ORIGINAL PAPER

Adopting Confidentiality Principles for Electronic HealthRecords in Iran: A Delphi Study

Mehrdad Farzandipour & Maryam Ahmadi &Farahnaz Sadoughi & Iraj Karimi irajk

Received: 6 June 2009 /Accepted: 19 August 2009# Springer Science + Business Media, LLC 2009

Abstract A growing capacity of information technologiesin collection, storage and transmission of information hasadded a great deal of concerns since electronic records canbe accessed by numerous consumers at various locations.Thus, the basic question is “what kind of Model is suitablefor guaranteeing the confidentiality of EHR information inIran?” The present study is a descriptive investigationmade in Iran in 2007. Based on the collected data thepreliminary model was designed and it was assessedthrough questionnaires and Delphi Technique and finallythe noted model was designed and proposed. The findingsshowed the experts emphasize patient’s consent for collect-ing, using and releasing information in electronic healthrecords. A comprehensive model is presented in six pivots.data ownership, inclusion of information accessibility lawsin all organizations, responsibility for inaccessibility toinformation, and the conditions for movement of dataabroad, have been confirmed as new dimensions addedbased on this study in the model.

Keywords Confidentiality principles . Confidentialitymodel . Electronic health record . Information confidentiality

Introduction

Nowadays, developing electronic health records is one ofthe priorities in many countries. This electronic capacity tocollate, share, match and manipulate information generatesrisks as well as benefits [1]. Taking these risks into account,one of the most significant factors to be considered indesigning an electronic health record is to create a suitable‘infrastructure’ for health information[2]. The properperformance of this infrastructure relies heavily on healthinformation confidentiality and security principles [3].

The growing capacity of Information and Communica-tion Technologies in collecting, storing and transmittinggreat amounts of information has added considerableconcerns. Health service users are concerned that informa-tion technology (IT) and EHRs make their personalinformation accessible by a greater number of individuals[4, 5]. The studies in the United States (2004), show thatsecurity and confidentiality issues are the greatest obstacleto the administration of computerized record systems anddissemination of data [6]. The investigations made in Iran(2005) indicate that in most cases there are no certain lawsfor the disclosure of the health information.

The absence of clear directions for the patients’information confidentiality has made medical record depart-ments act haphazardly and consequently ignore thepatients’ rights. A study in Iran by Meidani (2003) alsoindicates that the health information management (HIM)departments do not meet the confidentiality criteria in thehospitals of Iran [7]. In some countries, however, civil andpenal punishments are exercised for those who offendagainst EHR confidentiality principles [8].

M. FarzandipourKashan University of Medical Sciences,3rd km. of ravand- Kashan Highway,Kashan, Irane-mail: farzandipour_m@kaums.ac.ire-mail: Farzand_m@yahoo.com

M. Ahmadi : F. Sadoughi (*) : I. Karimi irajkIran University of Medical Sciences,Tehran, Irane-mail: f_sadoughi@yahoo.com

M. Ahmadie-mail: m_ahmadi24@yahoo.com

I. Karimi irajke-mail: irajk100@yahoo.com

J Med SystDOI 10.1007/s10916-009-9370-x

Electronic health discussion started with the approval ofTAKFAB project in Iran, Ministry of Health, Treatment andMedical Education in 2001. Further related studies revealthat TAKFAB measures have not been truly national orhave remained unfinished [9].

Dispersed activities are presently done in relation tohospital information systems in Iran. The potentials andneeds for sharing information hardly taken into account inthese systems and all of them supplied in non-shareableformats [10]. Thus, one of the basic issues of EHR is thatpatients can see their electronic records, and in the futureeach citizen will be able to observe his/her EHR withproper confidentiality and security precautions [9]. Theestablishment of private limits and security for informationcauses people to be able to control their personalinformation and to guarantee its confidentiality and security[11].

Considering these serious concerns among both scholarsand people and a recent decision made by the Iran’s Ministryof Health, Treatment and Medical Education to apply IT tohealth and the development of electronic health records foreach individual, confidentiality is inseparable part ofelectronic health record architecture, and its technical andexecutive principles must be thought of. Therefore generalstandards of information security and confidentiality man-agement as well as specific standards in health domain areutilized. In addition more guidelines and rules for thisspecific context need to be compiled and developed and thestudy of EHR confidentiality and privacy policies is one ofcrucial steps to take in Iran [12].

Objective

With regard to the recent attention of the Ministry ofHealth, Treatment and Medical Education, to establishingEHR for each Iranian and to the concerns about informationconfidentiality and privacy, it is necessary to provide andcompile EHR confidentiality principles and use othercountries, experiences. Thus, the basic question of thisstudy is, “what kind of Model is suitable for guaranteeingthe confidentiality of EHR information in Iran?

