Patient Privacy Protecting Patient Privacy

Patient Privacy

Protecting Patient Privacy in an Electronic World

From both a moral and a legal perspective, patients receiving medical treatment have a basic right to have their privacy protected. Information such as diagnoses, test results, and other such information is considered confidential. Certain information is provided to other organizations for the purpose of statistical analysis regarding public health issues. However, serving both the needs of the public health organization, while still adhering to privacy protocols can be difficult. They employ many different types of protocols in order to achieve this end. This research will explore various methods for maintaining patient privacy, yet preserving the integrity of the data so that it can be used for research purposes. The purpose of this paper is to provide a solution to the problem of achieving a balance between information availability and patient privacy.

Current Standards for Patient Privacy Protection

Informatics is a relatively new field, and one that will become increasingly important as organizations exchange health information on an increasing basis. Currently, many companies use algorithms to disguise patient information. Ambiguation algorithms make one individual indistinguishable from another. However, even with this technology in place, it still may be possible to obtain certain confidential information about individuals (Ohno-Machado et, al., 2004). The system is not failsafe, which can create the potential for breeches in privacy. The following literature review will assess current systems that are in place to help protect patient information.

In certain types of medical research, shared pathology plays an important role in the development of treatment protocols for certain disease pathologies. Medical researchers must be able to mine this information, yet must continue to maintain patient privacy. The National Cancer Research Institute has developed the Shared Pathology Informatics Network (SPIN) in order to allow participating institutions to access patient databases for research purposes (National Cancer Institute, 2000). SPIN will create a web-based system that will allow access to archived human specimens in different databases. The system uses encryption technology to protect the patient's name and identifying information.

Information technology plays an important role in public heath practice. Informatics in the public health arena merges several disciplines. For instance, at the Center for Disease Control (CDC), informatics combines mathematics, statistics, computer science and molecular biology (McNabb. Et al, 2006). Timeliness of the information and the ability to share information quickly helps the CDC to control disease outbreaks more quickly and effectively. One of the most important uses of informatics at the CDC is the early detection of disease outbreaks before they become major epidemics. In order to accomplish this task, the CDC has launched a national initiative called BioSense. This system will facilitate the automatic detection and visual algorithms to help spot patterns in disease before they become major epidemics (Loonsk, 2004).

As one can see, various agencies use the information obtained through informatics in various ways. The CDC is primarily interested in statistical data. They are less interested in individual patients than research organizations such as the National Cancer Institute that must rely on case analysis. Various levels of patient information as needed in different applications of informatics systems. Some databases need patient-specific information in order to validate the results of their research. Organizations that need a high level of patient-specific information must make confidentiality a priority, yet they must do so in a way that does not compromise the integrity of relevance of the data.

One of the most difficult settings in which to accomplish this task is the health care facility where medical personnel must interact directly with the patients themselves. Often the medical personnel enter the information directly into a computer that is wheeled around from bed to bed. The information must be displayed on the screen, but the medical personnel be careful that private information is not provided for anyone that passes by the screen while the practitioner is working with the patient. HIPAA established strict laws regarding the sharing of patient information and their responsibility to protect patient's private information (OCR, 2003). A number of systems are already in place to help protect patient information, but the system is not foolproof at the current time.

Current Solutions to the Problem

Systems currently available use a variety of techniques to keep patient information confidential. Some systems, such as BioSense used by the CDC, completely removes personal information from the file. The purpose of the CDC is to assess information on a macro level. Individual patient information is reduced to its numerical components for statistical analysis. SPIN, used by the National Cancer Research Institute, does not strip all of the personal information from the file, but rather encodes it so that it cannot be recognized. The National Cancer Research Institute does not need all of the personal information of the patient. They primarily deal with statistics. However, sometimes they may need to verify certain facts about a particular case in order to rule out confounding variables from a study.

By examining the various systems in place to protect patient information, it becomes apparent that those systems must meet the individual needs of the agencies that use them. The closer the practitioner is to the patient, the more difficult it is to protect their vital information. The bedside nurse or doctor cannot strip personal information from their patient database. They must know who the person is, and be able to verify that the information on the screen matches the person that is in front of them. If they cannot positively identify the patient, the ramifications could be costly, if not deadly. The ability to match personal information with the patient is critical in avoiding medical mistakes. This is the most difficult scenario from an informatics perspective, as the practitioner must be able to see and use confidential information, yet they must protect it from others at the same time. Often, the bedside practitioner is more concerned about the safety of the patient, than federal requirements. It is up to the information officer to find a solution to this difficult situation.

Proposed Solution

Health information systems must meet the qualifications of reducing medical errors, providing access and the ability to use health information by consumers, be useful in patient decision-making, and to improve patient quality of care and safety (Lerouge, Culijak, & Horan, 2007). Data mining is used in the health care industry to search for information related to specific disease conditions. Projects such as SPIN are an example of data mining. Patient information in these databases is derived from patients and the practitioners that are in direct contact with them. The data then goes into the organization database, where it can be distributed, sold, or accessed by others at a late time.

Algorithms are he most common means to obscure confidential patient information from prying eyes. However, there have been documented cases where information coded by algorithms was decoded by individuals and used for targeted sales and marketing (Conn, 2006). Many of these programs use a single algorithm to encode patient information. If someone gets the algorithm, or discovers the pattern, they have open access to the information. The solution to the problem lies in the development of software that uses a layered series of algorithms. Each algorithm would become increasingly complex, as the confidentiality of the information increased. Various levels of users would have access to a certain level of information, controlled by an algorithm for that particular layer of information.