Upload
iums
View
0
Download
0
Embed Size (px)
Citation preview
ORIGINAL PAPER
Adopting Confidentiality Principles for Electronic HealthRecords in Iran: A Delphi Study
Mehrdad Farzandipour & Maryam Ahmadi &Farahnaz Sadoughi & Iraj Karimi irajk
Received: 6 June 2009 /Accepted: 19 August 2009# Springer Science + Business Media, LLC 2009
Abstract A growing capacity of information technologiesin collection, storage and transmission of information hasadded a great deal of concerns since electronic records canbe accessed by numerous consumers at various locations.Thus, the basic question is “what kind of Model is suitablefor guaranteeing the confidentiality of EHR information inIran?” The present study is a descriptive investigationmade in Iran in 2007. Based on the collected data thepreliminary model was designed and it was assessedthrough questionnaires and Delphi Technique and finallythe noted model was designed and proposed. The findingsshowed the experts emphasize patient’s consent for collect-ing, using and releasing information in electronic healthrecords. A comprehensive model is presented in six pivots.data ownership, inclusion of information accessibility lawsin all organizations, responsibility for inaccessibility toinformation, and the conditions for movement of dataabroad, have been confirmed as new dimensions addedbased on this study in the model.
Keywords Confidentiality principles . Confidentialitymodel . Electronic health record . Information confidentiality
Introduction
Nowadays, developing electronic health records is one ofthe priorities in many countries. This electronic capacity tocollate, share, match and manipulate information generatesrisks as well as benefits [1]. Taking these risks into account,one of the most significant factors to be considered indesigning an electronic health record is to create a suitable‘infrastructure’ for health information[2]. The properperformance of this infrastructure relies heavily on healthinformation confidentiality and security principles [3].
The growing capacity of Information and Communica-tion Technologies in collecting, storing and transmittinggreat amounts of information has added considerableconcerns. Health service users are concerned that informa-tion technology (IT) and EHRs make their personalinformation accessible by a greater number of individuals[4, 5]. The studies in the United States (2004), show thatsecurity and confidentiality issues are the greatest obstacleto the administration of computerized record systems anddissemination of data [6]. The investigations made in Iran(2005) indicate that in most cases there are no certain lawsfor the disclosure of the health information.
The absence of clear directions for the patients’information confidentiality has made medical record depart-ments act haphazardly and consequently ignore thepatients’ rights. A study in Iran by Meidani (2003) alsoindicates that the health information management (HIM)departments do not meet the confidentiality criteria in thehospitals of Iran [7]. In some countries, however, civil andpenal punishments are exercised for those who offendagainst EHR confidentiality principles [8].
M. FarzandipourKashan University of Medical Sciences,3rd km. of ravand- Kashan Highway,Kashan, Irane-mail: [email protected]: [email protected]
M. Ahmadi : F. Sadoughi (*) : I. Karimi irajkIran University of Medical Sciences,Tehran, Irane-mail: [email protected]
M. Ahmadie-mail: [email protected]
I. Karimi irajke-mail: [email protected]
J Med SystDOI 10.1007/s10916-009-9370-x
Electronic health discussion started with the approval ofTAKFAB project in Iran, Ministry of Health, Treatment andMedical Education in 2001. Further related studies revealthat TAKFAB measures have not been truly national orhave remained unfinished [9].
Dispersed activities are presently done in relation tohospital information systems in Iran. The potentials andneeds for sharing information hardly taken into account inthese systems and all of them supplied in non-shareableformats [10]. Thus, one of the basic issues of EHR is thatpatients can see their electronic records, and in the futureeach citizen will be able to observe his/her EHR withproper confidentiality and security precautions [9]. Theestablishment of private limits and security for informationcauses people to be able to control their personalinformation and to guarantee its confidentiality and security[11].
Considering these serious concerns among both scholarsand people and a recent decision made by the Iran’s Ministryof Health, Treatment and Medical Education to apply IT tohealth and the development of electronic health records foreach individual, confidentiality is inseparable part ofelectronic health record architecture, and its technical andexecutive principles must be thought of. Therefore generalstandards of information security and confidentiality man-agement as well as specific standards in health domain areutilized. In addition more guidelines and rules for thisspecific context need to be compiled and developed and thestudy of EHR confidentiality and privacy policies is one ofcrucial steps to take in Iran [12].
Objective
With regard to the recent attention of the Ministry ofHealth, Treatment and Medical Education, to establishingEHR for each Iranian and to the concerns about informationconfidentiality and privacy, it is necessary to provide andcompile EHR confidentiality principles and use othercountries, experiences. Thus, the basic question of thisstudy is, “what kind of Model is suitable for guaranteeingthe confidentiality of EHR information in Iran?
