Balancing confidentiality and care coordination: challenges in patient privacy.

BACKGROUND: In the digital age, maintaining patient confidentiality while ensuring effective care coordination poses significant challenges for healthcare providers, particularly nurses. AIM: To investigate the challenges and strategies associated with balancing patient confidentiality and effective care coordination in the digital age. METHODS: A cross-sectional study was conducted in a general hospital in Egypt to collect data from 150 nurses across various departments with at least six months of experience in patient care. Data were collected using six tools: Demographic Form, HIPAA Compliance Checklist, Privacy Impact Assessment (PIA) Tool, Data Sharing Agreement (DSA) Framework, EHR Privacy and Security Assessment Tool, and NIST Cybersecurity Framework. Validity and Reliability were ensured through pilot testing and factor analysis. RESULTS: Participants were primarily aged 31-40 years (45%), with 75% female and 60% staff nurses. High compliance was observed in the HIPAA Compliance Checklist, especially in Administrative Safeguards (3.8 ± 0.5), indicating strong management and training processes, with an overall score of 85 ± 10. The PIA Tool showed robust privacy management, with Project Descriptions scoring 4.5 ± 0.3 and a total score of 30 ± 3. The DSA Framework had a mean total score of 20 ± 2, with Data Protection Measures scoring highest at 4.0 ± 0.4. The EHR assessments revealed high scores in Access Controls (4.4 ± 0.3) and Data Integrity Measures (4.3 ± 0.3), with an overall score of 22 ± 1.5. The NIST Cybersecurity Framework had a total score of 18 ± 2, with the highest scores in Protect (3.8) and lower in Detect (3.6). Strong positive correlations were found between HIPAA Compliance and EHR Privacy (r = 0.70, p < 0.05) and NIST Cybersecurity (r = 0.55, p < 0.05), reflecting effective data protection practices. CONCLUSION: The study suggests that continuous improvement in privacy practices among healthcare providers, through ongoing training and comprehensive privacy frameworks, is vital for enhancing patient confidentiality and supporting effective care coordination.

Access to Psychotherapy Notes: Review of Legal Standards for Mental Health Clinicians.

Patients' access to their psychotherapy records may be assumed to be well protected; however, the matter is intricately regulated. In fact, the statutes and rights pertaining to patient access to psychotherapy notes vary across states. Taken together, federal and state laws indirectly and inconsistently delineate lawful access-as well as clinical exceptions to providing access-to psychotherapy notes. Federal law defers to state laws when the latter afford individuals greater access to their notes. Both federal and individual state levels vary in providing for possible conditions under which access may be restricted. Right of access to psychotherapy notes is a matter of importance for all mental health clinicians in the United States. Awareness and integration of pertinent laws and regulations allow clinicians to manage such matters without a negative impact on their clinical care. Further consideration of how clinical practice interacts with other dimensions of health care administration (clinical, ethical, and legal) may serve to enhance the integrity of a clinician's work and the ability to adapt to difficult clinical circumstances with confidence.

Security Implications of AI Chatbots in Health Care.

Artificial intelligence (AI) chatbots like ChatGPT and Google Bard are computer programs that use AI and natural language processing to understand customer questions and generate natural, fluid, dialogue-like responses to their inputs. ChatGPT, an AI chatbot created by OpenAI, has rapidly become a widely used tool on the internet. AI chatbots have the potential to improve patient care and public health. However, they are trained on massive amounts of people's data, which may include sensitive patient data and business information. The increased use of chatbots introduces data security issues, which should be handled yet remain understudied. This paper aims to identify the most important security problems of AI chatbots and propose guidelines for protecting sensitive health information. It explores the impact of using ChatGPT in health care. It also identifies the principal security risks of ChatGPT and suggests key considerations for security risk mitigation. It concludes by discussing the policy implications of using AI chatbots in health care.

The role of collectivism and moderating effect of IT proficiency on intention to disclose protected health information.

