Not logged in Register | Log In | Copyright | Privacy | Help
The Source for E-Commerce Risk News & Assessment
EcomRISK.org Home
About This Site:
    Introduction
    Related Sites
    Associations
    Search
    Site Map
Research:
    Risk Incidents
    Survey
Education:
    Link Library
    News
    Tech Reports
    Select a Course
Communication:
    Announcements
    Forum
Sponsors:
Institute for Security Technology Studies at Dartmouth
DEVLAB -- Dartmouth Experimental Visualization Laboratory

Medical Privacy

Rapid computerization/digitization of medical data, has raised a important question of protecting the medical records and keeping the privacy of the patient intact. Storage of sensitive information in databases could potentially increase the possible invasion of privacy as compared to keeping of paper files

Though there are many advantages of medical databases :-

  • Reduction of paperwork, help with billing, identification of the most cost-effective treatment
  • Immediate availability of the medical history, which is extremely useful in the emergency cases e.g. injury/accidents.
  • Assistance in research. Availability of data could boost the research for analysis/cure of diseases.
  • Better security in the longer run. Improvements in the security systems can provide better security as compared to paper records.

It has some disadvantages too :-

  • Access to medical information about the employees could cause the denial of employment or job advancement.
  • Denial of insurance (to high risk people) by companies, based on the medical information.
  • More people have access to digital records (e.g. network admin., data entry person, other doctors sharing the database etc.)
Measures taken to reduce the unauthorized access:-
  • Password protection to access the records.
  • Developing the systems to keep track of the accesses.
  • Doctors can "tag" the particularly sensitive fields and permission is required to access them.

Most of the medical institutions keep the identity of patients separate from their medical records and Id Numbers are used for the correspondence between the two sets of information. This makes the data secure to some extent, because even if there is an unauthorized access to the medical records the identity of the patients is not revealed. It, however, by no means reduces the importance of providing secure database systems. Through inference logic, one can track the medical information of an individual, even if the identity information is not provided. For example, if a person A has access to medical records he can track down the information about a person B using features like age, sex, location etc.

Following are the two excerpt from a paper "Medical Databases: The Data Inference Problem " by Nathan Saperia

One possible solution to the inference problem is the use of misinformation for users with restricted access. Some systems provide false explanations for the existence of certain observable patient information that identifies sensitive information. Using this method one can protect specific sensitive information by providing a false but insensitive explanation. The problem with this system is that "the system administrator cannot make a coherent set of misinformation that will survive scrutiny by a determined opponent" [1]. Thus, because the problem of making inferences involves studying multiple aspects of a patient's records, the misinformation solution will not work.

Possibly the most logical solution is not a technical solution. The previously discussed solutions have some flaw in the respect that they attempt to provide patient confidentiality through technical securities. However, it is nearly impossible to create an impregnable computer system. Dr. Hill offers a solution based on human behavior: giving patients access to a list containing information about who has viewed their records. Patients can then review why certain individuals have looked at their record. In instances where they believe an improper viewing has occurred, they can press charges. In this scenario "the temptation to browse the charts is tempered by the knowledge that such browsing is very expensive" [1]. According to Dr. Anderson, "it is patient consent that matters" in the authorization of medical recording viewing [2]. Thus it makes sense that patients should have the ability to review who has seen their record.

Following are few excerpt from a paper "Electronic Medical Files: A Threat to Privacy?" by Will Morrison

A couple of blatant cases illustrate the possibilities of what loosely monitored access can mean:

First, a Colorado medical student sold patient records to lawyers looking for easy malpractice cases [3].

In the second instance, the 13 year old daughter of an emergency room worker printed out the names and addresses of patients treated at the emergency room that day and called seven of them, telling them falsely that they were infected with HIV. One attempted to commit suicide and the others were all very disturbed. [3]

These cases illustrate the ease with which some information can be accessed and misused. It is understandable that a medical student could get access (and simply misuse it), but a 13 year old! This case highlights the desperate need for even elementary access controls such as passwords. Slightly more advanced tactics such as audit trails and file tagging could also be used. Audit trails allow a person to look at their files to see what information has been accessed and who has accessed it, and file tagging allows doctors to tag especially sensitive information so that others cannot access it without the doctor's consent. Simple measures like these could have prevented the egregious breach of access found in these cases.

Related Links
Related papers

Medical privacy Links:-

Medical privacy papers:-

  1. The Hippocratic Oath - Hippocrates. "Hippocratic Oath". USMedstudents.com. Last accessed 12/01/01. http://www.usmedstudents.com/links/hippocraticoath.htm
  2. This document contains an extensive essay and research on medical confidentiality and the security of medical database systems - Anderson, Dr. Ross J. "Security in Clinical Information Systems". Cambridge University. January 12, 1996. http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html
  3. This essay analyzes the makeup of medical records, and their security vulnerabilities as they become computerized – Hill, Dr. David B. University of California – Davis. November 23, 1998. http://www.db.cs.ucdavis.edu/teaching/289F/papers/david.pdf
  4. This document lists the major privacy risks associated with computerized medical databases – "Threats to Medical Record Privacy". Electronic Privacy Information Center. Last accessed 12/01/01. http://www.epic.org//privacy/medical/threats.html
  5. Research paper on the Datafly database system – Sweeney, Latanya. "Computational Disclosure Control for Medical Microdata: The Datafly System". Massachusetts Institute of Technology. Last accessed 12/01/01. http://www.fcsm.gov/working-papers/latanyas.pdf
Copyright ©2001-2004
Trustees of Dartmouth College.
All Rights Reserved. 		Powered By OpenBSD Contact for problems and questions:
webmaster@minbar.cs.dartmouth.edu
Last modified: 31 Dec 1969 7:00pm

This page has been visited 652164 times since 2006-05-09 09:49:40