LEGAL AND ETHICAL

CONSIDERATIONS IN
NURSING INFORMATICS
Information Security and
Confidentiality

Learning Outcomes
1.

2.

3.

Differentiate between privacy, confidentiality,

information privacy, and information security.
Discuss how information system security
affects privacy, confidentiality, and security.
Identify potential threats to system security
and information.

Learning Outcomes
4.

5.

6.

Discuss security measures designed to protect

information.
Compare and contrast available methods of
authentication in terms of levels of security,
costs, and ease of use.
Distinguish between appropriate and
inappropriate password selection and
processing.

Learning Outcomes
7.

8.

Identify common examples of confidential

forms and communication seen in healthcare
settings and identify proper disposal
techniques for each.
Discuss the impact that Internet technology
has on the security of health-related
information.

Security

Information security and confidentiality of

personal information represent major concerns
in todays society amidst growing reports of
stolen and compromised information.

Confidentiality

In the USA, the protection of healthcare

information is mandated by the Health
Insurance Portability and Accountability Act
(HIPAA) and the Joint Commission
requirements.

Privacy

A state of mind, freedom from intrusion, or

control over the exposure of self or of personal
information

Significance of Privacy

Key concept to understanding significance of

information security and privacy
Includes right to determine what information is
collected, how it is used, and the ability to
review collected information for accuracy and
security
International movement to protect privacy

Confidentiality

A situation in which a relationship has been

established and private information is shared
with the expectation that it will not be redisclosed
Key to client treatment

Information/Data Privacy

The right to choose the conditions and extent

to which information and beliefs are shared and
the right to ensure accuracy of information
collected

Information Security

the protection of information against threats

to its integrity, inadvertent disclosure, or
availability determines the survivability of a
system

Information System Security

Ongoing protection of both information housed

on the system and the system itself from
threats or disruption
Primary goals

Protection of client confidentiality

Protection of information integrity
Ready availability of information when needed

Security Planning

Saves time and money

Guards against:

Downtime
Breeches in confidentiality
Loss of consumer confidence
Cybercrime
Liability
Lost productivity

Helps ensure compliance with regulatory

body/laws

Steps to Security

Assessment of risks and assets

An organizational plan

A culture of security

The establishment and enforcement of policies

Threats to System Security

and Information

Thieves
Hackers and
crackers

Viruses, worms

Flooding sites

Denial of service
attacks

Terrorists

Power
fluctuations
Revenge attacks

Threats to System Security

and Information

Pirated Web sites

Poor password
management
Compromised
device

Fires and natural

disasters
Human error
Unauthorized
insider access

Security Measures

Firewalls

barrier created from software and hardware

Antivirus and spyware detection

User sign-on and passwords or other means of

identity management

Access on a need-to-know basis- level of access

Automatic sign-off

Physical restrictions to system access

Identity Management

Area that deals with identifying individuals in a

system and controlling their access to
resources within that system by associating
user rights and restrictions with the established
identity

Authentication

Process of determining whether someone is

who he or she professes to be
Methods:

access codes
logon passwords
digital certificates
public or private keys used for encryption and
biometric measures

Password

Collection of alphanumeric characters that the

user types into the computer
May be required after the entry of an access
code or user name
Assigned after successful system training
Inexpensive but not the most effective means
of authentication

Password Selection and

Handling

Do:

Choose passwords that

are 8-12 characters
long.

Do not:

Post or write down

passwords.

Leave computers or
applications running
when not in use.

Avoid obvious
passwords.

Keep your password

private- ie, do not
share.

Re-use the same

password for different
systems.

Change password
frequently.

Use the browser save

feature.

Biometrics

Identification based on a unique biological trait,

such as:

a fingerprint
voice or iris pattern
retinal scan
hand geometry
face recognition
ear pattern
smell
blood vessels in the palm
gait recognition

Antivirus Software

Computer programs that can locate and

eradicate viruses and other malicious programs
from scanned memory sticks, storage devices,
individual computers, and networks

Spyware Detection Software

Spyware

a type of software that installs itself without

the users permission, collects passwords,
PIN numbers, and account numbers and
sends them to another party

Spyware Detection Software

Detects and eliminates spyware

Proper Handling and Disposal

Acceptable uses

Audit trails to monitor access

Encourage review for accuracy

Establish controls for information use after

hours and off site
Shred or use locked receptacles for the disposal
of items containing personal health information

The Impact of the Internet

Introduces new threats

E-mail and instant messages may carry

personal health information that can be
intercepted

Unapproved use of messages or Web sites

can introduce malicious programs

Web sites used for personal health

information may be inappropriately accessed

Implications for Mobile

Computing

Devices are easily stolen.

Devices should require authentication and
encryption to safeguard information security.
Devices should never be left where information
may be seen by unauthorized viewers.
Verify wireless networks before use.

Implications for Mobile

Computing

Responsibility for information and

information system security is shared

Reference
Hebda, T. & Czar, P. (2013). Handbook of
informatics for nurses and health care
professionals (5thed.). Upper Saddle
River, New Jersey: Pearson.