ETHICS,

PRIVACY,
AND
SECURITY
Content • Ethics in Health Informatics
– General Ethics
– Informatics Ethics
– Software Ethics
• Privacy, Confidentiality and 
Security
– Levels of Security in HIS
– Levels of Security in LIS
– Data Privacy Act
 Health
informatics
ethics

• Application of the principles 
of ethics to the domain of 
health informatics
Ethics in Health Informatics
 General Defined as either allowing 
individuals to make their
Ethics own decisions in response to
a particular societal context, 
or as the idea that no one human
person does not have the
authority nor should have
Autonomy power over another human
person
 General • Electronic health records (EHR)
must maintain respect for patient
Ethics autonomy, and this entails certain 
restrictions about the access, 
content, and ownership of records

• Limiting patient access and control 
over patient records improves 
Autonomy document quality because they can 
become proofreaders of their own 
patient history (Mercuri, 2010).
 General • Defined as “do good” and “do
Ethics no harm”, respectively.

• Beneficence relates most 
significantly with the use of the 
stored data in the EHR system
Beneficence
and Non- • Non-maleficence with data 
protection
maleficence
Principle of
Beneficence
in Health
Informatics
• Conduction of 
groundbreaking biomedical 
and public health research
Principle of
Non-
maleficence
in Health
Informatics
• Temporary Outage
• Total System Failure
• Data Security
Informatics • Principle of Information-Privacy
and Disposition
Ethics
– All have fundamental right to
privacy
– Thus the control over the 
collection, storage, access, use, 
communication, manipulation, 
linkage and disposition of data 
about themselves
Informatics • Principle of Openness
Ethics – The collection, storage, access, 
use, communication, 
manipulation, linkage and 
disposition of personal data must
be disclosed in an appropriate
and timely fashion to the
subject or subjects of those
data
Informatics • Principle of Security
Ethics – Data that have been legitimately 
collected about persons or groups of 
persons should be protected by
all reasonable and appropriate
measures against loss degradation, 
unauthorized destruction, access, 
use, manipulation, linkage, 
modification or communication.
Informatics • Principle of Access
Ethics – The subjects of electronic health 
records have the right of access to
those records and the right to
correct them with respect to its
accurateness, completeness and
relevance.
Informatics • Principle of Legitimate
Ethics Infringement
– The fundamental right of privacy and 
of control is conditioned only by the
legitimate, appropriate and
relevant data-needs of a free,
responsible and democratic society,
and by the equal and competing
rights of others
Informatics • Principle of the Least Intrusive
Alternative
Ethics
– Any infringement of the privacy 
rights of a person or group of 
persons, and of their right of control 
over data about them, may only 
occur in the least intrusive fashion 
and with a minimum of interference 
with the rights of the affected parties. 
Informatics • Principle of Accountability
Ethics – Any infringement of the privacy
rights of a person or group of 
persons, and of the right to control 
over data about them, must be
justified to the latter in good time
and in an appropriate fashion. 
 Software Ethics
• The software developer has ethical duties and responsibilities to 
the following stakeholders:
– Society
• Best interest of the society. Developers should be mindful of social impacts of 
software systems.
• Includes disclosing any threats or known defects in software
– Institution and employees
• Best interests of the institution and its employees, while balancing their duties 
to the public, including being straightforward about personal limitations and 
qualifications
 Software Ethics
• The software developer has ethical duties and responsibilities to 
the following stakeholders:
– Professional Standards
• Software products should meet expected professional standards.
• Developers should strive to build products that are of high standard, by 
thoroughly testing and detailing unresolved issues. 
 Privacy, • Privacy generally applies to 
individuals and their aversion to 
Confidentiality
eavesdropping
and Security
• Confidentiality is more closely 
related to unintended 
disclosure of information
• Privacy and confidentiality are 
widely regarded as rights of all
people which merits respect
without need to be earned,
argued, or defended