This paper aims to identify and understand factors affecting insiders' intention to disclose patients' medical information and to investigate how these factors affect the intention to disclose. Based on the literature review on deterrence theory and health information security awareness (HISA), we identify relevant factors and develop a research model explaining insiders' intention to disclose patients' health information. We collect data (N = 105) through scenario-based experiments. Results show that two personal factors, collectivism, and IT proficiency, play a significant role in the model. While collectivism affects two components (health information security regulation awareness and punishment severity awareness) of HISA which influences intention to disclose, IT proficiency moderates the relationship between HISA and intention to disclose. In addition, HISA negatively affects reporting assessment and intention to disclose. This paper aims to fill a research gap in understanding factors affecting insiders' intentions to disclose protected health information. We identify and investigate factors (e.g., collectivism, HISA, reporting assessment, and IT proficiency) that may affect insiders' disclosing intentions. We find that collectivism affects two components of HISA which influence reporting assessment and disclosing intention. We also discover that IT proficiency moderates the relationship between HISA and intention to disclose. Our findings suggest that we need to carefully consider personal factors such as collectivistic nature and IT proficiency in managing insiders' security breaches.

Data sharing and privacy issues in neuroimaging research: Opportunities, obstacles, challenges, and monsters under the bed.

Collaborative networks and data sharing initiatives are broadening the opportunities for the advancement of science. These initiatives offer greater transparency in science, with the opportunity for external research groups to reproduce, replicate, and extend research findings. Further, larger datasets offer the opportunity to identify homogeneous patterns within subgroups of individuals, where these patterns may be obscured by the heterogeneity of the neurobiological measure in smaller samples. However, data sharing and data pooling initiatives are not without their challenges, especially with new laws that may at first glance appear quite restrictive for open science initiatives. Interestingly, what is key to some of these new laws (i.e, the European Union's general data protection regulation) is that they provide greater control of data to those who "give" their data for research purposes. Thus, the most important element in data sharing is allowing the participants to make informed decisions about how they want their data to be used, and, within the law of the specific country, to follow the participants' wishes. This framework encompasses obtaining thorough informed consent and allowing the participant to determine the extent that they want their data shared, many of the ethical and legal obstacles are reduced to just monsters under the bed. In this manuscript we discuss the many options and obstacles for data sharing, from fully open, to federated learning, to fully closed. Importantly, we highlight the intersection of data sharing, privacy, and data ownership and highlight specific examples that we believe are informative to the neuroimaging community.

The Patient Role in a Federal National-Scale Health Information Exchange.

The federal Trusted Exchange Framework and Common Agreement (TEFCA) aims to reduce fragmentation of patient records by expanding query-based health information exchange with nationwide connectivity for diverse purposes. TEFCA provides a common agreement and security framework allowing clinicians, and possibly insurance company staff, public health officials, and other authorized users, to query for health information about hundreds of millions of patients. TEFCA presents an opportunity to weave information exchange into the fabric of our national health information economy. We define 3 principles to promote patient autonomy and control within TEFCA: (1) patients can query for data about themselves, (2) patients can know when their data are queried and shared, and (3) patients can configure what is shared about them. We believe TEFCA should address these principles by the time it launches. While health information exchange already occurs on a large scale today, the launch of TEFCA introduces a major, new, and cohesive component of 21st-century US health care information infrastructure. We strongly advocate for a substantive role for the patient in TEFCA, one that will be a model for other systems and policies.

Workflow Integration of Research AI Tools into a Hospital Radiology Rapid Prototyping Environment.

The field of artificial intelligence (AI) in medical imaging is undergoing explosive growth, and Radiology is a prime target for innovation. The American College of Radiology Data Science Institute has identified more than 240 specific use cases where AI could be used to improve clinical practice. In this context, thousands of potential methods are developed by research labs and industry innovators. Deploying AI tools within a clinical enterprise, even on limited retrospective evaluation, is complicated by security and privacy concerns. Thus, innovation must be weighed against the substantive resources required for local clinical evaluation. To reduce barriers to AI validation while maintaining rigorous security and privacy standards, we developed the AI Imaging Incubator. The AI Imaging Incubator serves as a DICOM storage destination within a clinical enterprise where images can be directed for novel research evaluation under Institutional Review Board approval. AI Imaging Incubator is controlled by a secure HIPAA-compliant front end and provides access to a menu of AI procedures captured within network-isolated containers. Results are served via a secure website that supports research and clinical data formats. Deployment of new AI approaches within this system is streamlined through a standardized application programming interface. This manuscript presents case studies of the AI Imaging Incubator applied to randomizing lung biopsies on chest CT, liver fat assessment on abdomen CT, and brain volumetry on head MRI.

The Impact of Patient Access to Their Electronic Health Record on Medication Management Safety: A Narrative Review.

