Abstract
The continued growth of healthcare information systems (HCIS) promises to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposes access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M. D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.
Original language | English (US) |
---|---|
Pages (from-to) | 45-54 |
Number of pages | 10 |
Journal | International Journal of Information Security and Privacy (IJISP) |
Volume | 2 |
Issue number | 3 |
DOIs | |
State | Published - Jul 2008 |
Keywords
- access control
- case study
- electronic medical record
- medical record confidentiality
- privacy protection
- privacy regulations
ASJC Scopus subject areas
- Information Systems