Evaluating people's concern about their health information privacy based on power-responsibility equilibrium model: A case of Taiwan.

To address the issue of rising expenditure of healthcare service and to fulfill the skyrocketing demand for quality healthcare, the electronic medical records (EMR) exchange has become a vital and indispensable solution for healthcare facilities in terms of being able to share medical information among healthcare providers. Hence, EMR exchange was expected to improve the quality of healthcare and reduce the cost of repetitive medical check-ups and unnecessary treatments. However, recent reports affirming EMR data leaks and compromises have ignited major worldwide privacy concerns over the security of the EMR systems. How to effectively diminish patients' concern for EMR privacy has thus become an important issue that healthcare institution managers/stakeholders have to address urgently. This study leverages the power-responsibility equilibrium perspective to investigate the antecedents and consequences of concerns for the EMR exchange. A survey using 391 responses collected from medical centers, regional and district hospitals in Taiwan was used to conduct this study. The results show that government regulations have a positive effect on hospital privacy policies. Furthermore, both government regulations and hospital privacy policy are negatively associated with concern for EMR information privacy. Additional reports gathered from this study also showed that concern for EMR information privacy could result in patients' protective responses including refusal to provide personal health information (PHI), removal of PHI, negative word of mouth, complaining directly to the hospital, or complaining indirectly to third-party organizations. These findings demonstrate the need for healthcare facilities to formulate robust privacy policies in order to alleviate patients' concern for EMR information privacy based on governmental regulations. This regulation is top-priority as the incapability of reducing patients' concern for EMR information privacy may lead to the collapse of the campaign for the full-adoption of EMR or possibly jeopardize the promotion and application of EMR among healthcare facilities.

Regulatory Disruption and Arbitrage in Health-Care Data Protection.

This article explains how the structure of U.S. health-care data protection (specifically its sectoral and downstream properties) has led to a chronically uneven policy environment for different types of health-care data. It examines claims for health-care data protection exceptionalism and competing demands such as data liquidity. In conclusion, the article takes the position that healthcare- data exceptionalism remains a valid imperative and that even current concerns about data liquidity can be accommodated in an exceptional protective model. However, re-calibrating our protection of health-care data residing outside of the traditional health-care domain is challenging, currently even politically impossible. Notwithstanding, a hybrid model is envisioned with downstream HIPAA model remaining the dominant force within the health-care domain, but being supplemented by targeted upstream and point-of-use protections applying to health-care data in disrupted spaces.

[Required Framework for the Collection of Real-life Data: An Example from University Eye Hospital Munich]. / Rahmenbedingungen zur Sammlung von "Real-Life"-Daten am Beispiel der Augenklinik der Universität München.

Background The importance of evaluating real-life data is constantly increasing. Currently available computer systems better allow for analyses of data, as more and more data is available in a digital form. Before a project for real-life data analyses is started, technical considerations and staff, legal, and data protection procedures need to be addressed. In this manuscript, experiences made at the University Eye Hospital in Munich will be shared. Materials and Methods Legal requirements, as found in laws and guidelines governing documentation and data privacy, are highlighted. Technical requirements for information technology infrastructure and software are defined. A survey conducted by the German Ophthalmological Society, among German eye hospitals investigating the current state of digitalization, was conducted. Also, staff requirements are outlined. Results A database comprising results of 330,801 patients was set up. It includes all diagnoses, procedures, clinical findings and results from diagnostic devices. This database was approved by the local data protection officer. In less than half of German eye hospitals (n = 21) that participated in the survey (n = 54), a complete electronic documentation is done. Fourteen institutions are completely paper-based, and the remainder of the hospitals used a mixed system. Conclusion In this work, we examined the framework that is required to develop a comprehensive database containing real-life data from clinics. In future, these databases will become increasingly important as more and more innovation are made in decision support systems. The base for this is comprehensive and well-curated databases.

[Use of routine data from statutory health insurances for federal health monitoring purposes]. / Nutzungsmöglichkeiten von Routinedaten der Gesetzlichen Krankenversicherung in der Gesundheitsberichterstattung des Bundes.

Federal health monitoring deals with the state of health and the health-related behavior of populations and is used to inform politics. To date, the routine data from statutory health insurances (SHI) have rarely been used for federal health monitoring purposes. SHI routine data enable analyses of disease frequency, risk factors, the course of the disease, the utilization of medical services, and mortality rates. The advantages offered by SHI routine data regarding federal health monitoring are the intersectoral perspective and the nearly complete absence of recall and selection bias in the respective population. Further, the large sample sizes and the continuous collection of the data allow reliable descriptions of the state of health of the insurants, even in cases of multiple stratification. These advantages have to be weighed against disadvantages linked to the claims nature of the data and the high administrative hurdles when requesting the use of SHI routine data. Particularly in view of the improved availability of data from all SHI insurants for research institutions in the context of the "health-care structure law", SHI routine data are an interesting data source for federal health monitoring purposes.

[Requirements regarding health records: transfer or copy]. / Dossierplicht: overdracht of afschrift.

Dutch law requires every healthcare provider, which obviously includes dentists, to maintain health records. Most of the rules governing the health record requirement are in the Law of Agreement to Medical Treatment (WGBO). And, as is often the case with the law, interpretation is left to the (disciplinary)judge. There is, in fact, a considerable amount of legal precedent concerning what information belongs in the health record. It is not uncommon for a dentist to be on the losing side in a legal proceeding because his defence is not supported by the health record. And if it becomes clear that (a portion of) the health record has been destroyed, despite the legal requirement to maintain records, in this too the dentist can count on little sympathy from the judge. In a recent judgment, the Central Disciplinary Committee was more severe than ever- with far-reaching consequences for the relevant dentist.