Methods
This descriptive study has been made in Iran in 2007. Itcomprises three phases as follows:
Phase one: Comparative study
As the first step, we made an investigation on the model ofconfidentiality principles for EHRs in Australia, Canada
and England, and then compared these principles in sixaxes including:
Data collection conditions: individuals awareness,collecting personal information from some one elseData usage principles: use and none use of individualshealth information with consent and without consent ofpatientInformation disclosure principles: disclosure and nonedisclosure of individuals health information withconsent and without consent of patientAccess to information principles: access and no accessto health information in some casesInformation Maintenance conditions, and finally re-sponsibilities of EHR custodians: Responsible person,transference of health information abroad.
The decision on the selection of these countries wasmade based on available library and internet resources,consultations with HIM specialists in Iran, and consider-ation of the following aspects [2, 3, 13–17]:
1. National effort to developing Electronic health recordsand its Infrastructure
2. Expansion of designing and trail accomplishment scopeof Electronic Health Records
3. Cooperation of private section along with governmentalsection in designing and;
4. Suitable investment in designing and developing ofElectronic Health Records.
Phase two: Designing preliminary model
In order to design a preliminary pattern we made first acomparison between the selected countries based on thecollected data in the six major axes mentioned before. Therepetitious items once included and others were excludedfrom the proposed pattern, also dissimilar items wereincluded in each axis. Then we had the newly designedmodel evaluated by professionals.
Phase three: Testing the reliability of the questionnaireand validity of the proposed model
To develop the proposed model we used DelphiTechnique. To do this first a questionnaire wasdesigned. In this questionnaire for each item in everyaxis, three options were considered namely agreed,disagreed and neutral. Three open-ended questions werealso included for the specialists to add their probableviewpoints. Although the collected data had beenextracted from the reliable sites of the selected countries,
J Med Syst
we decided to assess the validity of the proposedquestionnaire.
In order to do so the questionnaires were administered toa number of the academic professionals, medical recordspecialists and health information administrators, and theywere asked to complete them. After we received thecompleted questionnaires, some items were included basedon the professions’ viewpoints as an answer to the open-ended questions. The final questionnaire was administeredto a number of specialists. After 10 days the questionnaireswere given to same individuals and asked to answer themagain. In both steps, the tools and method of data collectionwere approved by the specialists. In addition, the reliabilityof the questionnaire was determined by Brown Pearson’sMethod (with 95% of confidence co efficiency).
After testing the reliability of the questionnaire ofproposed model, we used the first stage of DelphiTechnique. In this stage the questionnaires were sent to 35specialists including faculty members of universities inMedical Record Departments, Health Information Admin-istrators in medical universities and professionals in Medicolegal Organization. The questionnaires were either sentthrough post or forwarded through e-mail. Thirty-fourparticipants completed the questionnaires.
To analyze the collected data, we applied descriptivestatistical methods. And by the application of DelphiTechnique, the items in the model which had beenapproved by less than 50% of the experts were excludedand those approved by75% of professionals or more wereadopted. Those items from the model approved by 50 to74% of the participants as well as their recommendeditems based on open questions were identified. Weclassified these recommended items base on their theme,then inserted in their axes and assessed in the second stageof the Delphi Technique to achieve a consensus. In thesecond stage of the Delphi Technique, questionnaires weresent to the same 35 professionals, and from this number 30participants completed the questionnaires. After theanalysis of the collected data, the following results wereachieved.
Results
Results related to reliability of the model
Based on the findings in the first stage, about 65% of thespecialists were women and about 35% of them were men.50% of the participants were between 25 and 34 years oldand the rest were between 35 and 54. About 56% of themwere with 3 to 9-year work experience and 44% with 10-year or more. Sixty-five percent were at M.A. level, 20%were at B.A. level that eight persons were from medico-
legal organization and 15% had Ph.D. The field of study ofabout 85% was ‘Medical Records’ and 15% was ‘HealthInformation Management’. Seventy-four percent were afaculty member of universities while about 26% were not.
In the second stage, about 60% of the specialists werewomen. Fifty-three percent of the participants were be-tween 25–34 years old and the rest were between 35 and54. About 60% of them were with 3 to 9 years workexperience and 40% with 10-year or more.23% were at B.A. level, 67% were at M.A. level and 10% had Ph.D. thefield of study of about 90% was Medical Records and 10%was Health Information Management. Sixty percent werefaculty member and 40% were not.
According to the specialists’ in Iran, the collection ofinformation with the one’s consent and also for legal action,the awareness of the individual of the manner andconditions of collection and disclosure, the conditions ofcollection from someone else and the organization’sobligation not to disclose the personal information withoutthe one’s consent have been highlighted (Table 1).
The specialists’ emphasize using health information withthe patient’s consent, and refraining from the release ofinformation for purposes outside the care and treatmentcycle without the individual’s consent.Table 2 shows axes 2and 3 (Table 2).
The experts’ emphasize the individual’s access to theinformation in electronic health record based on request andunavailability of information in certain conditions (Table 3).
The experts’ emphasize the need for a written policyregarding the maintenance of health information, all kindsof access to it and retrieval of data from electronic healthrecords (Table 4).
The professionals in Iran made an emphasis on devel-oping administrative, technical and physical safeguards andmaking all information agents aware of these requirements(Table 5).
In the second stage of Delphi Test, the experts approvedthe disclosure of health information by the one whoreceives information with patient’s consent for a purposeother than what the collection of information is intended(Table 6).
Discussion
Data collection
The comments put by the experts emphasis on thecollection of health information with one’s consent andonly with his or her consent. American Health InformationManagement (AHIMA) believes that the documents relatedto patients or his custodian’s consent should be included inthe patient’s health records [13].
J Med Syst
Zahedifar’s investigation (2002) in Esfahan, Iran con-cluded that in all the hospitals with a manual system,consents in the back of the admission sheet should bereceived from the patients [18]. Taheri, H (1998) in hisarticle “Is the Physician a Guarantor?” states that thephysicians are required to obtain a clearance from a patientor his guardian before the treatment [19].
On the other hand, the study by Mohammadpour (2006)showed that there is not too much conformity betweenhospital standards in Iran and international standards forpatient rights (58% of the standards are not in congruity)[20]. This indicates that the Iran’s Ministry of Health,Treatment and Medical Education has not set any standardsconcerning conditions for collecting information in thepatients’ rights and their informed consent. Sarbaz, M.(2002), in addition, argues that a great number of patients’absolute rights have not been considered in Iran’s rightcharter including the right of consent in treatment and thepatient’s right privacy [21].
As a result, in spite of the great emphasis by expertson the need for obtaining the patient’s consent for thecollection of health information in EHRs, there are nowell-organized principles in Iran. These facts have made
HIM departments in this country act haphazardly, andbreach the patients’ rights in some cases. Therefore,considering the inauguration of EHRs by the Iran’sMinistry of Health, Treatment and Medical Education itis recommended that a comprehensive electronic consentform be designed, the patient get aware of the reasonsfor information collection before or during collecting it,and finally the patient’s consent be taken into accountas the necessary condition for the collection of theinformation.
Data usage
Professionals in Iran emphasize that health informationmust not be used without the patient’s consent. They alsoemphasize the use of health information for current careand treatment without the patient’s consent.
Kluge (1995) in an investigation in Australia argues thatthe data in the records should be used for authorized legalobjectives [22]. Behnam, S. in his study (2005) concludedthat the patient’s consent to use the information in therecords for care and treatment is not required [15]. Thesefindings are in line with the results in this study.
Table 1 Conditions for collection of information from EHR from the professionals’ point of view (in the first stage of Delphi technique)
Items agreed on by 75% or more
According to law and limited to required data to achieve legal objectives Collection of InformationFrom the individual with his consent and only from that person
To make or defend a lawful or fair claim
In case that the individual’s personal privacy is not violated
With the individual’s express consent for purposes outside the care cycle except with legal permission
The identity of the organization that collects information and how to contact it Individual’s awareness ofThe ability to gain access to the information
The purposes for which the information is collected
The organizations to which the information will be disclosed
The law that requires the particular information to be collected
The main consequences for the individual if the information is not provided
The types of information that is to be collected about that individual
To prevent or reduce the serious threat to the life and health of any individual Collection personal informationfrom some one elseIf the individual is not able to consent
If the individual is not able to give a written consent
With permission from the individual whom data are about
If a legal representative is determined as a substitute by the individual
If there is a possibility for collecting inaccurate information from the patient
In it is not possible to collect practical collection of information from the individual whom the data areabout
Organization’s commitment not to disclose the individual’s information without his consent
If the one who collects information supposes the existence of patient’s implicit consent in reasonableconditions except that he or she withdraws the implicit consent by delivering a note
Items agreed on by 50% to 75%
Collection of Information only to fulfill the organization’s duties or activities such as health service delivery
If permanent information are not identified before their disclosure with reasonable steps of the organization which collects data
J Med Syst
However, the study by Behnam indicates in the majorityof the cases there are no certain principles to use healthrecords in manual system [15]. Farzandipour’s investigation(1995) shows that the access by physicians and other healthpractitioners to health records in order to deliver health carein manual system has been made possible in most cases bytheir request and it has been in proportion to their
responsibility and their authority in hospital management.The use of health records by government offices in manualsystems by their request and hospital management’spermission and some units it has usually been possiblewithout their permission [23]. These findings indicate thatwhat is usually going on in Iran is not in line with theexperts’ viewpoint who participated in this study.
Table 2 Principles of use and disclosure of health information in EHRs from professionals’ point of view (in the first stage of Delphi technique)
Items agreed on by 75% or more
Non use or disclosure of health information Non use of health information without the individual’s consent
For purposes outside the cycle of care and treatment except with the individual’s consent
For a person, board or agency other than the patient except with the one’s awareness orconsent
Use or disclosure of the individual’s healthinformation
For purposes outside the cycle of health and treatment by law or to safeguard the publicinterest
Suits by public sector
To leave a note in the individual’s record indicating the use or disclosure of information
Use or disclosure of the individual’s healthinformation with no consent
For prevention, detection, investigation, prosecution or punishment of criminal offences
For enforcement of laws relating to confiscation to the proceeds of crime
For determination of health care costs or investment for the payment
To guarantee the quality and standards
To communicate with the individual’s relative or friend for the cases that the individual isincapable of consenting
To lessen or prevent serious threat for the life or health of the individual or others
To audit the information in case that the information is destroyed immediately after the audit
To train health service providers
For the custodian or a person nominated by the individual, if the individual is incapacitated orunable to consent
To deliver an appropriate care or treatment to the individual
For the individual’s attorney limited to the extent needed or permitted
To fulfill the objectives of research with the patient’s name in anonymity
For another custodian to prevent fraud and malpractice, plan, monitor, evaluate, to allocateresources and prescribe certain drugs
To supervise the public health or other public health objectives
To assist the service-provider to fulfill the duties or to develop public health system
The enforcement of civil and penal fines for unauthorized disclosure of the patient’s health records
Items agreed on by 50% to 75%
Non use or disclosure of health information By the one who receives the information for a purpose other than what the information is intended tobe given
Use or disclosure of the individual’s healthinformation
If the custodian of information is justified
Just for certain purposes when needed
Items agreed on by less than 50%
Use or disclosure of the individual’s healthinformation
For purposes outside the cycle of care and treatment in case that it is not possible to get theindividual’s consent before the use or disclosure
Suits by private sector
Use or disclosure of the individual’s healthinformation with no consent
To change the information in order to hide the identity of the individual
For direct marketing
For the one’s family members
For others who have an intimate relationship with the patient
For the applicant for health information of the deceased person
J Med Syst
Data disclosure
The professionals in Iran confirmed the disclosure ofelectronic health information for purposes outside the cycleof care and treatment under law and to safeguard the publicinterest, or the release of information under certainconditions. Also, they have recognized permissible todisclose information for courts only by public sectors andhave considered necessary to enforce civil and penalpunishments for unauthorized disclosure of patient’s healthrecords.
In a study by Kluge it is noted by that the patients’health records must not be released outwards except by theone’s formal consent or by legal authority or action inlegal procedures [22]. Based on the laws in South Wales,courts have no right to have an access to the records made
in private sectors [1]. In the United States, the state lawsforce both civil and penal punishments for breach ofconfidence [8]. These findings confirm the results of thepresent study.
Nevertheless, according to the investigations byBehnam and Farzandipour on patients’ records in amanual system, in most cases no certain principles canbe found in delivering and disclosing patients’ healthinformation [15, 23]. Zahedifar’s study indicates thatabout 9% of the studied units manage to obtain the patienta written consent to disclose information to insuranceorganizations, attorneys, public media and physicians whodo not work in that hospital [18]. Salahi’s investigation(1998) also shows only a percentage of 28.6 for thehospitals which possess guidelines for disclosure of healthinformation in manual system [24]. These findings again
Table 3 Principles of one’s access to information in EHRs from professionals’ point of view (in the first stage of Delphi technique)
Items agreed on by 75% or more
An access to his or her information on a request by the individual
That there is a serious and imminent threat to individual’s life or health No access to health information incaseThat there is a possibility for the disclosure of the individual’s information by someone else
Of disagreement with law
Of damage to prevention, detection, prosecution or punishment of criminal offences
Of damage to enforcement of laws relating to the confiscation of proceeds of crime
Of damage to public interest
Inclusion of laws related to access to health information for both private and public sectors
Inclusion of laws related to access to health information for maintained documents in an organization other than that providing health care
Items agreed on by 50% to 75%
That there is an unreasonable request to have an access No access to health information incaseThat the information relates to legal actions between the organization and the individual
Of transparency and openness and damage to organization objectives relating to negotiations with theindividual
Of data collection for peer investigations, Standard Committee or Risk Evaluation Management
The Individual’s access to all kinds of recorded information based on express need to know
Table 4 Principles of maintenance of information in EHRs from professionals’ point of view (in the first stage of Delphi technique)
Items agreed on by 75% or more
Protection of health information from misuse, damage, unauthorized access, modification or disclosure
Correction, completion and updating of health information
Maintenance of sufficient and relevant health information
The existence of appropriate yardsticks maintenance and easy access to health information
The existence of standards to maintain health information, guarantee the continuation and facilitate the access to information by authorizedpersons
The existence of written policies for maintenance of health information
Non qualification of organizations to delete clinical information before the time the law requires
The maintenance of the accesses to information and tracing the data in records
Items agreed on by 50% to 75%
Non maintenance of the one’s health information more than the required period of time
J Med Syst
show the nonexistence of any principles in this regard inIran in contrast to the selected countries and professionals’viewpoints participated in this study.
In summary, considering the studies made in Iran withinthese10 years, no certain principles can be found governingthe release of patients’ health records and the custodianshave been indifferent or unaware of the need for suchprinciples. In addition, considering the vital role of privatesector in health and treatment in Iran and a necessity for thesurveillance on the performance of private sector, despitethe specialists’ standpoint, it seems necessary that bothpublic and private sectors be responsible for requiredinformation by the courts. They should give the courts thepatients’ records if necessary. Moreover, legal principlesshould be set and implemented for punishing the unautho-rized disclosure of patients’ information.
Access to information
According to the specialists’ standpoints in Iran the one’saccess to his health information based on a request andbased on the express need to know is considered permitted.Nevertheless, some restrictions are deemed necessary forone’s access to his health information. In addition, theybelieved that it is necessary to enact the laws of one’saccess to health information for both public and privatesectors and any organizations other than the health careprovider institute.
According to the findings in Australia (2000), privacyand access to health records were applied to records inprivate and public sectors and to the documents which werekept in an organization other than the care-deliveringorganization [25, 26]. American Hospital Association
Table 5 Responsibilities of custodians of information in EHRs from professionals’ point of view (in the first stage of Delphi technique)
Items agreed on by 75% or more
To assess privacy impact of health information on collection, use and disclosure
To protect health information in their release and transmission from unauthorized destruction, use, modification, access or disclosure
To follow and implement policies and related legal actions
To designate a contact person to help ensure compliance with the legislation
To notify the individual of the use or disclosure of health information without the one’s consent and to seek the one’s consent if the use ordisclosure is to continue
Explicit access of public to policies and confidentiality procedures
To establish appropriate security safeguards by custodians who entrust health information to information management
To establish administrative, technical and physical safeguards and to ensure that information agents are all aware of all them
To maintain administrative, technical and physical safeguards
To ensure that the information is correct, complete and up-to-date
To disclose the information to the person authorized to receive the information
To apply appropriate sanctions for willful contraventions of these privacy requirements
To make required warnings about restrictions on information disclosure in records
Acceptance of Responsibility For the patient as data owner
To establish a board to supervise the confidentiality of information
Forbiddance of transferring health information for countries without sufficient protective levels of information confidentiality
It is legal and required to receive information and to follow theinformation transference laws
Transference of health information abroad in case
Of one’s consent to transfer the information
Of information transference to the one’s benefit
Service-provider The responsibility for the absence of a quick access to health informationfor the patient’s care byHealth information custodian
Information confidentiality supervision board
Items agreed on by 50% to 75%
Authority to refrain from giving the information to the patient if required or permitted to do so
For custodians of health information as data owners Acceptance of ResponsibilityFor the board supervising the confidentiality of information as dataowners
Items agreed on by less than 50%
Acceptance of responsibility For care-providers as data owners
Transference of health information abroad in case It is not possible to obtain one’s consent
The responsibility for the absence of a quick access to health information for the patient’s care by The patient
J Med Syst
Statement has announced that the patient has right to obtaincomplete information about the diagnosis and treatment ofhis illness from the physician, and when the patient isunable, the information must be given to someone who hasan intimate relation with the patient [27]. Kluge noted in hisinvestigation that the patient must have a right to access hiselectronic health information [22]. These findings are inline with the results of the present study.
Behnam’s investigation shows that in Iran the patientsare rarely talked with about his illness, medications andtreatment progress and in most cases the patient has noaccess to his medical information in manual system [15]. Inan investigation, Zahedifar indicated only in 36.4% ofunits, patients are permitted to have an access to theirrecord physicians’ diagnosis in manual system when theyare in appropriate mental conditions [18]. The investigationby Health Institute in South Wales (1999) on the problemswith clients’ access to records indicates the clients have alittle or no access to records in hospitals or through familyphysicians [28]. This finding is not in line with the resultsof this study.
It appears that in order to safeguard the patients’ rights,the need for patients’ access to their health recordinformation should be considered by all organizations,whether public or private. Therefore, it is recommendedthat in designing EHRs, a unique health identifier beconsidered for each client and the manner of the patient’saccessibility to his own health information and its mecha-nism be taken into consideration. Because the patients’awareness of his heath record information creates a fair andbetter relationship between the patient and the physician,promotes informed consent, guarantees the maintenance ofcare by different care providers and gives the patient agreater control over one’s health [29].
Information maintenance
The findings of the investigation emphasis on correctness,completeness and timeliness of the health information, andpermissible to maintain the one’s health record more thanthe required time if needed by the organization custodian ofthe information.
Table 6 Principles of confidentiality of information in EHRs from professionals’ point of view (in the second stage of Delphi technique)
Items agreed on by 75% or more
Conditions of health information collection
To fulfill the objectives and activities of that organization Data collection by organizationProvided that the information is anonymous before disclosure by the organization that collects theinformation
Principles of health information use
When required for certain purposes if the custodian of information is justified about the need for useof that information
Use of health information without one’sconsent
To determine the patient’s state of health to receive current health care
Principles of disclosure of information in EHR
the disclosure of health information by the one who receives information with patient’s consent for a purpose other than what the collection ofinformation is intended
Principles of one’s access to his health information
The accessibility to information by the individual except The information is collected for evaluation and Standard Committee
The Individual’s access to all kinds of recorded information based on express need to know
Conditions of maintenance of health information in the organization
Until the legal time voted Maintenance of the individual’s healthinformationLonger than the legal time if needed by the organization custodian of the information
Punishments for destruction of electronic records before their legal time
Responsibilities of health information custodians
Giving the ownership of data in electronic health records to the patient as well as health information custodians
Giving the ownership of data in electronic health records to the patient as well as the information confidentiality supervision board
Items agreed on less than 50%
The request for an access to information is frivolous and unreasonable The accessibility to information by theindividual exceptThe information is related to legal actions between the individual and organization and the access to
the information breaches the rights
It leads to transparency and openness and a damage to organization objectives relating tonegotiations with the individual
Delivering the patient’s health record to him if destruction of the record is required by law
Authority to refrain from giving the information to the patient if required or permitted to do so
J Med Syst
Anderson (1997) in his security principles has noted thatno one is permitted to eliminate the clinical informationexcept that their time period is expired [30]. Davis andLacour (2002) state that data must be correct in order to beuseful. If the data are not accurate, incorrect implicationsand knowledge may be transmitted to consumers. Thecompleteness of data refers to collecting and recording datain its all details. Information must also be up-to-date whendelivered [31]. These findings approve the results of thepresent study.
Salahi, however, concluded in his study that in Iran thereis no approach for the destruction of the paper records, andthe instructions for the period of records maintenance werefollowed in only 11.5% of cases [24]. Therefore it issuggested that a database be developed for EHRs in eachprovince. They should have the capability to maintain allthe clients’ health information for the legal time required.
Safeguarding the records from destruction and prevent-ing from manipulation or deviation of information until therequired time seem to be quite necessary. Considering thenonobservance of the present principles in manual records,the punishments are quite necessary for the individuals ororganizations which illegally decide to destroy or to wipeout the records or even are careless in maintenance ofcomputerized records.
Responsibilities of custodians
The specialists’ standpoints emphasis on public access topolicies and procedures of privacy in electronic healthinformation records. they also make an emphasis on someother item such as, giving the ownership of the data to thecustodians of the health information and the InformationConfidentiality Supervision Board as well as the patient, theforbiddance of transmitting the health information tocountries without sufficient levels of protection for infor-mation confidentiality, transmission of health informationabroad under certain conditions, and finally the responsi-bility for the absence of a quick access to healthinformation to take care of the patient by care provider,information custodian and Information ConfidentialitySupervision Board.
The studies made indicate that according to the currentlaws in Australia, patients are not the owners of theirrecords. In the United States, the problem of ownership ofdata in electronic records has not been resolved [32]. Datamaintenance directive by the European Union in October in1998 forbids the movement of information to countrieswithout sufficient protection levels except it is donethrough patient’s consent [33]. Fuller and Jeffries (2001)cite the responsibilities of health information managementin safeguarding the information as to get aware ofinformation confidentiality laws, to enact laws and to
manipulate the contents in each medical record [34]. DenisCallahan (2001) in his article ‘The New Privacy Officer’sGame Plane’ notes that the requirements of health serviceorganization for the person responsible for confidentiality isdifferent from other occupations, and because of theirtrainings and experiences, practitioners in health informa-tion management have most of the required skills [35].
In addition, the investigation by Behnam indicated thatin Iran there are practitioners in hospital responsible forissues such as accuracy and completeness of the informa-tion, educational programs for staff’s familiarity withinformation confidentiality, and observance of the lawsrelated to safeguarding the security of information inpatients’ records [15]. According to the investigation byZahedifar, before starting to work, medical records person-nel get familiar with their tasks and responsibilitiesconcerning the confidentiality [18].
All in all, it seems that in order to protect and maintainthe patients’ health records in Iran, individuals should betrained as medical record specialists who will be responsi-ble for patients’ medical records. These practitioners mustundertake the responsibility for the patients’ ElectronicHealth records in the future, and the competent authoritiesmust not only set the required legal principles, completeand rectify job description for these personnel but alsorecognize them as custodians of electronic health recordsand as those responsible for observing and following lawsrelated to information confidentiality. However, as theownership of the data in electronic records has not beensolved completely, and because of the nature of EHRs, itseems necessary to pay attention to the custodianship of theelectronic health records instead of the ownership of theirdata.
Conclusion
According to the findings by the present investigation, acomprehensive model of the electronic health recordconfidentiality principles is presented for Iran in six pivots.This model is a collection of EHR confidentiality principlesfrom studied countries. Each of the subject countries usesonly part of this new model.
The common aspect of Iran’s model with the models inselected countries is the focus on the pivotal role ofpatient’s consent in the principles of confidentiality inelectronic health records. The differences with studiedcountries model is that, the use and disclosure of healthinformation for marketing and purposes outside the cycle ofcare and treatment without patient’s consent, familymembers or someone who has an intimate relation withthe patient was not approved by Iranian professionals; theindividual must be have an access to his/her health
J Med Syst
information in some cases; and finally the health informa-tion must not be kept more than the required time by law.
In addition, punishment for disclosure or destruction ofelectronic health information, data ownership, inclusion ofstatutes related to access to information in all organizations,the responsibility for inaccessibility to information and themovement of information abroad have been confirmed asnew dimensions added based on this study.
Because the EHR issue and its confidentiality is novel inIran, more research in this field must be carried out. Basedon the results of the current study and researchers’experiences, the weakness of the electronic health systemsin Iran in this field consists of:
1. Data collection conditions2. Data use principles3. Information disclosure principles4. Principles of information access5. Information maintenance conditions
On the other hand, it seems that attention to Duties ofhealth information custodians of current medical informa-tion systems in the health centers of Iran is the sole strengthof current systems. Thus there are many gaps betweencurrent situation and the desired EHR confidentialityprinciples in Iran.
Considering the new approach of Ministry of Health,Treatment and Medical Education towards the creation ofan electronic health record for each Iranian and the absenceof well organized, comprehensive principles for theconfidentiality of health records in Iran, it is recommendedto use the proposed model by the officials of the Ministry ofHealth, Treatment and Medical Education in general and,the ‘Statistic and Information Technology ManagementSector’ of Iran Health Ministry in particular.
Conflict of interest No conflicts of interest have been declared
References
1. Carter, M., Should patients have access to their Medical records.J. Med. Image Anal. 169:96–97, 1998.
2. Commonwealth of Australia, International approaches to theelectronic health record; 2003. http://www.healthconnect.gov.au/internet/hconnect/publishing.nsf/Content/43598FE37A3E7270CA257128007B7EB7/$File/v3–1.pdf. Accessed 2006.
3. National Committee on Vital and Health Statistics, Information forhealth; 2001. http://www.ncvhs.hhs.gov/nhiilayo.pdf. Accessed 2006.
4. Lyons, R., Payne, C., McCabe, M., and Fielder, C., Legibility ofdoctor’s hand writing: quantitative comparative study. BMJ.317:863–864, 1998.
5. Woodward, B., The computer-based patient record and confi-dentiality. N. Engl. J. Med. 333:1419–1422, 1995. doi:10.1056/NEJM199511233332112.
6. HIMSS, 2004 HIMSS National health information infrastruc-ture survey; 2004. http://www.himss.org/content/files/2004healthinfoInfrastructuresurvey.pdf. Accessed 2006.
7. Meidani, M., A Comparative investigation on standards ofmedical records in selected countries and Iran. Thesis, MedicalInformation Management Faculty, Iran University of MedicalSciences, Tehran; 2003
8. Aspen Reference Group, Health information management manu-al, 1st edition. Maryland, Aspen, 1999. p. 5:1.
9. Bitaraf, E., Riazi, H., and Fathi Roodsari, B., Comparative studyof electronic health in the word, 2/2nd edition. Ministry of Healthand Medical education, Tehran, 2007.
10. Riazi, H., Fathi Roodsari, B., and Bitaraf, E.,Electronic health record,concepts, standards and development approaches, Version 1.1.Ministry of Health, Treatment and Medical Training, Tehran, 2007.
11. Cornwall, A., Electronic health Records: an international perspec-tive; 2002. http://www.home.vicnet.net.au. Accessed 2006.
12. Itiran, Looking to progress path of electronic health records. 2008.Available from: http://itiran.com/?type=article&id=9999.Accessed 2009.
13. Farzandipour, M., Ahmadi, M., Sadoughi, F., and Karimi, I., Acomparative study on confidentiality principles of electronichealth records in the selected countries. Journal of HealthInformation Management. 5(2):139–149, 2009.
14. Commonwealth Department of Health and Aged Care, The benefitsand difficulties of introducing a national approach to electronic healthrecords in Australia; 2002. http://www.health.gov.au. Accessed 2006.
15. Behnam, S. A comparative study of accessibility levels andconfidentiality of medical records in selected countries. Thesis,Medical Information Management Faculty. Tehran, Iran Univer-sity of Medical Sciences, 2005.
16. CIHI, Privacy and Confidentiality of health information atCanadian institute for health information; 2002. http://www.secure.cihi.ca/cihiweb/en/downloads/privacy_policy_priv2002_e.pdf. Accessed 2006.
17. Department of Health and Human Services. 45CFRparts 160,162and 164 Health Insurance Reform: security standard; Final Rule;2003. Available from: http://www.hipaa.org. Accessed 2009.
18. Zahedifar, R., Study rate of respect for patients rights in MedicalRecords Units of Isfahan University of Medical Sciences. Thesis,Medical Information Management Faculty. Tehran, Iran Univer-sity of Medical Sciences, 2002.
19. Taheri, H., Is the physician a guarantor? J. Medicolegal Org.14:25–30, 1998.
20. Mohammadpour, A., A comparative study on the HospitalStandards of Ministry of Health and International Standards ofJoint Commission on Accreditation of Hospital. Thesis, MedicalInformation Management Faculty, Tehran, Iran University ofMedical Sciences, 2006.
21. Sarbaz Zarinabad, M., A comparative investigation of patients’rights charter in some selected countries and finding a suitablesolution for Iran. Thesis, Medical Information ManagementFaculty, Tehran, Iran University of Medical Sciences, 2002.
22. Kluge, E. H., Patients, patient records, and ethical principles. Medinfo. 8:1596–1600, 1995.
23. Farzandipour, M., An investigation on policies of deliveringmedical records in Tehran University’s Hospitals. M. Sc. Thesis,Medical Information Management Faculty. Tehran, Iran Univer-sity of Medical Sciences, 1995.
24. Salahi, M., An investigation on conditions of storage and retrievalof patients’ medical records in teaching hospitals of IranUniversity of Medical Sciences and their comparison withnational standards and standards in the US. Thesis, MedicalInformation Management Faculty, Tehran, Iran University ofMedical Sciences, 1998.
25. National Electronic Health Records Taskforce. A health informa-tion Network for Australia; 2000. http://www.health.gov.au/internet/hconnect/publishing.nsf/content/7746B10691FA666CCA257128007B7EAF/$File/ehrrept.pdf. Accessed 2006.
J Med Syst
26. National Electronic Health Records Taskforce, A national approach toelectronic health Records for Australia; 2000. http://www.healthconnect.gov.au/internet/hconnect/publishing.nsf/content. Accessed 2006.
27. Mcmiller, K., Brady being a medical record clerk. Prentice Hall,Englwood Cliffs, 1992.
28. Advisory Council on Health Infostructure, Canada Health info-way; 1999. http://www.hc-sc.gc.ca/hcs-sss/alt-formats/iab-dgiac/pdf. Accessed 2006.
29. Consumer’s Health Forum of Australia, The use of consumers’health information for research purposes. Consumers’ HealthForum of Australia, Australia, 1998.
30. Anderson, R. J., An update on the BMA security policy. Spring,Berlin, 1997.
31. Davis, N., and Lacour, M., Introduction to Health InformationTechnology. Saunders, Philadelphia, 2002.
32. Tang, P. C., and Hammond, W. E., A progress report on computer-based patient records in the United States. National Academypress, Washington, 1997.
33. European commission, European Union Directive. On theprotection of individuals with regard to the processing of personaldata and on the free movement of such data. EuropeanCommission, Brussels, 1995.
34. Fuller, B., and Jeffries, J., From DNA to data privacy. J. Am.Health Inf. Manag. Assoc. 72(3):46–50, 2001.
35. Callahan, D., The new privacy officer’s game plane. J. Am. HealthInf. Manag. Assoc. 72(6):26–32, 2001.
J Med Syst