Methods

This descriptive study has been made in Iran in 2007. Itcomprises three phases as follows:

Phase one: Comparative study

As the first step, we made an investigation on the model ofconfidentiality principles for EHRs in Australia, Canada

and England, and then compared these principles in sixaxes including:

Data collection conditions: individuals awareness,collecting personal information from some one elseData usage principles: use and none use of individualshealth information with consent and without consent ofpatientInformation disclosure principles: disclosure and nonedisclosure of individuals health information withconsent and without consent of patientAccess to information principles: access and no accessto health information in some casesInformation Maintenance conditions, and finally re-sponsibilities of EHR custodians: Responsible person,transference of health information abroad.

The decision on the selection of these countries wasmade based on available library and internet resources,consultations with HIM specialists in Iran, and consider-ation of the following aspects [2, 3, 13–17]:

1. National effort to developing Electronic health recordsand its Infrastructure

2. Expansion of designing and trail accomplishment scopeof Electronic Health Records

3. Cooperation of private section along with governmentalsection in designing and;

4. Suitable investment in designing and developing ofElectronic Health Records.

Phase two: Designing preliminary model

In order to design a preliminary pattern we made first acomparison between the selected countries based on thecollected data in the six major axes mentioned before. Therepetitious items once included and others were excludedfrom the proposed pattern, also dissimilar items wereincluded in each axis. Then we had the newly designedmodel evaluated by professionals.

Phase three: Testing the reliability of the questionnaireand validity of the proposed model

To develop the proposed model we used DelphiTechnique. To do this first a questionnaire wasdesigned. In this questionnaire for each item in everyaxis, three options were considered namely agreed,disagreed and neutral. Three open-ended questions werealso included for the specialists to add their probableviewpoints. Although the collected data had beenextracted from the reliable sites of the selected countries,

J Med Syst

we decided to assess the validity of the proposedquestionnaire.

In order to do so the questionnaires were administered toa number of the academic professionals, medical recordspecialists and health information administrators, and theywere asked to complete them. After we received thecompleted questionnaires, some items were included basedon the professions’ viewpoints as an answer to the open-ended questions. The final questionnaire was administeredto a number of specialists. After 10 days the questionnaireswere given to same individuals and asked to answer themagain. In both steps, the tools and method of data collectionwere approved by the specialists. In addition, the reliabilityof the questionnaire was determined by Brown Pearson’sMethod (with 95% of confidence co efficiency).

After testing the reliability of the questionnaire ofproposed model, we used the first stage of DelphiTechnique. In this stage the questionnaires were sent to 35specialists including faculty members of universities inMedical Record Departments, Health Information Admin-istrators in medical universities and professionals in Medicolegal Organization. The questionnaires were either sentthrough post or forwarded through e-mail. Thirty-fourparticipants completed the questionnaires.

To analyze the collected data, we applied descriptivestatistical methods. And by the application of DelphiTechnique, the items in the model which had beenapproved by less than 50% of the experts were excludedand those approved by75% of professionals or more wereadopted. Those items from the model approved by 50 to74% of the participants as well as their recommendeditems based on open questions were identified. Weclassified these recommended items base on their theme,then inserted in their axes and assessed in the second stageof the Delphi Technique to achieve a consensus. In thesecond stage of the Delphi Technique, questionnaires weresent to the same 35 professionals, and from this number 30participants completed the questionnaires. After theanalysis of the collected data, the following results wereachieved.

Results

Results related to reliability of the model

Based on the findings in the first stage, about 65% of thespecialists were women and about 35% of them were men.50% of the participants were between 25 and 34 years oldand the rest were between 35 and 54. About 56% of themwere with 3 to 9-year work experience and 44% with 10-year or more. Sixty-five percent were at M.A. level, 20%were at B.A. level that eight persons were from medico-

legal organization and 15% had Ph.D. The field of study ofabout 85% was ‘Medical Records’ and 15% was ‘HealthInformation Management’. Seventy-four percent were afaculty member of universities while about 26% were not.

In the second stage, about 60% of the specialists werewomen. Fifty-three percent of the participants were be-tween 25–34 years old and the rest were between 35 and54. About 60% of them were with 3 to 9 years workexperience and 40% with 10-year or more.23% were at B.A. level, 67% were at M.A. level and 10% had Ph.D. thefield of study of about 90% was Medical Records and 10%was Health Information Management. Sixty percent werefaculty member and 40% were not.

According to the specialists’ in Iran, the collection ofinformation with the one’s consent and also for legal action,the awareness of the individual of the manner andconditions of collection and disclosure, the conditions ofcollection from someone else and the organization’sobligation not to disclose the personal information withoutthe one’s consent have been highlighted (Table 1).

