Professional Documents
Culture Documents
Ethics, Privacy, and Security: Lesson 14
Ethics, Privacy, and Security: Lesson 14
Ethics, Privacy, and Security: Lesson 14
General ethics guide the reasoning and decision-making of all people and
organization involved in health care.
Principle of
Principle of Principle of
Information- Principles of Principles of Principles of Principle of
Legitimate Least Intrusive
Privacy and Openness Security Access Accountability
Infringement Alternative
Disposition
PRIVACY, CONFIDENTIALITY, SECURITY
Safeguard are solutions and tools which may be utilized to implement security
policies at different levels of health organization such as administrative,
physical, and technical.
Table 14.1 Administrative, Physical, and Technical Safeguards for HIS
Patient record (e.g. ID Number, name, sex, age, location) must be created in the LIS before tests can be ordered. LIS
Register Patient usually receives these data from a hospital registration system when a patient is admitted.
The attending physician orders the tests for the patient and the procedure is requested as part of the laboratory’s morning
Order Tests blood collection rounds. These orders are entered into the CIS and they are sent to the LIS electronically.
The LIS prints a list of all patients who have to be drawn which also includes the appropriate number of sample barcode
labels for each patient order. Each barcode contains the patient ID, sample contained, and laboratory workstation which is
Collect Sample used to sort the tube once it reaches the laboratory. An increasingly popular approach is for caregivers or nurses to collect
blood samples. Sample barcode labels can be printed (on demand) at the nursing station on an LIS printer or portable
bedside printer prior to collection.
Once the samples arrive in the laboratory, the status is updated in the LIS from “collected” to “received.” This is done by
Receive Sample scanning each sample container’s barcode ID into the LIS. Once the status becomes “received,” the LIS then transmits the
test order to the analyzer that will perform the test.
The sample is loaded onto the analyser, and the bar code is then read. No work list is needed because the analyser knows
which tests to perform from the order provided by the LIS. However, when tests are performed manually, the technologist
Run Sample prints a work list from the LIS. The work list should contain the names of the patients and the tests ordered on each and
next to each test is a space to record the result.
The analyzer then produces the results and sends the same to the LIS. The results is only viewable to the assigned
Review Results technologists until it is released for general viewing. The LIS can be programmed to flag certain results—for example,
critical values—so the technologist can easily identify what needs to be repeated or further evaluated.
The technologist is responsible for the release of the results. Unflagged results are reviewed and released at the same
time. The LIS can be programmed to automatically review and release normal results or results that fall within a certain
Release Results range. This approach reduces the number of tests that a technologist has to review. The results are automatically
transmitted to the CIS upon release.
Report Results The physician can now view the results on the CIS screen. Reports can be printed when needed.
Table 14.3 Administrative, Physical, and Technical Safeguards for LIS
The Data Privacy Act of 2012 provides that consent must be documented and given
prior to the collection of all forms of personal data; and the collection must be declared,
specified, and used for legitimate purpose.
The subject must be notified about the purpose and extent of data processing, with
details specifying the need for automated processing, profiling, direct marketing, or sharing.
Violations of the Data Privacy Act
• Unauthorized processing
• Processing for unauthorized purposes
• Negligent access
• Improper disposal
• Unauthorized access or intentional breach
• Concealment of breach involving sensitive personal information
• Unauthorized disclosure; and
• Malicious disclosure.
Republic Act No. 1073, Ch. 8, Sec. 33
Any combination or series of acts shall make a person subject to imprisonment ranging
from three to six years, and a fine of not less than one million pesos (PhP 1,000,000.00) but
more than five million (PhP 5,000,000.00).
KEY POINTS TO REMEMBER
Health informatics ethics is the application of the principles of ethics to the domain of
health informatics. There are three main aspects of health informatics ethics: general
ethics, informatics, and software.
General ethics covers autonomy, beneficence and non-maleficence.
Informatics refers to privacy, openness, security, access, infringement, least intrusion
and accountability.
Software developers should consider the best interest of the society in general, the
institution and its employees, and profession.
Administrative, Physical and technical safeguards are placed to regularly monitor
effectiveness and assess the health IT environment.