Privacy Dimensions of Medical Record Keeping
ResearchPublished 1994
ResearchPublished 1994
This paper briefly reviews medical privacy and gives explicit definitions of confidentiality, privacy, and security. It indicates a need to make organizations accountable for the use of personal medical data. It then divides medical information systems into those that support healthcare facility operations, those that support physicians and other healthcare providers, and those that support patient records; privacy and security problems are usually different for each. The paper suggests remedial actions that would improve medical privacy, and discusses relevance of the Privacy Act's Code of Fair Information Practices to medical systems. It concludes with five specific suggestions for action by Department of Health and Human Services (DHHS): establish medical information as confidential by law; include security and privacy as explicit design goals in system procurements; establish legitimate uses for medical data; restrict the scope and time-extent of patient authorizations; create a Code of Fair Medical Information Practices; reconsider the regulations on computer matching of databases.
This publication is part of the RAND paper series. The paper series was a product of RAND from 1948 to 2003 that captured speeches, memorials, and derivative research, usually prepared on authors' own time and meant to be the scholarly or scientific contribution of individual authors to their professional fields. Papers were less formal than reports and did not require rigorous peer review.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.