failed to disclose details about his health status during an election campaign because his advisors felt that such disclosure would adversely affect the outcome of the election.20

Policies must be established to determine who can have access to what information. Organizations must then implement mechanisms to prevent those without legitimate needs from gaining access to information and must try to develop mechanisms to keep those who are granted access from divulging information to others. These mechanisms must balance the need for information against privacy; they must protect information while ensuring that health care will not suffer because someone has been unable to gain access to important information. They must reduce to an acceptable level the risk that health information might be used for purposes that harm (in a physical, emotional, or economic way) the patient, those who care for the patient, or the family and associates of the patient, while still providing legitimate access to ensure that the patient's care will not be compromised, payers will not be defrauded, and researchers can obtain information that will enable further knowledge. Finding the appropriate set of mechanisms for deployment within health care organizations is complicated by the fact that all access controls cost money and time. Care providers who have legitimate needs to access patient information must pass through access controls many times in the course of a day. If authentication and access pathways for users are inconvenient or time consuming, providers will generally choose convenience and may attempt to find ways to bypass controls or refuse to use a system with these pathways.

A variety of mechanisms exist for protecting electronic health information.21 These include both technical measures for improving computer and network security as well as organizational measures for ensuring that workers understand their responsibility to protect information and for detecting and reporting violations. Understanding the efficacy, costs, and trade-offs between protection and access inherent in each of these mechanisms is central to implementing sound programs for improving privacy and security in the health care industry. By clearly delineating the types of privacy and security concerns associated with health information, reviewing the uses to which health information is put, and evaluating technical and organizational mechanisms for protecting health


CNN Interactive. 1996. "Yeltsin Had Heart Attack During Russian Elections," September 21; available on-line at


A bibliography compiled by the National Library of Medicine identifies some 800 recent references on topics related to the security and confidentiality of health information. See National Library of Medicine. 1996. Current Bibliographies in Medicine: Confidentiality of Electronic Health Data, No. 95-10. National Library of Medicine, Rockville, Md.

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement