LESSON 14

EHTICS , PRIVACY,
AND SECURITY
Health Information System
for Medical Laboratory Science
INTRODUCTION

Modernization in healthcare has led to the tendency of most

practitioners to rely on the use of mechanical aids throughout the
process of providing patient treatment. However, the fact remains
that human values should continue to govern research and
practice in the healthcare profession. Healthcare informatics
encompasses issues of proper and improper behavior, honorable
actions, and of right and wrong.
ETHICAL PRINCIPLES FOR APPROPRIATE
USE OF DECISION-SUPPORT SYSTEMS
A computer program should be used in clinical practice only after appropriate

1 evaluation of its efficacy and the documentation that it performs its intended
task at an acceptable cost in time and money.

All uses of informatics tools, especially in patient care, should be preceded by

2 adequate training and instruction, which should include review of applicable

product evaluations.

Users of most clinical systems should be health professionals who are qualified

3 to address the question at hand on the basis of their licensure, clinical training,
and experience. Software systems should be used to augment or supplement,
rather than to replace or supplant, such individual's decision-making.
ETHICS IN HEALTH
INFORMATICS

Health informatics ethics (HIE) is the application of

the principles of ethics to the domain of health
informatics. There are three main aspects of health
informatics: healthcare informatics, and software.
Information systems are developed in order to assist
in the dispensation of healthcare or other
supplementary services.
 HEALTH INFORMATICS ETHICS

General Informatics Software

Privacy
Autonomy Society
Openness
Benificence Institution and
Security
Non-malficence Employees
Access
Profession
Infringement
Least Intrusion
Accountability
In a general sense, autonomy is defined as either allowing
individuals to make their own decisions in response to a
particular societal context, or as the idea that no one human
person does not have the authority nor should have power
over another human person. Electronic health records (EHR)
must maintain respect for patient autonomy, and this entails
certain restrictions about the access, content, and
ownership of records.
When patients are given too much control over their EHRs,
this could defeat the purpose of the use of such a document
because critical information might be modified or deleted
without the knowledge of the health professionals. Limiting
patient access and control over patient records improves
document quality, because they can become proofreaders of
their own patient history (Mercuri, 2010).
These two principles are respectively defined as "do good"
and "do no harm." In health informatics, beneficence relates
most significantly with the use of the stored data in the EHR
System, and non-maleficence with data protection.
Deeply-integrated EHR systems will contain substantial
amounts of raw data, and great potential exists for the
conduction of groundbreaking biomedical and public health
research, These kinds of research will be beneficial to both
the individual patient, and to the entirety of society. With this
in mind, new EHR systems should be developed with the
capacity to allow patients to release information from their
EHRs, which can be valuable to researchers and scientists.
 INFORMATICS ETHICS
Informatics ethics, on the other hand, involves the ethical
behavior required of anyone handling data and information,
as prescribed by the International Medical Informatics
Association (2016).

1. Principle of Information-Privacy and Disposition

2. Principle of Openness

3. Principle of Security
 INFORMATICS ETHICS

4. Principle of Access

5. Principle of Legitimate Infringement

6. Principle of the Least Intrusive Alternative

7. Principle of Accoutability
SOFTWARE ETHICS

Health informatics ethics heavily relies on use of software to store

and process information. As a result, activities carried out by
software developers might significantly affect end-users. The
software developer has ethical duties and responsibilities to the
following stakeholders: society, institution and employees, and
the profession.
SOFTWARE ETHICS

Activities should be carried out with the best interest of the

society in mind.

Activities must be done in the best interests of the institution and

its employees, while balancing their duties to the public, including
being straightforward about personal limitations and
qualifications.

Software products should meet expected professional standards.