The specialists’ emphasize using health information withthe patient’s consent, and refraining from the release ofinformation for purposes outside the care and treatmentcycle without the individual’s consent.Table 2 shows axes 2and 3 (Table 2).

The experts’ emphasize the individual’s access to theinformation in electronic health record based on request andunavailability of information in certain conditions (Table 3).

The experts’ emphasize the need for a written policyregarding the maintenance of health information, all kindsof access to it and retrieval of data from electronic healthrecords (Table 4).

The professionals in Iran made an emphasis on devel-oping administrative, technical and physical safeguards andmaking all information agents aware of these requirements(Table 5).

In the second stage of Delphi Test, the experts approvedthe disclosure of health information by the one whoreceives information with patient’s consent for a purposeother than what the collection of information is intended(Table 6).

Discussion

Data collection

The comments put by the experts emphasis on thecollection of health information with one’s consent andonly with his or her consent. American Health InformationManagement (AHIMA) believes that the documents relatedto patients or his custodian’s consent should be included inthe patient’s health records [13].

J Med Syst

Zahedifar’s investigation (2002) in Esfahan, Iran con-cluded that in all the hospitals with a manual system,consents in the back of the admission sheet should bereceived from the patients [18]. Taheri, H (1998) in hisarticle “Is the Physician a Guarantor?” states that thephysicians are required to obtain a clearance from a patientor his guardian before the treatment [19].

On the other hand, the study by Mohammadpour (2006)showed that there is not too much conformity betweenhospital standards in Iran and international standards forpatient rights (58% of the standards are not in congruity)[20]. This indicates that the Iran’s Ministry of Health,Treatment and Medical Education has not set any standardsconcerning conditions for collecting information in thepatients’ rights and their informed consent. Sarbaz, M.(2002), in addition, argues that a great number of patients’absolute rights have not been considered in Iran’s rightcharter including the right of consent in treatment and thepatient’s right privacy [21].

As a result, in spite of the great emphasis by expertson the need for obtaining the patient’s consent for thecollection of health information in EHRs, there are nowell-organized principles in Iran. These facts have made

HIM departments in this country act haphazardly, andbreach the patients’ rights in some cases. Therefore,considering the inauguration of EHRs by the Iran’sMinistry of Health, Treatment and Medical Education itis recommended that a comprehensive electronic consentform be designed, the patient get aware of the reasonsfor information collection before or during collecting it,and finally the patient’s consent be taken into accountas the necessary condition for the collection of theinformation.

Data usage

Professionals in Iran emphasize that health informationmust not be used without the patient’s consent. They alsoemphasize the use of health information for current careand treatment without the patient’s consent.

Kluge (1995) in an investigation in Australia argues thatthe data in the records should be used for authorized legalobjectives [22]. Behnam, S. in his study (2005) concludedthat the patient’s consent to use the information in therecords for care and treatment is not required [15]. Thesefindings are in line with the results in this study.

Table 1 Conditions for collection of information from EHR from the professionals’ point of view (in the first stage of Delphi technique)

Items agreed on by 75% or more

According to law and limited to required data to achieve legal objectives Collection of InformationFrom the individual with his consent and only from that person

To make or defend a lawful or fair claim

In case that the individual’s personal privacy is not violated

With the individual’s express consent for purposes outside the care cycle except with legal permission

The identity of the organization that collects information and how to contact it Individual’s awareness ofThe ability to gain access to the information

The purposes for which the information is collected

The organizations to which the information will be disclosed

The law that requires the particular information to be collected

The main consequences for the individual if the information is not provided

The types of information that is to be collected about that individual

To prevent or reduce the serious threat to the life and health of any individual Collection personal informationfrom some one elseIf the individual is not able to consent

If the individual is not able to give a written consent

With permission from the individual whom data are about

If a legal representative is determined as a substitute by the individual

If there is a possibility for collecting inaccurate information from the patient

In it is not possible to collect practical collection of information from the individual whom the data areabout

Organization’s commitment not to disclose the individual’s information without his consent

If the one who collects information supposes the existence of patient’s implicit consent in reasonableconditions except that he or she withdraws the implicit consent by delivering a note

Items agreed on by 50% to 75%

Collection of Information only to fulfill the organization’s duties or activities such as health service delivery

If permanent information are not identified before their disclosure with reasonable steps of the organization which collects data

J Med Syst

However, the study by Behnam indicates in the majorityof the cases there are no certain principles to use healthrecords in manual system [15]. Farzandipour’s investigation(1995) shows that the access by physicians and other healthpractitioners to health records in order to deliver health carein manual system has been made possible in most cases bytheir request and it has been in proportion to their

responsibility and their authority in hospital management.The use of health records by government offices in manualsystems by their request and hospital management’spermission and some units it has usually been possiblewithout their permission [23]. These findings indicate thatwhat is usually going on in Iran is not in line with theexperts’ viewpoint who participated in this study.

