Data Privacy

and Security
(Ch.10)

Lecture 7
Learning Objectives for the Chapter
• Describe attitudes on concepts such as privacy and
person in contemporary society.
• Explain key factors impacting patient privacy and the
confidentiality of personal health records.
• Examine the concept of informational consent from the
perspective of express, implied and deemed consent.
• Discuss the impact of data breaches and explain the
impact of hacking of patient electronic records using
2
 Introduction
• Informational privacy is best thought of
as a human right.

• Currently, in most jurisdictions, laws and

customs do not yet afford personal health
information the same level of protection
as is accorded to rights such as security
of the person, freedom from arbitrary
search and seizure, or the right to vote.

• An increasing body of law and

jurisprudence in Western democracies,
however, recognizes the importance of
ensuring that individuals have basic
rights in relation to their own personal
information. 3
Ask yourself the following question:

• In the midst of a pandemic, should you be able to

disclose symptoms and seek testing while
trusting in the ability of healthcare professionals
to trace contacts and determine the source of
your infection without revealing your identity to
others? Or should you instead fear catastrophic
consequences such as losing your job, alarming
neighbours, or being shunned by local merchants
4
Why Patient Privacy Matters
• Privacy may not matter to every patient, but it matters
a great deal to patients whose treatment and care
impact the health of an entire society.
• How healthcare providers handle patient privacy can
therefore play an important role in shaping the kind of
society in which we live. As healthcare providers with
extended access to patients, nurses have a vital role to
play in building trust, encouraging patients to be
entirely forthcoming about healthcare issues that
concern them, and reassuring those patients that their 5
The list of incidents over the last two
decades is long and dishonourable and the
reasons for the breaches are diverse:
• Failure to adequate protect paper records - an
American health insurance company settled a lawsuit
for US$17 million over a 2017 data breach in which the
privacy of 12,000 patients was compromised after
letters mailed to the patients revealed through the clear
window of the envelopes that the patients had been
taking drugs for HIV (Gordon 2018). Ironically, the
letters had been mailed in response to the settlement of
6
The list of incidents over the last two
decades is long and dishonourable and the
reasons for the breaches are diverse:
• Staff misconduct - in 1996, a state public health
worker in Florida sent the names of 4000 HIV-positive
patients to two Florida newspapers (Stein 1997; Jurgens
2001).
• Failure to adequately protect electronic records—
Cyber attacks by hackers on an American university
hospital in 2017 breached the personal health records of
417,000 patients (Davis 2018). Dozens of similar 7
 Definitions
PR IVAC Y CONSENT
• the right of individuals and • is an agreement, approval, or
organizations to decide for permission given voluntarily by a
themselves when, how, and to what competent person that permits
extent information about them is some act(s) for some stated
transmitted to others. purpose(s).
E X PR E SS C O N S E N T
• is an explicit (usually written)
IN F O R M AT IO N AL C O N S E N T
instruction from the patient—a
• Consent to share or disclose voluntary agreement
information as opposed to
consent to treatment and care.
8
 Definitions
IM P LI ED C O N SE N T DEEMED CONSENT
• is a voluntary agreement that can • under certain stated conditions,
be reasonably determined through the law permits organizations to
the actions or inactions of the act as if the patient has
patient. consented regardless of whether
or not the patient has actually
done so; the patient has no right
to withdraw or withhold consent.
R E VO KIN G C O N S E N T
W IT H H O LD C O N S E N T
• A patient may also withdraw
consent previously given. • by expressly stating that s/he
does not consent to a particular
activity. 9
 Definitions
H E A LT H IN F O R M AT IO N
C IR C LE O F C AR E C U S T O D IA N
• refers to the persons participating • (sometimes called a data
in, and the activities related to, the steward) is an individual or
provision of health care to the organization that collects, uses,
patient. or discloses personal health
PR IVA C Y O F FIC ER
information for the purposes of
• is an individual who oversees patient treatment and care,
activities related to the medical billing, health system
development, implementation, planning and management, or
A N O N Y M IT Y
maintenance of, and adherence to health research.
an organization’s policies and • allows the subjects in a
procedures covering the privacy, database to remain nameless
confidentiality and sometimes and unidentifed. 10
 Definitions
D E -I D E N T IF C AT IO N U S E R ID E N T IF IC AT IO N
• is typically a non-trivial • (sometimes referred to as user
undertaking: it consists of taking identity verification) is done once
steps necessary to ensure that the during user registration prior to
anonymised data cannot be allowing an individual to access
utilized, either alone or with other an information system.
information, to identify a patient. U S E R E N R O LM E N T
PS E U D O N Y M IT Y
• allows the subjects in a • is done once for each online
database to be tracked over service or computer program
time while remaining nameless. within an organization that a
Pseudonyms (e.g., patient X, registered user is authorized to
patient Y, etc.). access. 11
 Definitions

U S E R AU T H E N T IC AT IO N AU D I T I N G
• is done each time a user logs into a • is done by keeping audit log
computer system or program. User files (sometimes referred to as an
authorization attempts to securely audit trail) that record which
answer the question “is the person users have done what and when.
logging into the system really you?”

12
What Constitutes Personal Health
Information?

• Personal health information is information about

an identifiable individual that relates to the
physical or mental health of the individual, or to
the provision of health services to the individual.
Personal health information does not include
information that is anonymised, either by itself or
when combined with other available information.
It may include: 13
What Constitutes Personal Health
Information?

• information about registration of the individual for the

provision of health services, including name, address,
phone numbers and other contact details, plus other
demographic information such as birthdate,
• information about payments or eligibility for health care
insurance,
• a number or other identifier assigned to an individual to
14
What Constitutes Personal Health
Information?

• information about the individual that is collected in the

course of providing the individual with health services,
• information derived from the testing or examination of a
body part or bodily substance (e.g., a lab test result or
diagnostic image), or
• identification of healthcare providers involved in the
provision of healthcare to the individual.
15
What Determines the Sensitivity of
Personal Health Information?
• In the past, there has been a tendency to treat certain
types of clinical information as more or less sensitive
than other types.
• For example, tests revealing HIV status were considered
more sensitive than other lab test results.
• Encounter records were thought more sensitive than
demographic data and mental health records were felt
to be more sensitive than other encounter records. 16
What Determines the Sensitivity of
Personal Health Information?
• The belief that personal health information admits of
degrees (‘not confidential,’ ‘somewhat confidential,’
‘highly confidential) and that these can be determined
beforehand by information system designers is largely a
myth.
• Personal health information—all of it—should be treated
as confidential, not shared outside the patient’s circle of
care without the patient’s express consent except where
17
A Brief History of Informational
Privacy

• In 1980, the Council of Europe adopted a Convention for

the Protection of Individuals with Regard to Automatic
Processing of Personal Data (Council of Europe 1981a).
It extended somewhat the Fair Information Practice core
principles and included (modest) special provisions for
“personal data concerning health or sexual life” (Council
of Europe 1981b).
18
A Brief History of Informational
Privacy
• In the same year, the Organisation for Economic
Cooperation and Development (OECD) proposed
Guidelines on the Protection of Privacy and Transborder
Flows of Personal Data (Organization for Economic Co-
Operation and Development 1999).
• These OECD Guidelines, the Council of Europe
Convention, and the 1995 European Union Data
Protection Directive (European Union 1995) all built
upon the Fair Information Practices as core principles, 19
A Brief History of Informational
Privacy
• The OECD guidelines influenced subsequent privacy law
and policy in many countries, including Canada (Holmes
2006), Australia (Clarke 2000), the UK (Smith 1994),
and others.
• Contemporary approaches to patient privacy continue
to evolve.

20
Privacy Principles
1. Accountability for 7. Safeguards.
information
8. Openness.
2. Identifying purposes for
9. Individual access
collection, use and
disclosure of information 10. Challenging
compliance
3. Consent
11. Right of erasure
4. Limiting collection
12. Breach notification
5. Limiting use, disclosure
and retention 13. Lawful basis
6. Accuracy
21
Privacy Policy
• Good policies typically contain most or all of the
following components:
• a broad description of the types of personal information
held—but not an exhaustive list of data fields (e.g.,
contact information, diagnostic test data, or lists of
currently active prescriptions)
• a description of the purposes for which the information
is collected, used, and disclosed (e.g., treatment and
care, fundraising, clinical research) 22
Privacy Policy
• Good policies typically contain most or all of the
following components:
• a statement about how the information is used (e.g.,
during patient consultation and diagnosis)
• a commitment to maintaining the confidentiality of the
information (e.g., an assurance that the organization is
committed to respecting personal privacy, safeguarding
confidential information and ensuring the security of
personal health information within its custody) 23
Privacy Policy
• Good policies typically contain most or all of the
following components:
• a non-technical description of the security steps taken
to protect confidential information when it is stored or
transmitted
• a description of the circumstances under which personal
information will be disclosed to third parties (e.g., to an
IT service provider securely hosting the data on a
central server or providing external processing), 24
Privacy Policy
• Good policies typically contain most or all of the
following components:
• a description of the circumstances under which data is
depersonalized (i.e., anonymised or pseudonymised) or
aggregated (e.g., for the purpose of gathering and
reporting healthcare statistics) and
• contact information and procedures to follow for
individuals who have questions about the privacy of
their data or who have a complaint 25
 Information Security Principles
1. Information Security Policy 9. Communications Security
2. Organizing Information 10. Information Systems
Security Acquisition, Development and
Maintenance.
3. Asset Management
11. Supplier Relationships
4. Human Resources Security
12. Information Security Incident
5. Access Control
Management
6. Cryptography
13. Information Security Aspects
7. Physical and Environmental of Business Continuity
Security 26
Limits to Privacy
• Maintaining the implied trust that exists between
patients and their healthcare providers requires that the
reasonable expectations of both groups be met.
• Patient perceptions of the healthcare provider’s need-to-
know may therefore need to be addressed in the
structuring of intake procedures and the related forms
that gather needed personal information.
• Not all patient privacy concerns can be addressed
realistically. 27
Limits to Privacy
• Finally, patients may have unrealistic expectations
about the granularity or grouping of data fields in their
records. They may naively assume that information
about a specific condition such as HIV/AIDS can be
easily masked (“don’t disclose the AIDS fag”) whereas
the information they are concerned about may be
evident from many data sources(e.g., treatment for
HIV/AIDS may be evident from summary care records,
diagnostic test results, prescription medications, and
28
Privacy of Healthcare Providers
• Most healthcare professional associations demand a
clear delineation between data collected on healthcare
providers as professionals rendering healthcare
services, and data collected on healthcare providers as
patients undergoing treatment.
• Organizations must be careful to ensure that the rights
of nurses and other healthcare professionals as patients
are not compromised by their involvement as
professionals and staff in the very organizations 29
The Role of Midwives in Maintaining
the Privacy and Security of Personal
Health Information

• Midwives need to ensure that privacy policies are both

robust and practicable. They should be empowered to
provide appropriate feedback when this is not the case.
• Patients need trustworthy advice about what types of
personal information will be collected from them, and
for what purpose and uses.
30
The Role of Midwives in Maintaining
the Privacy and Security of Personal
Health Information

• In the creation of patient education materials that

clearly explain how personal health information is
collected, used, retained and disclosed, and how that
information is protected while being held.
• In inculcating patient trust: Midwives can provide a
supportive atmosphere in which women can disclose
deeply personal information that is sometimes painful to31
: Applied
Informatics
Research for
eHealth (Ch.13)
Defining the Informatics
Research Agenda for eHealth

• is often used to describe the widespread use of the

Internet and related technologies in health care. In his
definition, “e” must not be interpreted only as electronic
but also as education, encouragement, empowerment,
evidence-based, ethics, and equity. Overall, eHealth
means ways to improve efficiency, enhance quality,
enable information flow, and extend the scope of health
services. 33
Three new priority areas were defined in
six research topics:
• User Needs
• Acquisition, Representation, and Storage of Data,
Information, and Knowledge
• Informatics Support for Midwifery and Healthcare
Practice
• Informatics Support for Patients/Families/Consumers
• Design and Evaluation Methodologies
34
Informatics Support for
Patients/Families/Consumers
• Care is no longer just provided in face-to-face
appointments; technology is increasingly being used to
facilitate remote care (Koivunen and Saranto 2017).
• Surprisingly, only one study (Ranegger et al. 2014)
represents this important evolving service.
• The topic “Role of patient-held electronic records on
participation in their care, and quality of care”.
35
Use of Telecommunications
Technology for Practice

• Bakken et al. (2012) highlighted the importance of

focusing research on informatics support for patients,
consumers, and families.
• This would involve future technologies to empower
patients and professionals to collaborate more
efficiently in various situations.
• This is also connected to changes in health services, as 36
Technology
Enabled
Learning
(Ch.15)
 Simulations
• The use of simulation is a
predominant method of teaching
nurses and midwives. In the
beginning, simulation consisted of
the use of a manikin.
• High-fidelity simulators, that
mimic human responses,
continue to be used in nursing
and midwifery schools across the
globe.
• Technological advances, including 38
Immersive Virtual Simulations
• These simulations allowed
learners to become immersed
in a healthcare environment
and interact with avatars.
The avatars represented
patients, family members,
and in some cases other
healthcare professionals. This
system allowed learners to 39
Online Learning

• The growth of online learning has increased yearly and

offers nurses formal education and professional
development learning opportunities formal education.
• Early examples of online learning typically mimicked the
classroom environment. Early online courses were fairly
passive learning consisting of: recorded lectures,
quizzes and tests and a discussion board.

40
Online Learning

• Online learning was not limited to text-only content

materials with web link but now incorporates a variety
of multimedia such as You Tube videos, podcasts,
animations, and infographics.
• Students were now using these multimedia tools to
complete homework assignments.

41
Connected Health
• Connected Health encompasses terms such as wireless,
digital, electronic, mobile, and telehealth and refers to a
conceptual model for health management where
devices, services or interventions are designed around
the patient’s needs, and health-related data is shared,
in such a way that the patient can receive care in the
most proactive and efficient manner possible.
• All stakeholders in the process are ‘connected’ by
means of timely sharing and presentation of accurate
and pertinent information regarding patient status 42
Virtual Visits with Patients

• As healthcare institutions begin to embrace digital

health, there has been a greater acceptance of virtual
patient visits.
• The coronavirus pandemic served as a catalyst to offer
patients the opportunity to have a virtual patient visit.
• Using a secure video conferencing system available
for desktop, tablets or smartphones serve as the
platform for these virtual visits. 43
Virtual Visits with Patients

44
Questions &
Discussion

45