Introduction

...the ability to electronically capture, store, transfer and distribute health information to one person or a billion recipients, with the touch of a fingertip on a computer keyboard, raises many troubling privacy security and confidentiality questions.

At the same time, the ability to electronically capture, store, transfer and distribute health information to one person or a billion recipients, with the touch of a fingertip on a computer keyboard, raises many troubling privacy security and confidentiality questions.

The health care industry’s concerns about the privacy, security and confidentiality of patient information are not unique. The financial services industry, including banks and credit cards companies, have been at the forefront of developing protections for personally identifiable financial information. Yet many consumers consider their health information to be more "private" than a bank account statement, which is routinely accessed by mortgage lenders, landlords and other third parties. Patients with chronic health problems or more serious conditions, such as cancer or HIV/AIDS, may be vulnerable to involuntary disclosure that could affect their job status or health insurance coverage.

Yet many consumers consider their health information to be more "private" than a bank account statement...

With advances in gene research, even young, healthy adults may be concerned about the disclosure of genetic information. For example, Terri Seargent, a North Carolina resident, was fired from her job after being diagnosed with a genetic disorder that required expensive treatment (Weiss, 2000). Before being fired, Terri was given a positive review and a raise. She suspected that her employer, who is self-insured, found out about her condition and fired her to avoid the projected expenses. Similar medical privacy stories can be found at the Georgetown University, Institute for Health Care Research and Policy, Health Privacy Project Website: http://www.healthprivacy.org.

Before discussing privacy, security and confidentiality at any length, a "working" definition of privacy, security and confidentiality will help to understand these concepts. Ware (1993) offers the following definitions:

Privacy is an individual’s claim to control the use and disclosure of personal information. This claim is backed by the societal value representing that claim. Confidentiality is a status accorded to information that indicates it is sensitive for stated reasons and therefore must be protected and access to it controlled. Security are the safeguards (administrative, technical, or physical) in an information system that protect it and its contents against unauthorized disclosure, and limit access to authorized users in accordance with an established policy" (page 43).