Protection of patient’s rights in eHealth environment

Iskra Mircheva

Abstract: Preserving the privacy and confidentiality of the medical data of the patients has always been a fundamental issue in medicine and healthcare. This issue remains open and much more important with the implementation of eHealth. This paper outlines some basic issues of preserving the patient’s right for privacy and confidentiality of his or her medical data originating from the challenges of the growing implementation of information technologies in medicine and healthcare. Some confidentiality and security measures as well as the basic requirements to the security of electronic medical data are discussed.

Keywords: patient’s rights, privacy, confidentiality, information technologies, electronic medical record, eHealth

Introduction

The electronic storage of vast quantities of medical data and their organization in electronic medical records, the opportunity to communicate medical data among the different healthcare providers through specialized and public computer networks, the development of different medical information systems – these are only a small part of the implementation of information technologies in medicine and healthcare.

While supporting professionals in the delivery of healthcare, eHealth information systems also have the potential to empower the patient. However, to the extent that contractual relations which can be influenced by the patient replace state supervision and responsibility, new requirements for the protection of the individual’s rights emerge.

Preserving the privacy and confidentiality of medical data is an issue that for centuries has been considered fundamental in medicine and healthcare. Ever since the 4th _{century BC}

the medical professionals take the oath of Hippocrates that obliges them to keep in secret the information they have obtained from their patients during the process of delivering health care.

The ever-growing implementation of information technologies in healthcare and medicine, especially the development of the electronic medical record and the connection of clinical databases as well as the freedom these systems offer in relation to their usage force the development of new policy and security procedures for protection the privacy and confidentiality of medical data. The increased use of information technologies and computer applications in medicine and healthcare makes the issue of data protection and security even more important especially when such applications concern patient care and personal patient medical data. Besides, the new technologies offer new opportunities as well as new threats that require new confidentiality and security measures.

No matter how far the technologies go, the problem of preserving the privacy and confidentiality of the medical data persists. It has already become evident that the major problem of information security in healthcare is not the technology but the lack of flexible data security policy. It determines the scope of data to be protected, the level of data protection to require and the access to the different types of medical data. The role of the policy is to balance the functional requirements for the system security, i.e. to balance security and confidentiality measures and this is very difficult to achieve.

The aim of this paper is to analyze the confidentiality and security measures in order to preserve the patient’s rights for privacy.

Materials and methods

Some results are presented based on enquiry carried out among the physicians and nurses in Bulgaria including questions on access, security and legal issues for medical data. Respondents of the study were the physicians and the nurses employed in 5 university and regional hospitals in North-East Bulgaria in 2011. The number of the participants in the study was 650.

Discussion

Preserving the privacy and confidentiality of the medical data of the patients has always been a fundamental issue in medicine and healthcare. This issue remains open and much more important with the implementation of eEurope 2005 Action Plan - An information society for all, followed by the i2010 Digital Agenda for Europe. The Digital Agenda for Europe is one of the seven flagship initiatives of the Europe 2020 Strategy, set out to define the key enabling role that the use of information and communication technologies will have to play if Europe wants to succeed in its ambitions for 2020 [10].

However, the computerization of medical data and information and especially the implementation of computer networks in medicine and healthcare cannot be achieved if the individuals are not convinced that there exist sufficient and adequate measures for the protection and the security of the privacy of their personal medical data. Some of the aspects of the design and implementation of eHealth information systems as pointed out in the Patients Charter for eHealth [1] are access to appropriate information, security and safety of information systems, mastery of the medical record, privacy and confidentiality, dignity and respect, products from the internet and world wide web, comments and complaints and compensation.

Confidentiality measures. The basis of the security of electronically preserved medical data is the recognition of patient’s rights for privacy and confidentiality of his or her personal medical data. The main issue is that recognizing the patient’s rights for privacy we can understand the tendencies of the confidentiality measures. Therefore, the confidentiality measures are the response to the proper understanding of the patient’s rights for privacy. In order to achieve a balance in confidentiality we can point out three different activities.

The first activity concerns the development of universal patient identifier. The shared use of medical data by different healthcare providers through computer networks brings forward the importance of developing a universal patient identifier for the whole healthcare system. Although this is considered a major problem in most of the countries, in Bulgaria it has been partially solved. All Bulgarian citizens and permanently residing foreigners have a 10-digit unique personal identification number (UIN), consisting of the date of birth, the gender and the place of birth (the region in Bulgaria). The last digit is for testing the correctness of the UIN. This UIN is a convenient instrument for organization of different sets of personal information, for registry, statistics etc. Although this UIN is not absolutely safe, it is a convenient means for unique identification of all Bulgarian citizens. This identification number is used in all personal documents and records including the healthcare and health insurance systems. However, the use of this UIN as a unique patient identifier is not appropriate. First, it is a number, and it is universally known that every number used as personal identifier can easily cross the boundaries of its initial use and spread over to other domains. On the other hand, it is written along with the names of the individual on a number of personal identification documents (passport, driving license etc.). For the purposes of preserving the privacy and confidentiality of the individual’s medical data, the UIN has to be extended with some additional personal patient information thus making it more secure.

are E31.17 [2] - Privacy, access and confidentiality, E31.20 – Security of data and health information systems, E31-22 – Medical transportation and documentation. A number of HIPAA Security standards have also been developed. They require physicians to protect the security of patients' electronic medical information through the use of procedures and mechanisms that protect the confidentiality, integrity, and availability of information. As of 2005, physicians must have in place administrative, physical, and technical safeguards that will protect electronic health information that the physician collects, maintains, uses, and transmits.The new HIPAA rules are effective since September 23, 2013.

In Europe, CEN/TC 251 (Medical informatics), focusses on the adaptation, profiling and adoption of interoperability standards in the domain of health informatics. CEN/TC 251 engages with most of the standards development organizations in the field of medical informatics. It is a founding member of the Joint Initiative Council alongside HL7 and ISO. This important Council has now expanded to include IHTSDO (develops terminology), CDISC (deals with clinical research) and GS1 (deals with identification). It is currently working with the Initiative by healthcare professionals and industry to improve the way computer systems in healthcare share information (IHE) in project work and with new consortia such as the Clinical information modeling initiative (CIMI). The combined efforts of these organizations are expected to promote the coordinated use of established standards such as DICOM and HL7 to address specific clinical needs in support of optimal patient care and deliver the set of standards that are needed for true interoperability of health information systems.

CEN/TC 251, Work Group 3 – Security, safety and quality, deals with the development of techniques for technical protection of confidentiality, integrity, availability and accountability as well as guidelines for security management of medical data. A number of such standards have been approved: CR 13694:1999 Health Informatics

-Safety and security related software quality standards for healthcare (SSQS), CR

14301:2002 - Health informatics - Framework for security protection of healthcare communication, EN 12251:2004 - Health informatics - Secure user identification for health care - management and security of authentication by passwords, EN 13606-4:2007 Health informatics - Electronic health record communication - Part 4: Security (this part of the 6-part standard on electronic health record communication describes a methodology for specifying the privileges necessary to access electronic health record data). Other

standards include CEN/TR 15640:2007 - Health informatics - Measures for ensuring the

patient safety of health software, CEN ISO/TS 14265:2013 Health Informatics -Classification of purposes for processing personal health information (ISO/TS 14265:2011) - defines a set of high-level categories of purposes for which personal health information can be processed, EN ISO 27789:2013 Health informatics - Audit trails for electronic health records (ISO 27789:2013), specifies a common framework for audit trails for electronic health records, in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.

Such standards in Bulgaria are not yet developed. Some of the standards of CEN/TC 251 are acknowledged but actually they are not applied.

The third activity concerns the legal issues. The general aim of the legal issues is to (1) define the rights of the individuals concerning their health and medical data, created or maintained as a part of the treatment process; (2) to define the rights and the responsibilities of the individual who creates or maintains individually identified health or medical information created during a treatment process; and (3) to introduce effective mechanisms for fulfillment of points (1) and (2).

Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. The Department of Health and Human Services (HHS) published a final Security Rule in February 2003. The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. The Patient Safety and Quality Improvement Act of 2005 (PSQIA) was published on November 21, 2008, and became effective on January 19, 2009. It states the requirement of adoption of national standards for electronic health care transactions and code sets, unique health identifiers, and security. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

In Europe act the Convention 81/108/EC [3] for the protection of individuals with regard to automatic processing of personal data and Directive 95/46/EC [4] (known as Data Protection Directive) on the protection of the individuals concerning their personal data and the movement of these data. The health and medical data are discussed in Recommendations R(97)5 [5] of the Council of Europe. Directive 2002/58/EC [6] of the European Parliament and of the Council of 12 July 2002 concerns the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). This Directive is also known as E-Privacy Directive. This is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Directive 95/46/EC. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2006/24/EC [7] on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. Directive 2009/136/EC [8] of the European parliament and of the Council of 25 November 2009 amends Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

On 2 July 2008, the Commission adopted a proposal for a directive of the European Parliament and of the Council on the application of patient’s rights in cross-border healthcare. The proposal was sent by the Commission to the EDPS for consultation, in accordance with Article 28(2) of Regulation (EC) No 45/2001. Commission Decision of 22 December 2011 2011/890/EU provides the rules for the establishment, the management and the functioning of the network of national responsible authorities on eHealth. In January, 2012 a proposal for a new legal framework for the protection of personal data in the EU as set out in Communication COM (2012) 9 final [11] was made. This concernes the Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Commission Decision of 18 April 2012 2012/200/EU amends Decision 2004/452/EC laying down a list of bodies whose researchers may access confidential data for scientific purposes (notified under document C(2012) 2291).

In a number of states (Finland [12], New Zealand [13], United Kingdom, Canada [9], Ireland [14]) act different legal issues and regulations.

The majority of physicians (88.6%) and the majority of nurses (80.9%) consider that in Bulgaria the legal issues concerning privacy and confidentiality of medical data are inadequate. In 1999, 91.8% of the physicians state that special measures are needed concerning the protection of electronically preserved medical data. The results of our study in 2011 show that this result hasn’t changed, 85.6% of the physicians and 78.7% of the nurses consider that special measures are needed for the protection of electronically preserved medical data. The measures proposed by the respondents can be combined into several categories: passwords, coding, access codes, digital signature, special legislation, European legislation. These categories are of different nature. Some of them envisage legal issues, which in Bulgaria are not yet resolved. On the other hand, there are security measures concerning information technologies used in these area – digital signatures, access codes etc.

The security measures originate along with the confidentiality measures but substantially differ from them. They concern the health system and are related to the responsibilities of the health organization and its functional requirements. The security of health and medical data involves such issues as patient and user identification, access control, availability and reliability, data integrity, responsibility, audit, control, physical security of the equipment etc. The real problem is that most of them go in parallel and depend on the confidentiality measures. In order to introduce proper security measures, all these issues should be initially legally solved.

Besides the question of user identification which solution depends mainly on technologies, the main question that must be solved with utmost attention and precision is the assignment of access rights to health and medical patient data. Access rights should be assigned on the basis of precise analysis of the needs and requirements of the users (user aspect) for access to the different sets of medical data (data aspect) in relation to the healthcare institution (institutional aspect). This requires a proper definition of the levels of medical data for access by the different healthcare providers and other personnel in and out the healthcare institution. We can propose an example of criteria for the access of different healthcare providers to the different types of data in the electronic medical record. The data contained in the electronic medical record may be divided logically to five main categories:

- Unidentified data suitable for different clinical and epidemiological surveys. Although without any personal information, the use of this data should be in respect to the principles of informed patient consent.

- Partially identified administrative/financial data (diagnoses, procedures, treatment, hospital stay) for use by the accountant and administration personnel of the healthcare organization. Access should be granted with respect to the appropriate high level of confidentiality.

- Identified data representing the current health status of the patient (chronic diseases, allergies, risk factors, current treatment, other sensitive information i.e. diagnosis AIDS etc.) that can be accessed by specified healthcare providers in cases of emergency or in emergency settings.

- Identified data concerning current episode of care available to the treating physician and if necessary to other healthcare providers in the same health institution. If not vitally important, access should not be granted to external personnel.