Table 2 Principles of use and disclosure of health information in EHRs from professionals’ point of view (in the first stage of Delphi technique)

Items agreed on by 75% or more

Non use or disclosure of health information Non use of health information without the individual’s consent

For purposes outside the cycle of care and treatment except with the individual’s consent

For a person, board or agency other than the patient except with the one’s awareness orconsent

Use or disclosure of the individual’s healthinformation

For purposes outside the cycle of health and treatment by law or to safeguard the publicinterest

Suits by public sector

To leave a note in the individual’s record indicating the use or disclosure of information

Use or disclosure of the individual’s healthinformation with no consent

For prevention, detection, investigation, prosecution or punishment of criminal offences

For enforcement of laws relating to confiscation to the proceeds of crime

For determination of health care costs or investment for the payment

To guarantee the quality and standards

To communicate with the individual’s relative or friend for the cases that the individual isincapable of consenting

To lessen or prevent serious threat for the life or health of the individual or others

To audit the information in case that the information is destroyed immediately after the audit

To train health service providers

For the custodian or a person nominated by the individual, if the individual is incapacitated orunable to consent

To deliver an appropriate care or treatment to the individual

For the individual’s attorney limited to the extent needed or permitted

To fulfill the objectives of research with the patient’s name in anonymity

For another custodian to prevent fraud and malpractice, plan, monitor, evaluate, to allocateresources and prescribe certain drugs

To supervise the public health or other public health objectives

To assist the service-provider to fulfill the duties or to develop public health system

The enforcement of civil and penal fines for unauthorized disclosure of the patient’s health records

Items agreed on by 50% to 75%

Non use or disclosure of health information By the one who receives the information for a purpose other than what the information is intended tobe given

Use or disclosure of the individual’s healthinformation

If the custodian of information is justified

Just for certain purposes when needed

Items agreed on by less than 50%

Use or disclosure of the individual’s healthinformation

For purposes outside the cycle of care and treatment in case that it is not possible to get theindividual’s consent before the use or disclosure

Suits by private sector

Use or disclosure of the individual’s healthinformation with no consent

To change the information in order to hide the identity of the individual

For direct marketing

For the one’s family members

For others who have an intimate relationship with the patient

For the applicant for health information of the deceased person

J Med Syst

Data disclosure

The professionals in Iran confirmed the disclosure ofelectronic health information for purposes outside the cycleof care and treatment under law and to safeguard the publicinterest, or the release of information under certainconditions. Also, they have recognized permissible todisclose information for courts only by public sectors andhave considered necessary to enforce civil and penalpunishments for unauthorized disclosure of patient’s healthrecords.

In a study by Kluge it is noted by that the patients’health records must not be released outwards except by theone’s formal consent or by legal authority or action inlegal procedures [22]. Based on the laws in South Wales,courts have no right to have an access to the records made

in private sectors [1]. In the United States, the state lawsforce both civil and penal punishments for breach ofconfidence [8]. These findings confirm the results of thepresent study.

Nevertheless, according to the investigations byBehnam and Farzandipour on patients’ records in amanual system, in most cases no certain principles canbe found in delivering and disclosing patients’ healthinformation [15, 23]. Zahedifar’s study indicates thatabout 9% of the studied units manage to obtain the patienta written consent to disclose information to insuranceorganizations, attorneys, public media and physicians whodo not work in that hospital [18]. Salahi’s investigation(1998) also shows only a percentage of 28.6 for thehospitals which possess guidelines for disclosure of healthinformation in manual system [24]. These findings again

Table 3 Principles of one’s access to information in EHRs from professionals’ point of view (in the first stage of Delphi technique)

Items agreed on by 75% or more

An access to his or her information on a request by the individual

That there is a serious and imminent threat to individual’s life or health No access to health information incaseThat there is a possibility for the disclosure of the individual’s information by someone else

Of disagreement with law

Of damage to prevention, detection, prosecution or punishment of criminal offences

Of damage to enforcement of laws relating to the confiscation of proceeds of crime

Of damage to public interest

Inclusion of laws related to access to health information for both private and public sectors

Inclusion of laws related to access to health information for maintained documents in an organization other than that providing health care

Items agreed on by 50% to 75%

That there is an unreasonable request to have an access No access to health information incaseThat the information relates to legal actions between the organization and the individual

Of transparency and openness and damage to organization objectives relating to negotiations with theindividual

Of data collection for peer investigations, Standard Committee or Risk Evaluation Management

