National Academies Press: OpenBook
« Previous: Appendix E Committee Biographies
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

Index

A

Access control list (ACL) mechanisms, 93, 96

Access controls, 1, 5, 10, 80-81, 93-97, 115, 140-142, 161, 170, 217-218.

See also Authentication;

Threats

bypassing, 31, 58-59

monitoring, 9, 50, 99, 102, 110, 173

for networks, 2, 102-106

overriding, 94-95

recommended improvements in, 96-97, 104-105, 176

Accountability. See Access controls;

Audit trails

Accreditation Manual for Hospitals, 49

Adverse consequences. See Privacy, interests at stake

Agencies. See Oversight agencies

AIDS information, 45, 133

Alcohol treatment information. See Substance abuse information

Alternative power, 101

American Health Information Management Association, 13n, 178, 183n

American Hospital Association, 13n, 183n

American Medical Association, 13n, 183n

American Medical Informatics Association, 13n, 183n

American National Standards Institute (ANSI), 47-48, 178

Americans with Disabilities Act (ADA), 38, 43-44

Anonymous care, 17, 96-97, 133, 192

problems with, 96n

ANSI. See American National Standards Institute (ANSI)

Assessment. See Self-assessment

Audit trails, 5, 8, 26, 62, 94-95, 97-99, 115, 135, 162, 170-171, 187.

See also Access controls;

Health information, giving patients access to

difficulties with, 29

expanding, 10, 165

recommended improvements in, 98-99, 176-177

tools to analyze, 17, 192-193

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

Authentication, 10, 86-92, 115, 161, 169-170, 217.

See also Encryption

biometric, 92

of EMR creators, 10, 89, 101, 106, 177

of EMR users, 8, 62, 88-89, 140

reauthentication, 121

recommended improvements in, 89-92, 176-177

at remote locations, 8, 89, 104, 133, 171-172

token-based, 10, 88-89, 91-92, 125, 163

Authorization forms, 135-137

improving, 9, 174-175

Availability of data, In, 61, 65, 82, 93-94, 117n, 129

B

Backups, 8, 111-112, 116, 171, 218-219

recommended improvements in, 112

Backup tape disposal. See Degaussing

Bastion host, 103

Billing systems, 2, 160

Bill of rights, patient, 136

Biometric technologies. See Authentication, biometric

Blackmail, 57n

Break-in scripts. See Access controls, monitoring

C

Capitation system, 23

CERT. See Computer emergency response team (CERT)

College of Health Information Management Executives, 13n, 183n

Committees, 138-139.

See also Institutional review boards (IRBs);

Security and confidentiality committees

Common law protections, 39, 46

Common Object Request Broker Architecture (CORBA), 111

Complaints. See Patient privacy, complaints about

Compliance issues, 4, 33, 239-241

Computer-based Patient Record Institute (CPRI), 13n, 48, 150-151, 178, 183n

Computer disposal. See Degaussing

Computer emergency response team (CERT), 11, 106, 113-114, 179-180

Computer failure. See Backups

Computer Security Institute (CSI), 55

Confidentiality, 9, 11

defined, 1n, 20n

policies for, 130-131

warning screens, 146-147

Confidentiality agreements, 149-151

Confidentiality committees. See Security and confidentiality committees

Congress, recommendations for action by

for funding, 11, 179-180

for legislation, 12, 52-53, 186-187

Consensus-style decision making, 139

Consequences, adverse. See Privacy, interests at stake

Constitutional protections, 38-39, 42-43

Consumer awareness initiatives, 13

Consumer concerns, 45, 164.

See also U.S. Office of Consumer Affairs

Continuing medical education courses, 144

Controls. See Access controls;

Audit trails;

Linkage of records, controlling;

Rights management technologies;

Secondary use, controlling;

Software discipline

CORBA. See Common Object Request Broker Architecture (CORBA)

Core dump analyses, 121

CPRI. See Computer-based Patient Record Institute (CPRI)

Critiquing engines, 26

Cryptography. See Encryption

CSI. See Computer Security Institute (CSI)

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

D

DARPA. See Defense Advanced Research Projects Agency (DARPA)

Data

availability of (See Availability of data)

backups (See Backups)

collection, 11, 69

economic value of, 28, 56, 60

encryption (See Encryption)

flow (See Flow of data, representative example)

integrity of (See Integrity of data)

linking (See Linkage of records)

ownership of, 50, 216

patient-identifiable (See Patient-identifiable data)

secondary users of (See Secondary use, controlling)

security of (See Security of data)

sharing (See Sharing data)

Data custodians, 142

Data Encryption Standard (DES), 87

Data stewards, 141-142

Debate. See Public debate, need for

Decision support systems, 26

Defense, Department of, 41-42

Defense Advanced Research Projects Agency (DARPA), 11n, 106n, 113

Defense Information Systems Agency, 56

Degaussing, 100-101

Denial-of-service attacks, 64, 105-106

Department of Defense. See Defense, Department of

Department of Health, Education, and Welfare. See Health, Education, and Welfare, Department of

Department of Health and Human Services. See Health and Human Services,

Department of

DES. See Data Encryption Standard (DES)

Detailing, 144

Dial-back procedure, 172

Dialysis patients, 229

Digital health care records. See Electronic medical records (EMRs)

Disaster recovery procedures. See Backups

Disciplinary policies and procedures, 4, 9, 12, 61, 81, 149, 151-153, 174, 214-215

incremental, 152

strengthening, 165

Discrimination issues. See Privacy, interests at stake

Distributed Computing Environment (DCE), 91, 96, 111, 125-126

DNS. See Domain Name Service (DNS) information

Domain Name Service (DNS) information, 103

Drug interactions, adverse, 225

Drug treatment information. See Substance abuse information

E

Education and training, 174

for health care workers, 4, 9, 13, 61-62, 109, 142-149, 215

formal, 143-144

informal, 144-145

for medical staff, 143-144, 146-147

for patients, 13

publications useful in, 147-148

videos useful in, 148-149

Elderly patients, 222

Electrical failure. See Alternative power;

Backups

Electronic medical records (EMRs), 2-4, 21n, 25-26, 122-126, 216

advantages of, 26, 160

difficulties of building, 122-123

transition to, 122-123

E-mail, problems based on, 8, 61, 64

Embarrassing revelations. See Privacy, interests at stake

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

Emergencies. See Access controls, overriding;

Backups

Emergency room care applications, 224, 229

Employee input into policy development, 138

Employee Retirement and Income Security Act (ERISA), 46, 165

Employees. See Authentication, of EMR users educating (See Education and training)

Employment affected by health information. See Privacy, interests at stake

EMRs. See Electronic medical records (EMRs)

Encryption, 8, 10, 62, 64, 86-87, 106-108, 116, 121, 162, 172, 218

availability of, 124-125

Enforcement policy. See Disciplinary policies and procedures

ERISA. See Employee Retirement and Income Security Act (ERISA)

Event monitors. See Audit trails

External agents, 55, 162n, 216, 218

F

Fair Credit Reporting Act, 33

Fair Health Information Practices Act of 1997 (HIPA), 6n, 52-53

Fair Health Information Practices Act of 1995, 6n

Federal government. See Governments

Federal Register, 41-42, 182

Firewalls, 8, 64-65, 102-104

monitoring performance of, 104

Floppy disk disposal. See Degaussing

Flow of data, representative examples, 69-73, 195-196

Food and Drug Administration, 135

Forms. See Authorization forms, improving

Freedom of Information Act of 1966, 38, 41

G

Genetic information, 20n, 27, 45-46

misuse of, 77

Global

audit trails, 10

health care network, 105

Governments. See also Congress, recommendations for action by;

Health and Human Services, Department of

collection of data by, 72-76, 135

role of, 10, 16, 178

H

Hacker scripts. See Access controls, monitoring

Hand geometry patterns. See Authentication, biometric

Handwritten notes, 132

Health, Education, and Welfare, Department of, 182, 185n

Health and Human Services, Department of, 6, 11-17, 52-53, 78, 118, 168, 178-181, 183-185, 192-194

Health Care Financing Administration (HCFA), 41-42

Health care industry, 65-81

recommended improvements in, 175-180

role of, 13, 178

standards needed, 5-6, 11, 45, 47-49, 125, 235-239

structural changes in, 2, 21-24

unregulated dissemination of information within (See Threats, systemic)

Healthcare Information and Management Systems Society, 13n, 183n

Health care organizations, 1-3, 54-65, 127-159.

See also Health care providers

new roles for, 24, 162

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

policies, 166, 173, 213-214

development process, 138-139

implementation structures, 139-142

periodic review, need for, 154

recommended improvements in, 9, 153-159, 167-177

vulnerability to attack (See Threats)

Health care providers, 1-3, 82, 99

access to information, 4-5, 94-95, 129-131, 162-163

authentication (See Authentication, of EMR creators)

awareness of health data flows, 13

saving time of, 122

(See also Availability of data)

Health care researchers, 1-2, 13

use of health information, 134-135, 214

Health identifier. See Universal health identifiers

Health Informatics Standards Board (HISB), 47-48, 178

Health information, 69-72.