Introduction: As the American's Federal Health Insurance Portability and Accountability Act (HIPAA) stated that patients should be allowed to review their medical records, and as information technology is ever more widely used by healthcare professionals and patients, providing patients with online access to their own medical records through a patient portal is becoming increasingly popular. Previous research has been done regarding the impact on the quality and safety of patients' care, rather than explicitly on medication safety, when providing those patients with access to their electronic health records (EHRs). Aim: This narrative review aims to summarise the results from previous studies on the impact on medication management safety concepts of adult patients accessing information contained in their own EHRs. Result: A total of 24 studies were included in this review. The most two commonly studied measures of safety in medication management were: (a) medication adherence and (b) patient-reported experience. Other measures, such as: discrepancies, medication errors, appropriateness and Adverse Drug Events (ADEs) were the least studied. Conclusion: The results suggest that providing patients with access to their EHRs can improve medication management safety. Patients pointed out improvements to the safety of their medications and perceived stronger medication control. The data from these studies lay the foundation for future research.

Ethical and Legal Implications of Remote Monitoring of Medical Devices.

Policy Points Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device-collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. CONTEXT: Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored. METHODS: Using pacemakers and implantable cardioverter-defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records. FINDINGS: Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device-collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the "little sister" of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device-derived data. CONCLUSIONS: Current health privacy legislation incompletely supports patients' normative claims for access to digital health data.

Initial Experience With Patient Visible Light Images Obtained Simultaneously With Portable Radiographs.

OBJECTIVE. Visible light images in the form of point-of-care photographs obtained at the time of medical imaging can be useful for detecting wrong-patient errors and providing image-related clinical context. Our goal was to implement a system to automatically obtain point-of-care patient photographs along with portable radiographs. CONCLUSION. We discuss one academic medical center's initial experience in integrating the system into the clinical workflow and initial use cases ranging from cardiothoracic and abdominal imaging to musculoskeletal imaging, for which such point-of-care photographs were deemed clinically beneficial.

De-Identification of Facial Features in Magnetic Resonance Images: Software Development Using Deep Learning Technology.

BACKGROUND: High-resolution medical images that include facial regions can be used to recognize the subject's face when reconstructing 3-dimensional (3D)-rendered images from 2-dimensional (2D) sequential images, which might constitute a risk of infringement of personal information when sharing data. According to the Health Insurance Portability and Accountability Act (HIPAA) privacy rules, full-face photographic images and any comparable image are direct identifiers and considered as protected health information. Moreover, the General Data Protection Regulation (GDPR) categorizes facial images as biometric data and stipulates that special restrictions should be placed on the processing of biometric data. OBJECTIVE: This study aimed to develop software that can remove the header information from Digital Imaging and Communications in Medicine (DICOM) format files and facial features (eyes, nose, and ears) at the 2D sliced-image level to anonymize personal information in medical images. METHODS: A total of 240 cranial magnetic resonance (MR) images were used to train the deep learning model (144, 48, and 48 for the training, validation, and test sets, respectively, from the Alzheimer's Disease Neuroimaging Initiative [ADNI] database). To overcome the small sample size problem, we used a data augmentation technique to create 576 images per epoch. We used attention-gated U-net for the basic structure of our deep learning model. To validate the performance of the software, we adapted an external test set comprising 100 cranial MR images from the Open Access Series of Imaging Studies (OASIS) database. RESULTS: The facial features (eyes, nose, and ears) were successfully detected and anonymized in both test sets (48 from ADNI and 100 from OASIS). Each result was manually validated in both the 2D image plane and the 3D-rendered images. Furthermore, the ADNI test set was verified using Microsoft Azure's face recognition artificial intelligence service. By adding a user interface, we developed and distributed (via GitHub) software named "Deface program" for medical images as an open-source project. CONCLUSIONS: We developed deep learning-based software for the anonymization of MR images that distorts the eyes, nose, and ears to prevent facial identification of the subject in reconstructed 3D images. It could be used to share medical big data for secondary research while making both data providers and recipients compliant with the relevant privacy regulations.

Doctors Routinely Share Health Data Electronically Under HIPAA, and Sharing With Patients and Patients' Third-Party Health Apps is Consistent: Interoperability and Privacy Analysis.

Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information. Some doctors and health systems have voiced concern about whether they may transmit a patient's data upon the patient's request to the patient or the patient's health app. This hesitation impedes shared information and care coordination with patients. It impairs patients' ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients' family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people's smartphones. This paper explains that sharing data electronically with patients and patients' third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment or with insurers for reimbursement. The paper explains and illustrates basic principles and scenarios around sharing with patients, including patients' third-party apps. Doctors routinely and legally share health data electronically under HIPAA whether or not their organizations retain HIPAA responsibility. Sharing with patients and patients' third-party apps is no different and should be just as routine.