The Individual’s access to all kinds of recorded information based on express need to know

Table 4 Principles of maintenance of information in EHRs from professionals’ point of view (in the first stage of Delphi technique)

Items agreed on by 75% or more

Protection of health information from misuse, damage, unauthorized access, modification or disclosure

Correction, completion and updating of health information

Maintenance of sufficient and relevant health information

The existence of appropriate yardsticks maintenance and easy access to health information

The existence of standards to maintain health information, guarantee the continuation and facilitate the access to information by authorizedpersons

The existence of written policies for maintenance of health information

Non qualification of organizations to delete clinical information before the time the law requires

The maintenance of the accesses to information and tracing the data in records

Items agreed on by 50% to 75%

Non maintenance of the one’s health information more than the required period of time

J Med Syst

show the nonexistence of any principles in this regard inIran in contrast to the selected countries and professionals’viewpoints participated in this study.

In summary, considering the studies made in Iran withinthese10 years, no certain principles can be found governingthe release of patients’ health records and the custodianshave been indifferent or unaware of the need for suchprinciples. In addition, considering the vital role of privatesector in health and treatment in Iran and a necessity for thesurveillance on the performance of private sector, despitethe specialists’ standpoint, it seems necessary that bothpublic and private sectors be responsible for requiredinformation by the courts. They should give the courts thepatients’ records if necessary. Moreover, legal principlesshould be set and implemented for punishing the unautho-rized disclosure of patients’ information.

Access to information

According to the specialists’ standpoints in Iran the one’saccess to his health information based on a request andbased on the express need to know is considered permitted.Nevertheless, some restrictions are deemed necessary forone’s access to his health information. In addition, theybelieved that it is necessary to enact the laws of one’saccess to health information for both public and privatesectors and any organizations other than the health careprovider institute.

According to the findings in Australia (2000), privacyand access to health records were applied to records inprivate and public sectors and to the documents which werekept in an organization other than the care-deliveringorganization [25, 26]. American Hospital Association

Table 5 Responsibilities of custodians of information in EHRs from professionals’ point of view (in the first stage of Delphi technique)

Items agreed on by 75% or more

To assess privacy impact of health information on collection, use and disclosure

To protect health information in their release and transmission from unauthorized destruction, use, modification, access or disclosure

To follow and implement policies and related legal actions

To designate a contact person to help ensure compliance with the legislation

To notify the individual of the use or disclosure of health information without the one’s consent and to seek the one’s consent if the use ordisclosure is to continue

Explicit access of public to policies and confidentiality procedures

To establish appropriate security safeguards by custodians who entrust health information to information management

To establish administrative, technical and physical safeguards and to ensure that information agents are all aware of all them

To maintain administrative, technical and physical safeguards

To ensure that the information is correct, complete and up-to-date

To disclose the information to the person authorized to receive the information

To apply appropriate sanctions for willful contraventions of these privacy requirements

To make required warnings about restrictions on information disclosure in records

Acceptance of Responsibility For the patient as data owner

To establish a board to supervise the confidentiality of information

Forbiddance of transferring health information for countries without sufficient protective levels of information confidentiality

It is legal and required to receive information and to follow theinformation transference laws

Transference of health information abroad in case

Of one’s consent to transfer the information

Of information transference to the one’s benefit

Service-provider The responsibility for the absence of a quick access to health informationfor the patient’s care byHealth information custodian

Information confidentiality supervision board

Items agreed on by 50% to 75%

Authority to refrain from giving the information to the patient if required or permitted to do so

For custodians of health information as data owners Acceptance of ResponsibilityFor the board supervising the confidentiality of information as dataowners

Items agreed on by less than 50%

Acceptance of responsibility For care-providers as data owners

Transference of health information abroad in case It is not possible to obtain one’s consent

The responsibility for the absence of a quick access to health information for the patient’s care by The patient

J Med Syst

Statement has announced that the patient has right to obtaincomplete information about the diagnosis and treatment ofhis illness from the physician, and when the patient isunable, the information must be given to someone who hasan intimate relation with the patient [27]. Kluge noted in hisinvestigation that the patient must have a right to access hiselectronic health information [22]. These findings are inline with the results of the present study.

Behnam’s investigation shows that in Iran the patientsare rarely talked with about his illness, medications andtreatment progress and in most cases the patient has noaccess to his medical information in manual system [15]. Inan investigation, Zahedifar indicated only in 36.4% ofunits, patients are permitted to have an access to theirrecord physicians’ diagnosis in manual system when theyare in appropriate mental conditions [18]. The investigationby Health Institute in South Wales (1999) on the problemswith clients’ access to records indicates the clients have alittle or no access to records in hospitals or through familyphysicians [28]. This finding is not in line with the resultsof this study.

It appears that in order to safeguard the patients’ rights,the need for patients’ access to their health recordinformation should be considered by all organizations,whether public or private. Therefore, it is recommendedthat in designing EHRs, a unique health identifier beconsidered for each client and the manner of the patient’saccessibility to his own health information and its mecha-nism be taken into consideration. Because the patients’awareness of his heath record information creates a fair andbetter relationship between the patient and the physician,promotes informed consent, guarantees the maintenance ofcare by different care providers and gives the patient agreater control over one’s health [29].

Information maintenance

The findings of the investigation emphasis on correctness,completeness and timeliness of the health information, andpermissible to maintain the one’s health record more thanthe required time if needed by the organization custodian ofthe information.

Table 6 Principles of confidentiality of information in EHRs from professionals’ point of view (in the second stage of Delphi technique)

Items agreed on by 75% or more

Conditions of health information collection

To fulfill the objectives and activities of that organization Data collection by organizationProvided that the information is anonymous before disclosure by the organization that collects theinformation

Principles of health information use

When required for certain purposes if the custodian of information is justified about the need for useof that information

Use of health information without one’sconsent

To determine the patient’s state of health to receive current health care

Principles of disclosure of information in EHR

the disclosure of health information by the one who receives information with patient’s consent for a purpose other than what the collection ofinformation is intended

Principles of one’s access to his health information

The accessibility to information by the individual except The information is collected for evaluation and Standard Committee

The Individual’s access to all kinds of recorded information based on express need to know

Conditions of maintenance of health information in the organization

Until the legal time voted Maintenance of the individual’s healthinformationLonger than the legal time if needed by the organization custodian of the information

Punishments for destruction of electronic records before their legal time

Responsibilities of health information custodians

Giving the ownership of data in electronic health records to the patient as well as health information custodians

Giving the ownership of data in electronic health records to the patient as well as the information confidentiality supervision board

Items agreed on less than 50%

The request for an access to information is frivolous and unreasonable The accessibility to information by theindividual exceptThe information is related to legal actions between the individual and organization and the access to

the information breaches the rights

It leads to transparency and openness and a damage to organization objectives relating tonegotiations with the individual

Delivering the patient’s health record to him if destruction of the record is required by law

Authority to refrain from giving the information to the patient if required or permitted to do so

J Med Syst

Anderson (1997) in his security principles has noted thatno one is permitted to eliminate the clinical informationexcept that their time period is expired [30]. Davis andLacour (2002) state that data must be correct in order to beuseful. If the data are not accurate, incorrect implicationsand knowledge may be transmitted to consumers. Thecompleteness of data refers to collecting and recording datain its all details. Information must also be up-to-date whendelivered [31]. These findings approve the results of thepresent study.

Salahi, however, concluded in his study that in Iran thereis no approach for the destruction of the paper records, andthe instructions for the period of records maintenance werefollowed in only 11.5% of cases [24]. Therefore it issuggested that a database be developed for EHRs in eachprovince. They should have the capability to maintain allthe clients’ health information for the legal time required.

Safeguarding the records from destruction and prevent-ing from manipulation or deviation of information until therequired time seem to be quite necessary. Considering thenonobservance of the present principles in manual records,the punishments are quite necessary for the individuals ororganizations which illegally decide to destroy or to wipeout the records or even are careless in maintenance ofcomputerized records.

Responsibilities of custodians

The specialists’ standpoints emphasis on public access topolicies and procedures of privacy in electronic healthinformation records. they also make an emphasis on someother item such as, giving the ownership of the data to thecustodians of the health information and the InformationConfidentiality Supervision Board as well as the patient, theforbiddance of transmitting the health information tocountries without sufficient levels of protection for infor-mation confidentiality, transmission of health informationabroad under certain conditions, and finally the responsi-bility for the absence of a quick access to healthinformation to take care of the patient by care provider,information custodian and Information ConfidentialitySupervision Board.

The studies made indicate that according to the currentlaws in Australia, patients are not the owners of theirrecords. In the United States, the problem of ownership ofdata in electronic records has not been resolved [32]. Datamaintenance directive by the European Union in October in1998 forbids the movement of information to countrieswithout sufficient protection levels except it is donethrough patient’s consent [33]. Fuller and Jeffries (2001)cite the responsibilities of health information managementin safeguarding the information as to get aware ofinformation confidentiality laws, to enact laws and to

manipulate the contents in each medical record [34]. DenisCallahan (2001) in his article ‘The New Privacy Officer’sGame Plane’ notes that the requirements of health serviceorganization for the person responsible for confidentiality isdifferent from other occupations, and because of theirtrainings and experiences, practitioners in health informa-tion management have most of the required skills [35].