See also Data;

Marketing uses of health information

balancing privacy with public interest, 12, 34, 83, 129, 181

classes of, 94

giving patients access to, 9, 45n, 133, 137-138, 175, 213, 226

infrastructure, creating, 10, 105, 177-180

new users of, 23-24, 30-31, 65-69

protecting, 4-7, 26-33, 54-81, 117-122, 164-166

(See also Education and training; Information security officers; Ombudsman; Security and confidentiality committees)

acceptable uses of, 11

policies and procedures for, 9, 128-142

sanctions (See Disciplinary policies)

releasing, 135, 213

secondary users of (See Secondary use, controlling)

technology, 1, 7-10, 16-17, 82-126, 191-194

(See also Access controls; Audit trails; Authentication; Backups; Electronic medical records (EMRs); Linkage of records; Physical access to computers and records; Software discipline)

awareness of, 112-114

cost of, 20, 83, 125, 156

demand from health care organizations, 7, 123, 162-163

growing use of, 2, 161

investing in, 2-3, 16-17, 25

obstacles to using, 122-126

pace of change in, 35, 220

promoting exchange of, 16-17, 177, 214

trade-offs in, 4, 83

Health Insurance Portability and Accountability Act of 1996, 6, 14, 39, 53, 78, 118, 168, 185, 233-246

Health maintenance organizations (HMOs), 22, 146-147

Health Plan Employer Data and Information Set (HEDIS), 23

HIPA. See Fair Health Information Practices Act of 1997 (HIPA)

Hippocratic oath, 19n, 147

HISB. See Health Informatics Standards Board (HISB)

HIV information, 27, 45, 97, 131-132, 213

HMOs. See Health maintenance organizations (HMOs)

Home care applications, 224-225

Home computers, access from. See Authentication

I

Identifiers. See Universal health identifiers

IDSs, Integrated delivery systems (IDSs)

Images, managing, 226

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

Inappropriate access. See Threats

Incremental backups, 112

Independent health care network, 105

Indian Health Service, 40

Industry, health care. See Health care industry

Information. See Health information

Information infrastructure. See Health information;

National information infrastructure

Information management (IM) standards, 49, 157-158, 215

Information security officers, 9, 140, 174, 214-215

Informed consent, 137n

Institute of Medicine, 12n, 51

Institutional review boards (IRBs), 134-135, 214

Insurers, 4, 11

access to information, 95

new roles for, 24

Integrated delivery systems (IDSs), 2-3, 22, 119-120, 156-157

Integrated management models, 154

Integrity of data, 1n, 10, 80, 117n

Internal agents, 54-55, 151-152, 216

International Organization for Standardization (ISO), 48

Internet, 2, 8, 21, 56-59, 64-65, 97, 102-106, 172.

See also Firewalls

faking addresses on, 89, 113

need for accountability on, 64

Internet Engineering Task Force, 193

IRBs. See Institutional review boards (IRBs)

ISO. See International Organization for Standardization (ISO)

J

JCAHO. See Joint Commission on Accreditation of Healthcare Organizations (JCAHO)

Joint Commission on Accreditation of Healthcare Organizations (JCAHO), 23, 49

K

Kerberos system, 90-91, 97, 107-108

Key distribution center (KDC) systems, 91, 97

L

Laptop computer users. See Authentication, at remote locations

Legal protections. See Security of data, legal framework

Legitimate users, hampering. See Availability of data

Linkage of records, 117-120, 185-186, 192

controlling, 14-17, 24, 79, 102-106, 115, 187-188

Local area networks (LANs), 102, 224

Low-birth-weight infants. See Newborns, high-risk

M

Magnetic strip swipe cards. See Authentication, token-based

Magnuson, Warren Grant. See Warren Grant Magnuson Clinical Center

Managed care programs, 22-24, 119-120, 146-147.

See also Health maintenance organizations (HMOs)

Marketing uses of health information, 69

Med-CERT, 11, 179-180

Medical Information Bureau (MIB) Inc., 30, 32-33

Medical Privacy in the Age of New Technologies Act of 1996, 6n

Medical records, electronic. See Electronic medical records (EMRs)

Medical Records Confidentiality Act of 1995, 6n

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

Medical school training, changes needed in, 146

Medicare Conditions of Participation for Hospitals, 41-42

Medicare program, 15n, 38, 189, 233.

See also Joint Commission on Accreditation of Healthcare Organizations (JCAHO)

Medication lists, 132

Mental health information, 45, 131.

See also Psychiatric records

Mobile users. See Authentication, at remote locations

N

NAIC Act. See National Association of Insurance Commissioners (NAIC) Insurance Information and Privacy Protection Model Act

National Association of Insurance Commissioners (NAIC) Insurance Information and Privacy Protection Model Act, 32-33

National Committee for Quality Assurance, 23

National Committee on Vital and Health Statistics (NCVHS), 11, 53, 178, 243-245

National information infrastructure, 27, 105.

See also Health information, infrastructure;

National Library of Medicine (NLM)

National Institutes of Health, 2

National Library of Medicine (NLM), 2, 21, 194

awards to health care applications of the national information infrastructure, 222-232

Natural disasters. See Backups

NCVHS. See National Committee on Vital and Health Statistics (NCVHS)

Network File System (NFS), 113

Network Information System (NIS), 113

Networks. See Access controls, for networks;

Internet;

Local area networks (LANs)

Newborns, high-risk, 223-224

NFS. See Network File System (NFS)

NIS. See Network Information System (NIS)

NLM. See National Library of Medicine (NLM)

O

Office of Consumer Affairs. See U.S. Office of Consumer Affairs

Office of Technology Assessment (OTA), 50-51

Ombudsman proposal, 12, 14, 184, 187

Open Software Foundation (OSF), 91, 96

Organizational threats. See Threats

Organizations. See Health care organizations

OTA. See Office of Technology Assessment (OTA)

Outpatient care application, 229

Oversight agencies, 2, 4

P

Packet sniffers, 113

Password crackers. See Access controls, monitoring

Patient-identifiable data, 13-14, 20, 46, 66-68, 183-184, 235

restricting, 186

Patient identifiers. See Universal health identifiers

Patient privacy

complaints about, 98, 156, 163-164

protecting, 1, 6, 13-15, 19

(See also Education and training; Health information, protecting; Information security officers; Ombudsman; Security and confidentiality committees)

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

respect for, 128

right to, 158

(See also Bill of rights, patient; Rights management technologies)

establishing, 12, 45n, 136, 187

as fundamental, 27

and willingness to confide in providers, 81, 127, 129

Payers, 1-2.

See also Insurers;

Managed care programs;

Medicare program;

Self-insured employers

Perimeter identification and defense, 82, 95-96, 152

Pharmaceutical benefits programs, 4, 24, 77

Physical access to computers and records, 8, 57-58, 99-102, 115, 171, 216.

See also Perimeter identification and defense

countermeasures presenting obstacles, 62, 64

Physicians. See Authentication, of EMR creators;

Education and training, for medical staff;

Health care providers

Portable computer users. See Authentication, at remote locations

Power outages. See Alternative power;

Backups

Pretty Good Privacy system, 107

Privacy. See also Patient privacy defined, 1n, 20n, 245-246

interests at stake, 4, 27-28, 51-52, 60, 65, 69-80, 185-186

tort right of, 46

violations of, 1n, 3, 77-78

recourse, 155, 163, 182

(See also Security of data, legal framework)

Privacy Act of 1974, 12, 37-42, 165, 181-182

Professional societies, role of, 13

Protecting health information. See Health information, protecting

Protecting Privacy in Computerized Medical Information, 50-51

Providers. See Health care providers

Proxy handlers, 103

Pseudonyms, use of, 17, 62, 192.

See also Anonymous care

Psychiatric records, 27

Publications. See Education and training

Public debate, need for, 12-13, 180-181, 186.

See also Consumer awareness initiatives

R

Real-time

quality assurance, 26

transmission of vital signs, 224

Reimbursement. See Capitation system;

Insurers

Remote users, 101-102.

See also Authentication

Reportable conditions, 74

Researchers. See Health care researchers

Retinal geometry patterns. See Authentication, biometric

Retraining, 149

Rights management technologies, 17, 84, 120-122, 193

Risk assessment, 130, 140

Rivest, Shamir, Adleman (RSA) system, 87

RSA. See Rivest, Shamir, Adleman (RSA) system

Rural care applications, 223, 225-228, 230-231

S

Sanctions. See Disciplinary policies and procedures

SATAN. See Security Administrator Tool for Analyzing Networks (SATAN)

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

Satellite communication technologies, 105

Screening router, 103

Screen scraping, 121

Secondary use, controlling, 17, 65-69, 120-122

Secure Sockets, 107

Secure Telephone Unit-III (STU-III) specification, 107-108

Security Administrator Tool for Analyzing Networks (SATAN), 109n, 114

Security and confidentiality committees, 9, 174

Security of data, 1, 6, 9, 115-116, 216-219.

