information system privacy covers four basic human values: personal autonomy, respect, dignity and worth as human beings. The principle of nonmaleficence states that people should only act in ways that do not inflict damage or harm to others. The bioethics of nonmaleficence require safeguarding of patient privacy in the healthcare practice. Breaches of confidentiality and privacy do not only affect a person’s dignity – they are also potentially harmful. Unintentional disclosure of personally identifiable health information to an insurer, family member or even employer can sometimes result in discrimination, embarrassment and stigma. Without proper guidelines in the implementation of patient privacy, patients may be reluctant to fully and accurately disclose their sensitive information to physicians which may compromise the quality of care they deserve. [2]


The medical community recognizes the importance of protecting privacy to maintain public trust in patient-doctor relationships and to secure protected health information for research purposes. Since the time of Hippocrates, physicians have always pledged to keep patient information confidential and private. The pledge to maintain patient privacy is embedded in the code of ethics of all healthcare professionals practicing in the United States. [2]

The value of privacy in securing healthcare information is recognized by law and the context of privacy in healthcare research. It is protected by federal privacy regulations of HIPAA.  The framework of privacy in healthcare services was first formulated in the 1973 report of an advisory committee of the United States Department of Health, Education and Welfare. The basic principle underlying the report was based on the federal government’s aim of establishing procedures that guarantee an individual’s right to have a say in what goes into his or her personal health record and what information record shall be used. In addition to giving people the right to control how their information is used, the information practices also require organizations and entities to safeguard the healthcare information they collect. Guiding principles have been formulated, and have been adopted at the federal and state levels to varying degrees. [2]

The Privacy Act of 1974 incorporated the fair information practices at the federal level. It aimed to govern the collection, use and disclosure of identifiable patient data held by the federal government and its contractors. Hospitals and research institutions operating under the umbrella of the federal government became subjects to the Privacy Act, while other health care institutions remained outside its scope. The Privacy Act of 1974 served as the broadest protection for patient health information until the proclamation of the HIPAA Privacy Rule. [2]


The health information system privacy protocol has six important components aimed at gaining the trust of users, namely:

Correction: Patients need time to check the accuracy and integrity of their electronic health information. The Privacy Rule gives patients the right to amend their protected health information in a manner that is consistent with the Correction Principle in the Privacy and Security Framework. The Privacy Rule recognizes that patients have a critical stake in the accuracy of their individual health information. Patients hold an important role in preserving the integrity of that data.

Openness and Transparency: Openness and transparency are important when formulating technologies, policies and procedures that directly or indirectly affect individuals or their identifiable health information. Users should trust that these technologies could ultimately improve their quality of care. Trust can only be achieved by establishing openness and transparency about the technologies, policies and procedures that affect the way individuals use their health information. Health information organizations and other concerned entities should provide a clear notice of their procedures and policies. Health information organizations should explain how they use their user’s identifiable information and how they disclose this information while protecting their privacy.

Individual Choice: Individuals should have the opportunity to make informed decisions about how their identifiable health information is collected, used and disclosed. This principle emphasizes that the individual’s ability to make choices about the electronic exchange of their identifiable health information is an essential component of having their trust.

Safety: Health information organizations should implement measures to protect the confidentiality of the patient’s identifiable health information. These might entail using reasonable technical, administrative and physical safeguards to prevent possible inappropriate and unauthorized access, use, or disclosure.  

Accountability: Health information organizations should implement and adhere to the principles of privacy and security. Health information organizations should have appropriate monitoring and other methods in place to report and mitigate breaches and non-adherence. Accountability is important to build trust in the electronic exchange of individually identifiable health information. It is the foundation on which the environment of electronic health information exchange complies with the administrative requirements and business obligations. Additionally, it addresses potential non-compliance to the privacy standards through the organization’s voluntary compliance, resolution agreement, corrective actions plan or imposition of civil penalties, if needed. [5]

Tools and Techniques

The HIPAA Privacy Rule

Health Insurance Portability and Accountability Act’s Privacy Rule aims to establish the national standard needed to protect individuals’ medical records and their other personal health information. The Privacy Rule covers healthcare providers that conduct electronic healthcare transactions, health plans and healthcare clearinghouses. The Privacy Rule requires these entities to protect the privacy of their patient’s personal health information. Entities should set limits and conditions on the use and disclosure that can be performed without appropriate patient authorization. This rule also gives patients certain rights to their health information, including the right to obtain a copy of their health records and to request correction, if necessary. [10]

The HIPAA Security Rule

The HIPAA Security Rule outlines the appropriate national standards needed to protect the patients’ electronic health information when received, created, used and maintained by a covered entity. It aims to guide health information organizations and other entities to put up appropriate administrative, technical and physical safeguards. These will help in maintaining the integrity, security and confidentiality of the electronic protected health information. [11]

The Breach Notification Rule

The Health Insurance Portability and Accountability Act’s Breach Notification Rules are guidelines. They require entities covered by HIPAA and their associates to provide appropriate notifications following a possible breach in their unsecured protected health information. [8]

A breach is the impermissible use or disclosure of protected health information and the unsecured protected health information is not rendered unreadable, undecipherable and unusable protected health information to unauthorized individuals. [8]

Risk Assessment Tools

Conducting a risk assessment is a very challenging task. Thus, the Office of the National Coordinator for Health Information Technology, in collaboration with the HHS office for Civil Rights and HHS Office for the General Counsel, developed a risk assessment tool. The assessment tool can help assist providers and health information technology professionals as they perform risk assessment within their respective organizations. [7]

The risk assessment tool is an operating system independent application that takes the user through each HIPAA requirement through a “question and answer” presentation. A “no” answer shows the user the corrective action for that item. Overall, the risk assessment tool has 156 questions. [7]  

HIPAA’s Disclosure for Emergency Preparedness

HIPAA’s Disclosure for Emergency Preparedness is an interactive tool.  It aims to assist in emergency preparedness and recovery planning. Also, the tool determines how to gain access to and use the health information of patients with disabilities in a manner that is consistent with the Privacy Rule. The tool guides users through a series of questions regarding how the Privacy Rule would apply in specific emergencies. It also helps users to obtain the appropriate health information for their public safety activities. The Disclosure for Emergency Preparedness is designed for covered entities at the local, state and federal levels. [3]

Protected Health Information Management Tools

The Protected Health Information Management tool is a web-based application that aims to assist healthcare information organizations with the Health Insurance Portability and Accountability Act’s Privacy Disclosure Accounting requirements. It is a training presentation that helps familiarize regular users, privacy specialists and user admins with the functionality and responsibilities unique to their user roles. [6]

Best Practices

To achieve the best practices in safeguarding health information system privacy, providers and healthcare organizations must follow the HealthIT’s Health Information Privacy and Security 10-step plan, the most important step in implementing health information system privacy in managing protected health information. The 10 steps are as follows:

The healthcare provider must confirm himself or herself as a covered entity.

Provide leadership: Providing leadership in protecting patient health information. The administration should choose a privacy and security officer who will be designated as the leader in safeguarding privacy and security of the patient data received, collected and used by the organization.

Document the processes, finding and actions: Documenting is important to have a clear record of security measures, the reasons for creating such measures and the procedure to monitor each of them. These records are essential in auditing for compliance with HIPAA and claiming the incentives HEHR program.

Conduct security analysis: Conducting a risk analysis is vital to compare the organization’s current security measures regarding what is legally required to protect patient healthcare information. Furthermore, this step ensures proper identification of high-risk threats and other loopholes in the process of handling protected health information.

Develop an action plan for addressing threats and vulnerabilities: Using the basic security measures is often an affordable yet highly effective strategy to mitigate the identified risks. The action plan should have five essential components, namely: administrative, policies and procedures, technical and physical safeguards, and lastly, organizational standards.

Manage and mitigate risks: This step is the implementation of the action plan. Up-to-date policies and procedures are developed through this practice.

Prevent risk development through workforce training and education: To protect patient health information, the organization’s workforce must know how to implement procedures, policies and security audits. They should also have training in breach notification.

Communicate with patients: Most patients are concerned about the confidentiality and security of their health information using an electronic health record. Openly communicating with patients and providing them with educational materials about privacy and security are important to retain the confidence and trust of patients availing the organization’s services.

Update the business compliance agreement of the organization: The organization should ensure the compliance of its business agreement to HIPAA and the Breach Notification requirements.

Attest for the security risk analysis Meaningful Use objective: Eligible providers and healthcare organizations should “attest” that they have met the needed requirements for the privacy and security of their electronic health records. However, they should attest only after they have successfully conducted their security risk assessment and corrected any deficiencies identified during their analysis. They should document these corrections and changes and submit them for auditing for the EHR incentive program. [4]  


The future promises new directions for the security and privacy of the health information systems. The American healthcare delivery system has transformed from a patient-physician centered relationship to a complex network linking patients to multiple parties such as insurance providers, researchers and other stakeholders. [1]

The advances in information technology and their adoption into the healthcare sector are expected to improve quality healthcare, reduce cost and advance the development and medical knowledge of the healthcare system. Although beneficial to most patients, this transformation increases the potential for information security risk and violation of patients’ privacy. [1]

By conducting research about the characteristics of the risks, health information experts may help healthcare providers develop effective information security risk monitoring, procedures and policies. Health information researchers may explore the privacy preferences and variance of different users such as senior citizens, working population, etc. Health information researchers may gain a deeper understanding of the factors that influence consumers to disclose their personal health information; therefore, enabling the adoption of eHealth in their healthcare management. Finally, with the proper implementation of health information system privacy in healthcare organizations and other healthcare establishments, information integrity within healthcare systems can be preserved. [1]


  1. Appari, A., & Johnson, E. (n.d.). Information Security and Privacy in Healthcare: Current State of Research.
  2. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research (2009). In National Center for Biotechnology Information.
  3. Emergency Situations: Preparedness, Planning, and Response (n.d.). In U.S. Department of Health & Human Services. Retrieved August 3, 2015.
  4. Health Information Privacy and Security: A 10 Step Plan (2015, January 19). In HealthIT.
  5. Health Information Technology (n.d.). In U.S. Department of Health & Human Services. Retrieved August 3, 2015.
  6. Privacy and Civil Liberties (n.d.). In Retrieved August 3, 2015.
  7. Security Risk Assessment Tool (2015, June 26). In HealthIT.
  8. The Breach Notification Rule (n.d.). In U.S. Department of Health & Human Services. Retrieved August 3, 2015.
  9. The Privacy and Security Gaps in Health Information Exchanges (2011, April). In AHIMA Himss.
  10. The Privacy Rule (n.d.). In U.S. Department of Health & Human Services. Retrieved August 3, 2015.
  11. The Security Rule (n.d.). In U.S. Department of Health & Human Services. Retrieved August 3, 2015.