Privacy, Confidentiality, and Security of Public Health Information
Public health organizations need to protect the confidentiality of sensitive, identifying information about individuals to maintain the willingness of individuals to disclose such information and to adhere to laws affecting the handling of health informat
- PDF / 121,790 Bytes
- 18 Pages / 439.37 x 666.14 pts Page_size
- 25 Downloads / 242 Views
Privacy, Confidentiality, and Security of Public Health Information William A. Yasnoff
Abstract Public health organizations need to protect the confidentiality of sensitive, identifying information about individuals to maintain the willingness of individuals to disclose such information and to adhere to laws affecting the handling of health information. Safeguarding the privacy, confidentiality, and security of such information is an important undertaking. A public health organization needs to adhere to the basic principles of fair information practices, as incorporated into the Privacy Act of 1974, and to develop and enforce confidentiality policies that govern the handling and release of public health data. Among security measures that an organization can institute to protect the integrity of information and guard against unauthorized access to it are passwords, smart cards, biometrics, and cryptography. In addition, a public health organization needs to be especially vigilant about potential intrusions into its computer systems, and particularly of those systems that rely or reside on the Internet. The use of proxy servers, session password mechanisms, and firewalls can help guard against mischievous attacks from the Internet, while intrusion detection measures can help an organization detect efforts to compromise systems. Keywords Authentication • Biometrics • Capacity for correction • Confidentiality • Consent • Covered entities • Cryptography • Data availability • Data integrity • Denial of service • Disclosure • Fair information practices • Firewalls • HIPAA • Identifying information • Integrity • Intrusion detection • k-anonymity • Key • Need-to-know access • Passwords • Privacy • Protected health information • Proxy servers • Public health exception • Re-disclosure • Relevance • Security • Session password mechanisms • Smart cards • Written purpose
W.A. Yasnoff, MD, PhD NHII Advisors, 1854 Clarendon Blvd, Arlington, VA 22201, USA e-mail: [email protected] J.A. Magnuson, P.C. Fu, Jr. (eds.), Public Health Informatics and Information Systems, Health Informatics, DOI 10.1007/978-1-4471-4237-9_9, © Springer-Verlag London 2014
155
156
W.A. Yasnoff
Learning Objectives 1. Explain why it is important both practically and legally for public health organizations to maintain the confidentiality of information about individuals and to avoid releasing aggregate data that could identify an individual or cohort. 2. List and briefly describe the six principles of fair information practices. 3. Describe the key provisions of the HIPAA Privacy and Security rules. 4. Describe a rule of thumb that can be used in determining the adequacy of a denominator in the release of aggregate public health data. 5. List and describe the steps that a public health organization should take in establishing confidentiality agreements regarding health information. 6. Describe at least four characteristics that a good password system should have. 7. Describe the features of (1) smart cards, (2) biometrics, and (3) cryptog
Data Loading...