See also Access controls;

Audit trails;

Linkage of records, controlling;

Rights management technologies;

Secondary use, controlling;

Software discipline;

Threats

defined, 1n, 20n

legal framework, 5, 38-39, 52-53

policies for, 129-130

implementing, 5, 53

technology for (See Health information, technology)

Self-assessment, 112-114, 116, 173

Self-insured employers, 5, 30n, 47

Sharing data, 3, 24

Site visits, 3, 7, 50, 84-117

Study committee's guide for, 211-220

Smart card tokens. See Authentication, token-based

Social contract, 27n

Social Security Administration, 108, 118

Social Security number (SSN), 15-16, 79, 118-119, 189, 196, 216

Software discipline, 9, 108-111, 116, 173, 218.

See also Viruses, computer

recommended improvements in, 110-111

Specialists, consulting with remote, 223, 231-232

State governments. See Governments

STU-III. See Secure Telephone Unit-III (STU-III) specification

Substance abuse information, 45, 131, 213

Suggestion boxes, 139n

Systemic concerns. See Threats, systemic

T

TCP wrappers, 172

Testbeds, 16-17, 193-194, 222-232

Threats, 1, 3, 5, 8, 83, 112-114, 121, 216.

See also Blackmail;

Denial-of service attacks;

Tunneling attacks

organizational, 3, 9, 54-65

countering, 61-62, 64-65

levels of, 59-61, 63

systemic concerns, 2, 4, 6, 12-14, 65-81, 164-165

Time-stamped incremental backups, 112

Token use. See Authentication, token based

Tort right of privacy. See Privacy

Total quality management, 23

Training programs. See Education and training

Transcription services, 219

tripwire (software program), 109, 114

Trojan horses. See Viruses, computer

Tunneling attacks, 103

U

Unauthorized access. See Threats

Underserved patients, 222

Uniform Healthcare Information Act, 45

Unique health identifiers. See Universal health identifiers

Universal health identifiers, 6, 14-16, 78-81, 117-120, 185-190, 216, 237.

See also Social Security number (SSN)

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×

U.S. Office of Consumer Affairs, 14, 184

U.S. Postal Service, 107

User authentication. See Authentication

V

Validating access. See Access controls

Veterans Affairs, Department of, 15n, 40-41

Videos. See also Education and training

consultations using, 227

Viruses, computer, 9, 61, 108-109, 113

Vulnerability. See Threats

W

Warren Grant Magnuson Clinical Center, 2

Watermarking, 121

Wireless communication technologies, 104-105

World Wide Web, 28-29, 64, 226

browsers, 108

protecting, 107, 111

Z

Zero tolerance, 152

Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 255
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 256
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 257
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 258
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 259
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 260
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 261
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 262
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 263
Suggested Citation:"Index." National Research Council. 1997. For the Record: Protecting Electronic Health Information. Washington, DC: The National Academies Press. doi: 10.17226/5595.
×
Page 264
For the Record: Protecting Electronic Health Information Get This Book
×
Buy Hardback | $32.95 Buy Ebook | $26.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

When you visit the doctor, information about you may be recorded in an office computer. Your tests may be sent to a laboratory or consulting physician. Relevant information may be transmitted to your health insurer or pharmacy. Your data may be collected by the state government or by an organization that accredits health care or studies medical costs. By making information more readily available to those who need it, greater use of computerized health information can help improve the quality of health care and reduce its costs. Yet health care organizations must find ways to ensure that electronic health information is not improperly divulged. Patient privacy has been an issue since the oath of Hippocrates first called on physicians to "keep silence" on patient matters, and with highly sensitive data—genetic information, HIV test results, psychiatric records—entering patient records, concerns over privacy and security are growing.

For the Record responds to the health care industry's need for greater guidance in protecting health information that increasingly flows through the national information infrastructure—from patient to provider, payer, analyst, employer, government agency, medical product manufacturer, and beyond. This book makes practical detailed recommendations for technical and organizational solutions and national-level initiatives.

For the Record describes two major types of privacy and security concerns that stem from the availability of health information in electronic form: the increased potential for inappropriate release of information held by individual organizations (whether by those with access to computerized records or those who break into them) and systemic concerns derived from open and widespread sharing of data among various parties.

The committee reports on the technological and organizational aspects of security management, including basic principles of security; the effectiveness of technologies for user authentication, access control, and encryption; obstacles and incentives in the adoption of new technologies; and mechanisms for training, monitoring, and enforcement.

For the Record reviews the growing interest in electronic medical records; the increasing value of health information to providers, payers, researchers, and administrators; and the current legal and regulatory environment for protecting health data. This information is of immediate interest to policymakers, health policy researchers, patient advocates, professionals in health data management, and other stakeholders.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!