[Standardization and archiving of clinical reviews: search for optimal solutions].

The article refers to the necessity of the optimization processes for standardization and archiving of clinical examinations at the different stages of care, including also outpatient care. The compromise solution to the problem has been offered in the article.

Secondary uses of electronic health record data: benefits and barriers.

In the primary use of health data, patient health information in electronic health records (EHRs) directly informs each individual's care. In secondary use, patient data would be aggregated to improve health care delivery, yet several technological and policy barriers may slow implementation-but may be amenable to intervention.

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

BACKGROUND: Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. OBJECTIVE: To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. METHODS: We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. RESULTS: The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). CONCLUSIONS: Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Estimating the re-identification risk of clinical data sets.

BACKGROUND: De-identification is a common way to protect patient privacy when disclosing clinical data for secondary purposes, such as research. One type of attack that de-identification protects against is linking the disclosed patient data with public and semi-public registries. Uniqueness is a commonly used measure of re-identification risk under this attack. If uniqueness can be measured accurately then the risk from this kind of attack can be managed. In practice, it is often not possible to measure uniqueness directly, therefore it must be estimated. METHODS: We evaluated the accuracy of uniqueness estimators on clinically relevant data sets. Four candidate estimators were identified because they were evaluated in the past and found to have good accuracy or because they were new and not evaluated comparatively before: the Zayatz estimator, slide negative binomial estimator, Pitman's estimator, and mu-argus. A Monte Carlo simulation was performed to evaluate the uniqueness estimators on six clinically relevant data sets. We varied the sampling fraction and the uniqueness in the population (the value being estimated). The median relative error and inter-quartile range of the uniqueness estimates was measured across 1000 runs. RESULTS: There was no single estimator that performed well across all of the conditions. We developed a decision rule which selected between the Pitman, slide negative binomial and Zayatz estimators depending on the sampling fraction and the difference between estimates. This decision rule had the best consistent median relative error across multiple conditions and data sets. CONCLUSION: This study identified an accurate decision rule that can be used by health privacy researchers and disclosure control professionals to estimate uniqueness in clinical data sets. The decision rule provides a reliable way to measure re-identification risk.

Digital signature of electronic dental records.

INTRODUCTION: The purpose of this article is to examine the feasibility of digital signature technology to guarantee the legal validation of electronic dental records. METHODS: The possible uses of digital signature technology, the actual use of digital signature technology to authenticate electronic dental records, the authentication of each part of the electronic dental record, the general legal principles involved, how to digitally sign electronic dental record files, and the limitations of this method are discussed. RESULTS AND CONCLUSIONS: It is possible to obtain electronic dental records that carry the same legal certainty as conventional, nonelectronic records. For this purpose, each part of the electronic dental records should be digitally signed by the author of the document.

Prevention, treatment, and recovery supports for those with substance use problems: opportunities for enhanced access and quality of care.

Substance use disorder is one of our nation's most significant public health problems. If unaddressed, an individual's addiction will negatively impact the family, community and the health care system. Despite major strides in the field of addiction treatment, major barriers still exist preventing the problem to be addressed. We propose some recommendations to help improve access to care.

Knowledge and practice of confidential data handling in the Welsh Deanery: a brief report.

Recent large-scale personal data loss incidents highlighted the need for public bodies to more securely handle confidential data. We surveyed trainees from all specialties in the Welsh Deanery for their knowledge and practice. All registered trainees were invited to participate in an online anonymised survey. There were 880 completed and non-duplicated responses (52.9% response rate). Responses were analysed using Microsoft Access. Over 40% (388/880 (44.1%)) did not use formal guidelines on storage or disposal of confidential data. The majority appeared to dispose of confidential paper documents securely, that is, using shredders and white shredder bags. However, there were significant numbers of unmarked responses. Clinical documents, such as theatre lists, were taken home by 281/880 (31.9%) of trainees. The majority secured their computers (569/871 (65.3%)) by either not keeping patient identifiable data on them or using encryption. However, 302/871 (34.7%) did not adequately secure their computers. The surgical and anaesthetic specialties were least aware of formal confidentiality guidelines (95/178 (53.4%)) and 52/102 (51.0%) respectively) and least secured their computers (106/178 (59.6%) and 63/102 (61.8%) respectively). Education is needed to improve knowledge and practice of confidential data handling. This may be delivered through workshops during induction programmes or as part of European Computer Driving Licence (ECDL) modules. Training is especially indicated for the surgical and anaesthetic specialties.

eDiscovery is here to stay: is your medical practice prepared for its risks and costs?

The adoption of electronic medical records technology in medical practices is helping to improve quality and decrease costs. While electronic records can increase practice efficiencies, this stored digital information is also playing an increasingly central role in the discovery phase of lawsuits. The sheer volume of electronic files that may be subject to a search and review during the electronic discovery phase (eDiscovery or e-discovery) can be overwhelming to produce. This phase of litigation is costly, too--the average eDiscovery project can run into the hundreds of thousands of dollars. A medical practice can reduce the number of procedural headaches and unnecessary legal costs by designing and implementing an eDiscovery strategy and process to reduce their legal and financial risk.