Ethical implications of using biobanks and population databases for genetic suicide research.

This article provides a review of the ethical considerations that drive research policy and practice related to the genetic study of suicide. As the tenth cause of death worldwide, suicide constitutes a substantial public health concern. Biometrical studies and population-based molecular genetic studies provide compelling evidence of the utility of investigating genetic underpinnings of suicide. International, federal, and institutional policies regulating research are explored through the lenses of the ethical principles of autonomy, beneficence, non-maleficence, and justice. Trapped between the Common Rule's definition of human subjects, and the Health Insurance Portability and Accountability Act's protected information, suicide decedent data occupy an ethical gray area fraught with jurisdictional, legal, and social implications. Two avenues of research, biobanks and psychological autopsies, provide tangible application for the ethical principles examining the risks to participants and their families. Additionally, studies surveying public opinion about research methods, especially broad consent, are explored. Our approach of applying the four ethical principles to policy, sample collection, data storage, and secondary research applications can also be applied to genetic research with other populations. We conclude that broad consent for secondary research, as well as next-of-kin at the time of autopsy, serve to satisfy privacy and confidentiality under the ethical principle of autonomy. We recommend ongoing ethical evaluation of research policy and practice.

Privacy Issues in Smartphone Applications: An Analysis of Headache/Migraine Applications.

BACKGROUND: Headache diaries are a mainstay of migraine management. While many commercial smartphone applications (apps) have been developed for people with migraine, little is known about how well these apps protect patient information and whether they are secure to use. OBJECTIVE: We sought to assess whether there are privacy issues surrounding apps so that physicians and patients could better understand what medical information patients are providing to the app companies, and the potential privacy implications of how the app companies (and other third parties) might use that information. METHODS: We conducted a systematic search of the most popular "headache" and "migraine" apps and developed a database of the types of data the apps requested for input by the user and whether the apps had clear privacy policies. We also examined the content of the privacy policies. RESULTS: Twenty-nine apps were examined (14 diary apps, 15 relaxation apps). Of the diary applications, 79% (11/14) had visible privacy policies. Of the diary apps with privacy policies, all (11/11) stated whether or not the app collects and stores information remotely. A total of 55% (6/11) stated that some user data were used to serve targeted advertisements. A total of 11/15 (73%) of the relaxation apps had privacy policies. CONCLUSIONS: Headache apps shared information with third parties, posing privacy risks partly because there are few legal protections against the sale or disclosure of data from medical apps to third parties.

Secure smartphone application-based text messaging in emergency department, a system implementation and review of literature.

BACKGROUND: The utilization of smartphone-based technology and applications to streamline patient care provides an exciting opportunity for quality improvement research. As traditional communication methods such as paging have repeatedly been shown to be susceptible to errors and inefficiency that can delay patient care, smartphones continue to be investigated as means of improving inter-hospital communication and patient outcomes. METHODS AND MATERIALS: We conducted a systematic literature review in PubMed, MEDLINE using the keywords Health Insurance Portability and Accountability Act (HIPAA) Compliant Group Messaging (HCGM), text paging communication, secure hospital text message, HIPAA text message, and secure hospital communication. The search considered studies published until January 2018. Only English-language studies were included. We reviewed the reference lists of included articles for additional studies, as well. Abstracts, unpublished data, and duplicate articles were excluded. RESULTS: 569 studies were screened and assessed for eligibility with 35 meeting the inclusion criteria. 15 of these studies are data-driven with topics of investigation ranging from facilitation of communication (40%), security (33%), provider/patient satisfaction with communication (26%), diagnostic assistance (20%), demographics of use (13%), time spent in communication (13%), and finances (7%). Sample size per study varied from 30 to 10,000 encounters. CONCLUSIONS: The use of smartphones can positively impact patient care; however, these benefits must be balanced with the responsibility to protect patient privacy and confidentiality. In order to continue to support HCGM's expansion and integration into daily practice, further data-driven studies into HCGM-specific interventions must be pursued.

Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring.

As Internet of Things (IoT) devices and other remote patient monitoring systems increase in popularity, security concerns about the transfer and logging of data transactions arise. In order to handle the protected health information (PHI) generated by these devices, we propose utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, we created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner.