EPIC logo

Privacy and Security for Medical Information Systems

"Seizing the Opportunity: The Power of Health Information"
AHIMA National Convention
Las Vegas, Nevada
October 1994

Marc Rotenberg, director
Electronic Privacy Information Center

[Keynote Address]

Medical Record Contents

"A complete medical record may contain more intimate details about an individual than could be found in other single document"- House staff member Bob Gellman

Risks of Misuse of Medical Data

Privacy protection is critical for delivery of health care services

Policy Context

Medical record privacy is the most important privacy issue of the 1990s

Key Policy Issues

Medical record privacy is the most complex privacy issue of the 1990s

Privacy and Security



Good record policies protect privacy and security

Code of Fair Information Practices

Fair Information Practices establish responsibilities for data collectors and rights for data subjects

Control Secondary Use

Assume protection of record. Disclose only if: "Function creep" is always a risk with information systems containing personal data

Control Use of Identifier

Problems with Social Security Number (SSN)

Special legal and administrativesafeguards are necessary for the SSN

Patient Rights of Access

Patient’s right of access is a critical part of privacy protection

Oversight and Enforcement

Good policies need good oversight

Administration's Privacy Goals (1993)

General agreement on privacy goals

AHIMA Privacy Policies

AHIMA approach provides good basis for patient record privacy

Legislation: HR 4077

Medical privacy legislation is still needed

New Challenges

Consider always the privacy interests of the data subject

1970s Model

Problems with 1970s Model

Privacy as one of several competing interests

New Issues for the 1990s

Privacy as a "necessary precondition"



Return to the EPIC Medical Privacy Page

Return to the EPIC Privacy Page

Return to the EPIC Home Page