2.3. Conceptual Framework
In the conceptual framework development, the literature, expert opinions, site interviews, white papers, laws and regulations, and many other related documents and views were examined, analyzed, and reviewed (
Figure 1). As result, 32 variables under 5 dimensions were determined to be important for patient privacy. In this part, the details of the conceptual framework will be explained and examined.
The dimensions of the patient privacy protection maturity evaluation framework are:
From the bottom up, the hierarchy of the dimensions used in the evaluation framework is given below in
Figure 2. The dimensions are the key evaluation topics. Management is the top-most important part, so it is on the base. Without the support of management and the actions that need to be enacted by management, patient privacy and security cannot be guaranteed. Then comes the human, which is made up of users, patients, and managers. The third part is the data model. At the top, the policies and mechanisms in HCIS are important.
In
Figure 3, under the dimensions (
Figure 2), the variables of the evaluation framework are given. All the variables and mechanisms are presented in detail below.
Patient privacy policy: all healthcare institutions should have a written, approved, and publicly stated policy on patient privacy. The policy should clearly state the patient’s rights and the institution’s and staff’s responsibilities and penalties.
Training program (users and patients): All healthcare institutions should train their staff and patients in terms of privacy. In this training, staff should be trained about awareness, actions to undertake, actions not to take, possible threats, the possible outcomes of privacy violations, and possible penalties for both the faulty institution and faulty person. Patients should be trained in terms of awareness, their rights, complaint mechanisms, consent, and control over their private data.
Inspections: All healthcare institutions should conduct regular, scheduled, or immediate patient privacy inspections. There should be an effective carrot-and-stick mechanism at the end of each inspection. The results of these inspections should be made public.
Patient consent management: Unfortunately, “patient consent” is a problematic area. Patients are not mature enough to really decide on their consent. Either they are afraid of not receiving a good service and give consent although they do not want to, or they are afraid of something bad (in vain) and do not give consent. They should be informed properly about the procedures and usage of their data and the risks together with their realization rate, etc., to enable patients to give the right consent and not the wrong consent.
Interoperability policy: In the technology era, systems are not running alone. There are many other interacting systems and devices. For a HCIS to be interoperable with other systems and devices is a good virtue, but patient privacy and security should be considered and handled as a challenge. To accomplish this, all healthcare institutions should have a written, approved, and declared policy describing the way to interoperate with connecting devices and systems in data exchange in terms of patient privacy.
Responsibility declaration: All healthcare institutions should have a written, approved, and declared responsibility declaration, clearly stating its responsibilities and penalties in terms of patient privacy and security.
Privacy and security documentation: All healthcare institutions should have privacy and security documentation for guidance to ease the burden on humans (users/patients/managers). This document should contain standards, laws and regulations, and how-to descriptions.
Awareness: Awareness is a very important issue for the human factor of patient privacy and security. Without knowing exactly what an issue is and what it is not, one cannot take the necessary actions to address it. The human factor of healthcare institutions should be very well aware of patient privacy and security.
Use of own username and password: The most common violation of patient privacy and security is caused by users’ not using their own username and password in healthcare institutions. HCIS users are not sensitive about their usernames and passwords and give them to other users. As we have stated before, user negligence is the major data security breach source. Considering that all users have different authorizations, sharing usernames and passwords means that most users operate in the HCIS with authorization that they do not have.
Logging: All the daily operations performed by HCIS users should be stored in the HCIS database. This logging history has to be used for possible privacy and security violations, and can also be used for retrospective examination in the case of complaints or suspicions.
Private data sets: All healthcare institutions should have clearly defined, listed, and declared private data sets about patients. These private data sets should be subject to special mechanisms both in the HCIS and routine use. The proposed private data set derived from HIPAA can be:
Names.
All elements of dates (except year).
Phone numbers.
Fax numbers.
E-mail addresses.
Social security numbers.
Medical record numbers.
Health plan numbers.
Account numbers.
Certificate/license numbers.
All means of vehicle numbers.
All means of device identifiers.
Web Universal Resource Locators (URLs).
Internet Protocol (IP) addresses.
All means of biometric identifiers.
Any comparable images.
Any other unique identifying numbers.
Data access hierarchy: Having clearly defined the private data set, all elements of the data set should have an access hierarchy level. This means that all elements should be indicated by means of access security importance levels. An example of such a data access hierarchy is given in
Table 1.
User access definition: By user access definition, the healthcare institution defines the level of HCIS users with their user access definition. A data access hierarchy and user access definitions can help institutions to manage which user can access which private data set elements. An example is given
Table 2.
It is seen that physicians can access the entire data set given in
Table 1 (they have an access definition of 7, which is equal to or greater than all the data access hierarchy levels) when the system combines user access definitions and data access hierarchy. Technicians, lab technicians and office workers cannot access any private data set elements.
Data security mechanism: A data security mechanism is a collection of measures to protect data from unauthorized access and malicious attacks, such as the secure protection of hardware, biometric measures, firewalls, etc.
Anonymity: Anonymity is an important measure to protect patient privacy. In particular, research studies, data exchange, consultations, billing, etc., procedures are very sensitive applications and prone to privacy violations. To protect privacy, anonymity is a good in such applications.
Transmission security: When transferring patient data, the institution should be aware of two stages: the time the data are in transit, and the time the data are sent and received. There must be mechanisms in place to ensure that the data are not viewed or modified during the time they are in transit.
Controlled research: Research is very important for the development of new technologies/advances/prognoses, etc., but there is a danger of the abuse and misuse of patient private data. To prevent privacy violations and enable research, there must be a control mechanism, and the best solution could be anonymity.
Authorization and authentication: These issues are very well known and do not need further definition. Authorization should be enforced according to user access definition.
Private data access logging: Any access to private data sets should be exclusively logged, separately from the logging defined above. With this special logging, privacy violations can be spotted online and in a timely manner.
Privacy violation alert: In HICS, there can be smart, online alert mechanisms about potential patient privacy violations to enable management to prevent possible cases.
Backup security: While backing up the data in the HCIS database, there should also be mechanisms to prevent privacy violations and protect privacy.
Need to know: This is a very important principle that can be used to protect security. In access to private data sets, the construction of user access definitions can be referenced according to a need-to-know principle. If a user does not need to know an element of the private data set, then the access should not be given.