Article Preview
TopIntroduction
Health information systems (HIS) may serve a wide array of purposes such as Electronic Health Record (EHR), Laboratory Information System (LIS), Radiology Information System (RIS), Pathology Information System (PIS), Pharmacy Systems and drugs inventory, Prescription Review Databases and Clinical Decision Support (CDS), Real-time Capture From Medical Devices, Disease and treatment registries and thesaurus and Personal Health Record. Depending on HIS specialization and its use at inpatient or outpatient facilities, a non-exhausting list of patient demographics information includes individual's name, birth year, gender, race/ethnicity, address, phone number, country, postal code, blood type, spoken language, smoking and other legal drugs usage, health problems, medication usage, allergies, laboratory tests results, vital signs, servicing history and executed procedures, vaccines and immunization status, existing implants, health assessments, goals and health concerns(Pan, Byrne, Damico & Crimmins, 2014; Alva, Kleinau, Pomeroy & Rowan, 2009). Some of this information is capable to directly identify a patient and others can be bound indirectly as identifiers. What all these types of systems have in common although there is the need to process Private Patient Information (PPI) at some level and, according to recent privacy regulation, this process must be subjected to proper authorization. Since the European Union’s General Data Protection Regulation (GDPR) (Andrew & Baker, 2019), stringent rules for collecting, processing, and securing patient data during healthcare service provisioning is required. The enforcement on 2018 has a direct impact on HIS as access and processing of private data should be only allowed based on a strictly legal basis or explicit consent from data-owner. Although the legal basis that justifies processing is mostly related to HIS purpose, the personal data manipulation restriction and requirements (whether manually or performed by automated means) vary according to controller or processor duties. As the provision of the healthcare services using EHR or another specific type of HIS usually puts the healthcare professional as the key actor, determining the purposes and means of the processing of patient personal data, the controller duties are put in place for most cases. Therefore, data-owner consent is a must-have capability onto the systems.
The term 'consent' in this scenario, means either express or tacit authorization to a recipient (healthcare professional, namely or jointly as part of a healthcare institution) freely given by the patient (Asghar & Russello, 2015). Moreover, the term 'informed consent', refers to a full description of processing purpose and all involved persons and entities that will disclose the information as part of the necessary activities, in a clear and unambiguous statement that signifies owner's agreement.
Considering that the healthcare scenario is complex by nature, involving many actors to take action during patient treatment and sometimes requiring even transferring between different facilities to complete a healthcare service provision, the wording 'jointly' that defines a more broad authorization signifies different scope extent that needs to be controlled by HIS in this sense. In a more individual scenario, a single healthcare institution and a specific healthcare professional is given processing authorization as a controller by the information owner. In a more dynamic (and realistic) scenario, a whole set of physicians from a specialty, the whole staff from a hospital or even an open authorization to a set of an institution can be given. Taking into account that there is a trend for health information flows to occur seamlessly and available to many healthcare providers that share a trusty database or transborder agreement as per Health Information Exchange (HIE)(Pan et al., 2014), the consent granularity on systems is a key feature.
In more practical terms, there is a need to ensure that the HIS is capable not only to segregate functions and roles that should gain access to patient data, according to their responsibilities and need-to-know but also to ensure private data is accessed and processed as dictated by patient. That is to comply not only GDPR but other more general aspects of privacy described by international standards that must be observed(ISO/TS 14441, 2013; ISO/IEC 27701, 2019).