• Protection of privacy and 
confidentiality is ultimately 
advantageous for both
individuals and society
 Privacy, • Privacy and confidentiality 
protection also benefits public 
Confidentiality health.
and Security • When people are not afraid to 
disclose personal information, 
they are more inclined to seek 
out professional assistance, and 
it will diminish the risk of 
increasing untreated illnesses 
and spreading infectious 
diseases (Goodman, 2016).
 Privacy, • When breaches of privacy and 
confidentiality occur  serious 
Confidentiality consequences for your 
organization, such as reputational 
and Security and financial harm, or harm to 
your patients
• Poor privacy and security 
practices heighten the 
vulnerability of patient 
information and increases the risk 
of successful cyber-attacks (USA 
Department of Health and Human 
Services, 2015). 
 Privacy, • Obligations to protect privacy 
and to keep confidences fall on:
Confidentiality – System designers
and Security – Maintenance personnel
– Administrators
and, ultimately, to the:
• Physicians
• Nurses
• Other frontline users of the 
information
 Levels of Security in the Hospital
Information System
Safeguards
• Continual risk assessment of your health IT environment
• Continual assessment of the effectiveness of safeguards for electronic 
health information
• Detailed processes for viewing and administering electronic health 
Administrative information
Safeguards • Employee training on the use of health IT to appropriately protect 
electronic health information
• Appropriately reporting security breaches (e.g., to those entities 
required by law or contract) and ensuring continued health IT 
operations
 Levels of Security in the Hospital
Information System
Safeguards
• Office alarm systems
Physical • Locked offices containing computing equipment 
Safeguards that store electronic health information
• Security guards
 Levels of Security in the Hospital
Information System
Safeguards
• Securely configured computing equipment (e.g., virus checking, 
firewalls)
•  Certified applications and technologies that store or exchange 
electronic health information
Technical • Access controls to health IT and electronic health information (e.g., 
Safeguards authorized computer accounts)
• Encryption of electronic health information
• Auditing of health IT operations
• Health IT backup capabilities (e.g., regular backups of electronic health 
information to another computer file server)
 5 Key • Availability: ensuring that accurate and up-to-
date information is available when needed at 
Function appropriate places;
• Accountability: helping to ensure that health 
care providers are responsible for their access 
to and use of information, based on a 
legitimate need and right to know;
• Perimeter identification: knowing and 
controlling the boundaries of trusted access to 
the information system, both physically and 
logically;
 5 Key • Controlling access: enabling access for 
Function health care providers only to information 
essential to the performance of their jobs 
and limiting the real or perceived 
temptation to access information beyond a 
legitimate need; and
• Comprehensibility and control: ensuring 
that record owners, data stewards, and 
patients understand and have effective 
control over appropriate aspects of 
information privacy and access.
 Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
Patient record (e.g. ID Number, name, sex, age, location) must be created in the LIS 
Register Patient before tests can be ordered. LIS usually automatically receives these data from a hospital 
registration system when a patient is admitted.
Physician orders tests on a patient to be draw as part of the laboratory’s morning blood 
Order Tests
collection rounds. The order is entered into the CIS and electronically sent to the LIS. 
Before morning blood collection, the LIS prints a list of all patients who have to be drawn 
and the appropriate number of sample bar-code labels for each patient order. Each 
barcode has a patient ID, sample contained, and laboratory workstation that can be used 
Collect Sample to sort the tube once it reaches the laboratory. Another increasingly popular approach is 
for patient caregivers or nurses to collect the blood sample. Immediately prior to 
collection, sample barcode labels can be printed (on demand) at the nursing station on an 
LIS printer or portable bedside printer.
 Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
When the samples arrive in the laboratory, their status has to be updated in the 
LIS from “collected” to “received.” This can be done by scanning each sample 
Receive Sample
container’s barcode ID into the LIS. Once the sample is “received,” the LIS 
transmits the test order to the analyser who will perform the test.
The sample is loaded onto the analyser, and the bar code is read. Having already 
received the test order from the LIS, the analyser knows which tests to perform 
on the patient. No work list is needed. For manually performed tests, the 
Run Sample
technologist prints a work list from the LIS. The work list contains the names of 
the patients and the tests ordered on each. Next to each test is a space to record 
the result.
 Levels of Security in the
Laboratory Information System
STEP DESCRIPTION
The analyser produces the results and sends them to the LIS. These results are only 
viewable to technologists because they have not been released for general viewing. The 
Review Results
LIS can be programmed to flag certain results—for example, critical values—so the 
technologist can easily identify what needs to be repeated or further evaluated.
The technologist releases the results. Unflagged results are usually reviewed and released 
at the same time. The LIS can also be programmed to automatically review and release 
Release Results normal results or results that fall within a certain range. The latter approach reduces the 
number of tests that a technologist has to review. Upon release, the results are 
automatically transmitted to the CIS.
The physician can view the results on the CIS screen. Reports are printed when needed 
Report Results
from the LIS.
 Safeguards for the Laboratory
Information System
Safeguards for the Laboratory Information System
• Continuous employee training on the use of the LIS
• Periodic review of standards in identifying which results should be flagged
• Strengthen laboratory authorization and supervision policies
Administrative
• Implement strict rules and regulations regarding the testing procedures
Safeguards • Release guidelines on proper disposal of laboratory specimen
• Enforce policies on the proper use of laboratory workstations
• Impose disciplinary measures as needed
• Periodic maintenance of laboratory equipment
• Biometrics or other security protocol for laboratory access
Physical Safeguards • Controlled temperature both for equipment and specimen
• Contingency operations plan
• Use of appropriate personal laboratory safety equipment 
 Safeguards for the Laboratory
Information System
Safeguards for the Laboratory Information System
• Automated identity confirmation procedures for users requesting access
• Regular change of  username and password
Technical Safeguards • Different access capabilities based on user position
• Automatic log-off after long periods of inactivity
 