In addition, the investigation by Behnam indicated thatin Iran there are practitioners in hospital responsible forissues such as accuracy and completeness of the informa-tion, educational programs for staff’s familiarity withinformation confidentiality, and observance of the lawsrelated to safeguarding the security of information inpatients’ records [15]. According to the investigation byZahedifar, before starting to work, medical records person-nel get familiar with their tasks and responsibilitiesconcerning the confidentiality [18].

All in all, it seems that in order to protect and maintainthe patients’ health records in Iran, individuals should betrained as medical record specialists who will be responsi-ble for patients’ medical records. These practitioners mustundertake the responsibility for the patients’ ElectronicHealth records in the future, and the competent authoritiesmust not only set the required legal principles, completeand rectify job description for these personnel but alsorecognize them as custodians of electronic health recordsand as those responsible for observing and following lawsrelated to information confidentiality. However, as theownership of the data in electronic records has not beensolved completely, and because of the nature of EHRs, itseems necessary to pay attention to the custodianship of theelectronic health records instead of the ownership of theirdata.

Conclusion

According to the findings by the present investigation, acomprehensive model of the electronic health recordconfidentiality principles is presented for Iran in six pivots.This model is a collection of EHR confidentiality principlesfrom studied countries. Each of the subject countries usesonly part of this new model.

The common aspect of Iran’s model with the models inselected countries is the focus on the pivotal role ofpatient’s consent in the principles of confidentiality inelectronic health records. The differences with studiedcountries model is that, the use and disclosure of healthinformation for marketing and purposes outside the cycle ofcare and treatment without patient’s consent, familymembers or someone who has an intimate relation withthe patient was not approved by Iranian professionals; theindividual must be have an access to his/her health

J Med Syst

information in some cases; and finally the health informa-tion must not be kept more than the required time by law.

In addition, punishment for disclosure or destruction ofelectronic health information, data ownership, inclusion ofstatutes related to access to information in all organizations,the responsibility for inaccessibility to information and themovement of information abroad have been confirmed asnew dimensions added based on this study.

Because the EHR issue and its confidentiality is novel inIran, more research in this field must be carried out. Basedon the results of the current study and researchers’experiences, the weakness of the electronic health systemsin Iran in this field consists of:

1. Data collection conditions2. Data use principles3. Information disclosure principles4. Principles of information access5. Information maintenance conditions

On the other hand, it seems that attention to Duties ofhealth information custodians of current medical informa-tion systems in the health centers of Iran is the sole strengthof current systems. Thus there are many gaps betweencurrent situation and the desired EHR confidentialityprinciples in Iran.

Considering the new approach of Ministry of Health,Treatment and Medical Education towards the creation ofan electronic health record for each Iranian and the absenceof well organized, comprehensive principles for theconfidentiality of health records in Iran, it is recommendedto use the proposed model by the officials of the Ministry ofHealth, Treatment and Medical Education in general and,the ‘Statistic and Information Technology ManagementSector’ of Iran Health Ministry in particular.

Conflict of interest No conflicts of interest have been declared

References

1. Carter, M., Should patients have access to their Medical records.J. Med. Image Anal. 169:96–97, 1998.

2. Commonwealth of Australia, International approaches to theelectronic health record; 2003. http://www.healthconnect.gov.au/internet/hconnect/publishing.nsf/Content/43598FE37A3E7270CA257128007B7EB7/$File/v3–1.pdf. Accessed 2006.

3. National Committee on Vital and Health Statistics, Information forhealth; 2001. http://www.ncvhs.hhs.gov/nhiilayo.pdf. Accessed 2006.

4. Lyons, R., Payne, C., McCabe, M., and Fielder, C., Legibility ofdoctor’s hand writing: quantitative comparative study. BMJ.317:863–864, 1998.

5. Woodward, B., The computer-based patient record and confi-dentiality. N. Engl. J. Med. 333:1419–1422, 1995. doi:10.1056/NEJM199511233332112.

6. HIMSS, 2004 HIMSS National health information infrastruc-ture survey; 2004. http://www.himss.org/content/files/2004healthinfoInfrastructuresurvey.pdf. Accessed 2006.

7. Meidani, M., A Comparative investigation on standards ofmedical records in selected countries and Iran. Thesis, MedicalInformation Management Faculty, Iran University of MedicalSciences, Tehran; 2003

8. Aspen Reference Group, Health information management manu-al, 1st edition. Maryland, Aspen, 1999. p. 5:1.

9. Bitaraf, E., Riazi, H., and Fathi Roodsari, B., Comparative studyof electronic health in the word, 2/2nd edition. Ministry of Healthand Medical education, Tehran, 2007.