- Identified data concerning the patient status as a whole. Practically this is the entire medical record. Access to this data should be granted only to the patient’s personal physician who is responsible for the overall health status of the patient and the patient himself.

efficiency of the protection of patient’s data and the costs of the technologies. Special attention should be paid to such important issues as:

- The restriction or prohibition of physicians’ access to information, necessary for medical decision making arising from the patient’s right for privacy;

- The purchase of the security technologies in the information system environment;

- Prices for current management, operation and maintenance of the information system;

- Prices for user dissatisfaction generated as a result of improper operating interfaces and procedures;

- Prices for the time spent by the user for fulfilling the security requirements etc.

The contradiction of these aspects is evident. If all security measures are in conformity with the confidentiality measures and fulfill the requirements for protection of patient’s rights for privacy, they will be both excessively expensive and restrictive. Therefore the healthcare organizations should aim to implementation of balanced measures concerning the actual threats to information security and the risks against unauthorized acts but on reasonable price. This will acquire appropriate education of managers, system maintenance personnel and above all users, including the patients themselves.

In general, confidentiality and security measures should be properly balanced. We can point to two different categories of factors that influence both confidentiality and security. On one hand there is the patients’ attitude as well as the general opinion, fed by the mass media and other factors bringing up the fear that computerization would violate the patient’s rights for privacy. There are still individuals who consider that the paper medical record is much more secure and protected than the electronic medical record. On the other hand, we can point out to at least three issues against confidentiality and security:

- The confidentiality may restrict access to vital medical information and therefore obstruct the delivery of proper healthcare thus causing negative influence on quality of care;

- The strict confidentiality and security measures may prove too hard for the user of medical data;

- Confidentiality and security may require enormous financial and human resources.

Our opinion is that currently it would be better to pay attention mainly to the security policy as hardware measures are still to be improved and security devices are still expensive.

Conclusion

- The emerging world of eHealth involves systems which hold increasingly detailed levels of clinical information that requires special measures for its protection.

- The patient’s rights for privacy are in the basis of all confidentiality and security measures.

- The adequate protection of health and medical information depends on the development of an adequate unified patient identifier and the adoption of adequate standards for confidentiality measures.

- The most substantial threat to the privacy of medical data comes from the shared use of this data by different healthcare providers and the inadequate legislation in this field.

- Hardware security measures are an important issue for the protection of patient’s rights but special attention should be paid to the security policy.

patient’s medical data should be aimed to finding ways to protect the sensitive medical data, stored and communicated electronically and not to obstruct the use of information and communication technologies in health organizations.

Bibliography

1. A patients charter for eHealth Information Systems, Prepared by the Patients’ and Citizens Working Group of the European Health Telematics Association (EHTEL), Brussels, 2008 2. ASTM, 1994, Membership Information Packet: ASTM Committee E31 on Computerized

Systems, Philadelphia, PA

3. Council of Europe Convention No.108 for the Protection of individuals with regard to Automatic Processing of Personal data, Strasbourg, 28 January, 1981

4. Council of Europe Directive on the Protection of Individuals with regard to the Processing of Personal Data, 95/46/EC, L.281/31-50, 23 November 1995. Official Journal of the EC, L-2985, Luxemburg

5. Council of Europe Recommendations R(97)5 on the protection of medical data , signed on 13.02.1997

6. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

7. Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks

8. Directive 2009/136/EC of the European Parliament and of the Council 9. EU/SO-GIS, document 030/95, March 16, 1995, the case of Canada 10. http://ec.europa.eu/information_society/eeurope/i2010/index_en.htm

11. Safeguarding Privacy in a Connected World – A European Data Protection Framework for the 21st Century, COM(2012) 9 final.

12. The Finish Act on Patients’ Legal Status and Personal Rights, 1993 13. The Privacy Act, New Zealand, 1993

14. The ePrivacy Regulations 2011 (S.I. 336 of 2011)

15. U.S. Senate. S 1360: Medical records Confidentiality Act of 1995, 1995

Assoc. prof. Iskra Mircheva, PhD,

Head Dpt Social medicine and healthcare organization,