Skip to Main Content

We have a new app!

Take the Access library with you wherever you go—easy access to books, videos, images, podcasts, personalized features, and more.

Download the Access App here: iOS and Android


In this chapter, you will learn to

  • Distinguish among the relevant general privacy terms applicable to healthcare

  • Recognize how privacy protects patient rights and supports the confidentiality of the healthcare information

  • Appreciate the role of and requirement for the healthcare privacy officer

  • Understand the prevailing data privacy concepts that make up leading privacy frameworks

  • Comprehend measures required under privacy principles related to data breach, including requirements for notifying affected individuals

This book is very clear in its intentions. Within healthcare, the roles and responsibilities of those who are charged with protecting information converge around distinct roles that may or may not have involved working with digital or electronic information previously. Some roles originate from traditional privacy or legal roles in health information management, where there is a shift from information being stored on paper to being stored in digital format; others come from information technology support backgrounds, such as local area networking, application management, and end-user support, where new concerns over protected health information is relevant. Still others may come from the clinical engineering or biomedical technician professions, where the interconnectivity of medical devices to each other and to internal and external networks is rapidly evolving. To help you visualize this convergence, Figure 7-1 depicts the intersection. For these previously distinct and somewhat separated communities, a primer is needed, both in privacy compliance for those with stronger backgrounds in security and in security for those with stronger backgrounds in privacy compliance. Chapter 7 provides such a primer for those who now have a responsibility for complying with information privacy in healthcare, and Chapter 8 does the same for those with traditional privacy or legal compliance roles in healthcare who now have increasing roles in protecting digital information through information security management.

Figure 7-1

Convergence of healthcare competencies with information privacy and security responsibilities

image NOTE

The distinction between privacy and security has begun to narrow. Some advocate that privacy is a concept embedded in the practice of providing information security or cybersecurity. However, for purposes of this text, we will maintain a distinction. This chapter presents information privacy as a function of what is being protected and why. Chapter 8 will address security by defining how an organization can protect the information.

U.S. Approach to Privacy

The United States does not apply a data privacy policy across all industries and data collectors. Due to a variety of factors, and to maintain a free-market economy, the United States approaches data privacy from a sector, or functional perspective. The central principle in this approach is that government does not set a singular policy that transcends the industries. Instead, each industry is governed by a combination of self-imposed guidelines and government-originated regulations specific to that industry. What results is incremental legislation that is focused on specific concerns (for ...

Pop-up div Successfully Displayed

This div only appears when the trigger link is hovered over. Otherwise it is hidden from view.