10. Riazi, H., Fathi Roodsari, B., and Bitaraf, E.,Electronic health record,concepts, standards and development approaches, Version 1.1.Ministry of Health, Treatment and Medical Training, Tehran, 2007.

11. Cornwall, A., Electronic health Records: an international perspec-tive; 2002. http://www.home.vicnet.net.au. Accessed 2006.

12. Itiran, Looking to progress path of electronic health records. 2008.Available from: http://itiran.com/?type=article&id=9999.Accessed 2009.

13. Farzandipour, M., Ahmadi, M., Sadoughi, F., and Karimi, I., Acomparative study on confidentiality principles of electronichealth records in the selected countries. Journal of HealthInformation Management. 5(2):139–149, 2009.

14. Commonwealth Department of Health and Aged Care, The benefitsand difficulties of introducing a national approach to electronic healthrecords in Australia; 2002. http://www.health.gov.au. Accessed 2006.

15. Behnam, S. A comparative study of accessibility levels andconfidentiality of medical records in selected countries. Thesis,Medical Information Management Faculty. Tehran, Iran Univer-sity of Medical Sciences, 2005.

16. CIHI, Privacy and Confidentiality of health information atCanadian institute for health information; 2002. http://www.secure.cihi.ca/cihiweb/en/downloads/privacy_policy_priv2002_e.pdf. Accessed 2006.

17. Department of Health and Human Services. 45CFRparts 160,162and 164 Health Insurance Reform: security standard; Final Rule;2003. Available from: http://www.hipaa.org. Accessed 2009.

18. Zahedifar, R., Study rate of respect for patients rights in MedicalRecords Units of Isfahan University of Medical Sciences. Thesis,Medical Information Management Faculty. Tehran, Iran Univer-sity of Medical Sciences, 2002.

19. Taheri, H., Is the physician a guarantor? J. Medicolegal Org.14:25–30, 1998.

20. Mohammadpour, A., A comparative study on the HospitalStandards of Ministry of Health and International Standards ofJoint Commission on Accreditation of Hospital. Thesis, MedicalInformation Management Faculty, Tehran, Iran University ofMedical Sciences, 2006.

21. Sarbaz Zarinabad, M., A comparative investigation of patients’rights charter in some selected countries and finding a suitablesolution for Iran. Thesis, Medical Information ManagementFaculty, Tehran, Iran University of Medical Sciences, 2002.

22. Kluge, E. H., Patients, patient records, and ethical principles. Medinfo. 8:1596–1600, 1995.

23. Farzandipour, M., An investigation on policies of deliveringmedical records in Tehran University’s Hospitals. M. Sc. Thesis,Medical Information Management Faculty. Tehran, Iran Univer-sity of Medical Sciences, 1995.

24. Salahi, M., An investigation on conditions of storage and retrievalof patients’ medical records in teaching hospitals of IranUniversity of Medical Sciences and their comparison withnational standards and standards in the US. Thesis, MedicalInformation Management Faculty, Tehran, Iran University ofMedical Sciences, 1998.

25. National Electronic Health Records Taskforce. A health informa-tion Network for Australia; 2000. http://www.health.gov.au/internet/hconnect/publishing.nsf/content/7746B10691FA666CCA257128007B7EAF/$File/ehrrept.pdf. Accessed 2006.

J Med Syst

26. National Electronic Health Records Taskforce, A national approach toelectronic health Records for Australia; 2000. http://www.healthconnect.gov.au/internet/hconnect/publishing.nsf/content. Accessed 2006.

27. Mcmiller, K., Brady being a medical record clerk. Prentice Hall,Englwood Cliffs, 1992.

28. Advisory Council on Health Infostructure, Canada Health info-way; 1999. http://www.hc-sc.gc.ca/hcs-sss/alt-formats/iab-dgiac/pdf. Accessed 2006.

29. Consumer’s Health Forum of Australia, The use of consumers’health information for research purposes. Consumers’ HealthForum of Australia, Australia, 1998.

30. Anderson, R. J., An update on the BMA security policy. Spring,Berlin, 1997.

31. Davis, N., and Lacour, M., Introduction to Health InformationTechnology. Saunders, Philadelphia, 2002.

32. Tang, P. C., and Hammond, W. E., A progress report on computer-based patient records in the United States. National Academypress, Washington, 1997.

33. European commission, European Union Directive. On theprotection of individuals with regard to the processing of personaldata and on the free movement of such data. EuropeanCommission, Brussels, 1995.

34. Fuller, B., and Jeffries, J., From DNA to data privacy. J. Am.Health Inf. Manag. Assoc. 72(3):46–50, 2001.

35. Callahan, D., The new privacy officer’s game plane. J. Am. HealthInf. Manag. Assoc. 72(6):26–32, 2001.

J Med Syst