Nursing 2241: Nursing Practice 4
Confidentiality and Security of Health Data
"Ethical conflicts over the nature and appropriate use of personal health information are not new. Unauthorized and inappropriate disclosures of personal health information have occurred probably for as long as detailed records have been kept. However, advances in information technology that allow the rapid assembly and dissemination of information have magnified the ethical problems inherent in keeping personal health records secure and private. As information networks and databases slowly penetrate into every aspect of the health care sector, the opportunities for unethical disclosure of personal health information will increase accordingly."
- (Mullen & Lavery, 1998).
The privacy and confidentiality of data, as well as the security and safety of hospital and other health information systems are protected by policies and procedures initiated by the involved agencies. Included in these procedures are precautions taken by individual health care providers, including nurses. Agencies are required to protect data from unauthorized use, and from destruction and disclosure. They also control data input and output, depending on health care providers to be responsible and accountable for managing client data.
"The security of health information is distinct from individual interests in privacy and confidentiality. Security refers to technological, organizational, or administrative processes designed to protect data systems from unwarranted access, disclosures, modification, or destruction. Maintaining the security of health information is not synonymous with preserving its privacy. Absolute privacy of health information can never be assured even with maximum security protections because no security system can safeguard against access by those who are authorized to use the data system. Thus, authorized users can invade patient privacy even in the most secure data systems. The purpose of security is to ensure that data systems are accessed only by those persons having authorization." (Gostin & Hodge, 1999).
Ends in View
This learning activity is intended to give the learner the opportunity to:
1. Explore the legal, ethical, moral and political implications of using computer systems to
manage client health data.
2. Gain awareness of security measures used in health care agencies to maintain confidentiality
and data integrity.
3. Understand the link between confidentiality, security and caring in nursing.
4. Recognize the utility of databases for storing data.
1.READ: Canadian Institute for Health Information (2002). Privacy and Confidentiality of Health Components at CIHI: Principles and Policies for the protection of health information,
3rd ed. Online: http://secure.cihi.ca/cihiweb/en/downloads/privacy_policy_priv2002_e.pdf
2. READ: Canadian Institute for Health Information. Privacy and Data Protection
3. READ: Canadian Nurses Association (2001). Position Statement: Privacy of Personal Health Information. Ottawa: Author. Online:
1. Consider the following situation:
You are using a computer to access your client's chart at the nurses' work station.
You are called away from the desk suddenly, and forget to log off the system. By
the time you get back to finish with the computer, someone else is using it. You
realize that they are using your logged on user I.D.
What immediate action would you take?
What measures would you take to ensure your client's data and confidentiality
2. Read the following statement:
"The health care agency owns the data in it's computer system and is therefore
free to do whatever it chooses with that data."
Is this accurate?
What issues does this statement raise?
3. How can a health care agency control and monitor their:
a) hardware security
b) software security
c) data security
d) communication and electronic security
e) technical security
f) physical and environmental security
g) personal security
What is the differences between these varied levels of security? Are they related?
4. a) Create a set of directives for university college students and health care professionals to use
for effective legal and ethical use of computers on campus and in health care settings.
b) Using a wordprocessing or desktop publishing program, create a one page catchy flyer
to present the directives in (a). Save and print out your directives for your colleagues.
5. What possible complications arise when using a database to harbour client data? What accountability issues
result for nurses and other health care professionals?
1. Reflect on how a nurse's level of computer literacy can influence a client's right to
privacy, confidentiality and data security.
2. What consequences might a nurse face if he/she acts unethically with client health data?
Canadian Institute for Health Information. (2002). Privacy and Confidentiality of Health Components at CIHI: Principles and Policies for the protection of health information,
3rd ed. http://secure.cihi.ca/cihiweb/en/downloads/privacy_policy_priv2002_e.pdf
Canadian Institute for Health Information (2002). Privacy and Data Protection
Gostin, L. & Hodge, J. (1999). Privacy and Security of Public Health Information. Model State Public Health Privacy Project. National Center for Health Statistics - White Paper. Washington, DC: Georgetown University Law Center.
NEXT: Pathophysiology 2 NURSING INFORMATICS LEARNING ACTIVITY.....