 Data • Aim “to protect the 
fundamental human right of 
Privacy Act
privacy, of communication 
of 2012 while ensuring free flow of 
information to promote 
innovation and growth.” 
(Republic Act. No. 10173, Ch. 1, 
Sec. 2)
 Data • Data Privacy Act applies to individuals and 
legal entities that are in the business of 
Privacy Act processing personal information.
• The law applies extraterritoriall
of 2012 • It covers personal information of Filipino 
citizens regardless of the place of residence.
• The main principles that govern the 
approach for the Data Privacy act include:
– Transparency;
– Legitimacy of purpose; and 
– Proportionality
 Data • Consent is one of the major elements 
highly-valued by the Data Privacy Act.
Privacy Act
• The act provides that consent must
of 2012 be documented and given prior
to the collection of all forms of
personal data, and the collection
must be declared, specified, and for a
legitimate purpose.
 Data • Furthermore, the subject must be 
notified about the purpose and
Privacy Act
extent of data processing, with 
of 2012 details specifying the need for 
automated processing, profiling, 
direct marketing, or sharing.
• These factors ensure that consent is 
freely-given, specific, and
informed.
 Data • However, an exception to the 
requirement of consent is allowed in 
Privacy Act cases of contractual agreements
of 2012 where processing is essential to 
pursue the legitimate interests of 
the parties, except when overridden 
by fundamental rights and freedom.
• Such is also the case in responding 
to national emergencies.
 Data • Data Privacy Act describes sensitive 
personal information as those being:
Privacy Act – About an individual’s race, ethnic origin, 
marital status, age, color, and religious, 
of 2012 philosophical or political affiliations;
– About an individual’s health, education, 
genetic or sexual life of a person, or to any 
proceeding or any offense committed or 
alleged to have committed;
– Issued by government agencies “peculiar” 
(unique) to an individual, such as social security 
number;
– Marked as classified by executive order or act 
of Congress.
 Data • Consent of the data subject;
Privacy Act • Pursuant to law that does not require 
of 2012 consent;
• Necessity to protect life and health of a 
person;
• Necessity for medical treatment;
• Necessity to protect the lawful rights of 
Exceptions data subjects in court proceedings, 
legal proceedings, or regulation.
 The act provides • Unauthorized processing
for different • Processing for unauthorized purposes
penalties for • Negligent access
varying • Improper disposal
violations, • Unauthorized access or intentional 
majority of which breach
include • Concealment of breach involving 
imprisonment. sensitive personal information
• Unauthorized disclosure; and 
These violations
• Malicious disclosure
include:
Penalty • Any combination or series of acts 
enumerated above shall make the 
person subject to imprisonment 
ranging from three (3) years to six 
(6) years, and a fine of not less 
than One million pesos 
(Php1,000,000.00) but not more 
than Five million pesos 
(Php5,000,000.00) (Republic Act. 
No. 10173, Ch. 8, Sec. 33).