PRIVACY, CONFIDENTIALITY, AND SECURITY

Privacy and confidentiality are often used interchangeably,

but they are not synonymous. Privacy generally applies to
individuals and their aversion to eavesdropping, whereas
confidentiality is more closely related to unintended
disclosure of information.
PRIVACY, CONFIDENTIALITY, AND SECURITY

There are numerous significant reasons to protect privacy and

confidentiality. (1) One is that privacy and confidentiality are
widely regarded as rights of all people which merits respect
without need to be earned, argued, or defended. (2) Secondly,
protection of privacy and confidentiality is ultimately
advantageous for both individuals and society.
LEVELS OF SECURITY IN THE HOSPITAL INFORMATION SYSTEM

Safeguards can be on an Administrative (may be

implemented by the management as organization-wide
policies and procedures), Physical (mechanisms to protect
equipment, systems, and locations), or Technical Level
(automated processes to protect the software and database
access and control)

It is important to note that the types of safeguards you

choose may be prescribed or restricted by law and its cost-
benefit principle.
EXAMPLES OF ADMINISTRATIVE, PHYSICAL, AND TECHNICAL SAFEGUARDS

l Continual risk assessment of your health IT environment

l Continual assessment of the effectiveness of safeguards for
electronic health information
l Detailed processes for viewing and administering electronic
ADMINISTRATIVE health information
SAFEGUARDS l Employee training on the use of health IT to appropriately
protect electronic health information
l Appropriately reporting security breaches (e.g.. to those
entities required by law or contract) and ensuring continued
health IT operations

Office alarm systems

PHYSICAL Locked offices containing computing equipment that store
electronic health information
SAFEGUARDS
Security guards
EXAMPLES OF ADMINISTRATIVE, PHYSICAL, AND TECHNICAL SAFEGUARDS

Securely configured computing equipment

Certified applications and technologies that store or exchange
electronic health information
TECHNICAL
Access controls to health IT and electronic health information
SAFEGUARDS Encryption of electronic health information
Auditing of health IT operations
Health IT backup capabilities
LEVELS OF SECURITY IN THE LABORATORY INFORMATION SYSTEM

KEY STEPS IN LABORATORY INFORMATION FLOW FOR A HOSPITAL PATIENT

STEP DESCRIPTION

Patient Record Creation

Automatic Data Transfer
Register Patient
Hospital Admission

Physician Test Orders

Timing of Collection
Order Tests
Order Entry and Transfer
KEY STEPS IN LABORATORY INFORMATION FLOW FOR A HOSPITAL PATIENT

Pre-collection Preparation
Barcode Labels
Collect Sample
Barcode Details
Sample Sorting

Status Update: Upon arrival in the laboratory, sample

status must be updated in the LIS from "collected" to
Receive Sample "received."
Barcode Scanning
Order Transmission
KEY STEPS IN LABORATORY INFORMATION FLOW FOR A HOSPITAL PATIENT

Automated Analyzer Loading

Automated Test Recognition
Run Sample
No Work List for Automated Tests
Manual Test Work List

Results Transmission
Review Results Technologist-Only Access
Flagging System
 KEY STEPS IN LABORATORY INFORMATION FLOW FOR A HOSPITAL PATIENT

Result Release by Technologist

Release Results Automated Release Option
Transmission to CIS

Physician Access
Report Results
Report Printing
Source: McPherson and Pincus. (2017). Henry's Clinical Diagnosis and Management by Laboratory Methods.
LEVELS OF SECURITY IN THE LABORATORY INFORMATION SYSTEM

SAFEGUARDS FOR THE LABORATORY INFORMATION SYSTEM

Continuous employee training on the use of the LIS

Periodic review of standards in identifying which results
should be flagged
Strengthen laboratory authorization and supervision policies
Implement strict rules and regulations regarding the testing
Administrative
procedures
Safeguards
Release guidelines on proper disposal of laboratory
specimen
Enforce policies on the proper use of laboratory
workstations
Impose disciplinary measures as needed
SAFEGUARDS FOR THE LABORATORY INFORMATION SYSTEM

Periodic maintenance of laboratory equipment

Biometrics or other security protocol for laboratory
access
Physical Controlled temperature both for equipment and
Safeguards specimen
Contingency operations plan
Use of appropriate personal laboratory safety
equipment
SAFEGUARDS FOR THE LABORATORY INFORMATION SYSTEM

Automated identity confirmation procedures for

users requesting access
Technical
Regular change of username and password
Safeguards
Different access capabilities based on user position
Automatic log-off after long periods of inactivity
THANK
YOU! BAIFARISHA DACULA
MUHAJIREN ABDULLATIP
NORAIPA ADAM
NORJIANNAH ABDULLAH
SHAINA AMEL
ALIMAR BADI
SITTIE ANAISA BAGUNDANG
ALMIRA BANSAWAN
NORJUIANA BOGEL
SAMERAH CAMSA
REPORTERS