patient’s privacy and confidentiality

The evolution of computer and information technology has provided the healthcare with a new way through which they can store large amounts of data and information without the need of huge physical storage space. This storage method is beneficial to the healthcare in such a way that it conveniences multiple people with the immense capability of accessing information simultaneously and from different locations. The healthcare information stored in the Computer Patient Records (CPR) include patient’s personal information like phone number, address, treatment, medication, diagnosis history, and social security number among others. As much as computerization improves the accessibility of this information, it also poses a threat to the patient’s privacy and confidentiality. Fortunately, there are ways in which hospitals can ensure adequate security of patient information to prevent unauthorized access to sensitive information.

Ensuring Adequate Security of Patient Information

There are possible ways and methods of ensuring patient’s privacy and confidentiality have been protected in the computerized patient records systems through several security measures. One of such ways and methods is audit trails. Healthcare industry can use audit trails in tracking authorized users who are likely to abuse the healthcare data and information housed in the CPR systems. Through audit trails, the healthcare can document and log data and information on all access and transactions made on the system in which this data and information are stored (Bloustein, 1967).

Healthcare centers can also enhance and ensure the security of the system in which patient data and the information are stored through authentication. One way of authenticating is login procedures. Login procedures demand that users enter their specific passwords together with user IDs. Passwords and user IDs serve as one of the minimum-security procedures on most of the systems housing patient data and information. These systems can also be implemented with authentication of higher levels such as smart card and biometrics. Authentications of higher levels grant access to the users when they produce a card bearing an authorized password, voice recognition, fingerprint recognition, or retinal scan.

There is also a need for ensuring the integrity of the patient data and information in the CPR, user authentication, and content sent across the network. For this reason, healthcare centers need to employ Digital Signature Standard (DSS). DSS uses sophisticated cryptography technology which prevents forgery of electronic signatures. In the same way, signatures are carefully checked based on the time and other electronically stamped information and this way there is verification that patient records have not been altered or tampered with. Healthcare can also use encryption systems and firewalls while protecting the patient and internal networks like the Intranet from likely security breaches whenever users access external networks like the Internet and other Wide Area Networks (WAN) (Claerhout & Moor, 2005).

Healthcare industry can also install as well as activating remote wiping and remote disabling. Remote wiping is an information security feature which enables remote erasing of the data on a mobile computing device if the device has been lost or stolen. If the healthcare center accesses the patient information through a mobile computing device, they should enable remote wipe feature on the device. The feature permanently deletes data and information stored in the lost or stolen device. In the same way, they can activate remote disabling. This is a security feature whose capability enables the owner of the patient data and information to remotely lock or completely delete data and information stored on the mobile computing device in case the device is lost or stolen. However, the device may be unlocked if it is recovered (Gostin, 1995).

The personnel responsible for the patient data and information in the hospital should disable and never install or use file sharing applications. File sharing software and systems enable sharing and trading of computer files over the Internet when they connect to each other. However, sharing computer files over the Internet can easily enable unauthorized users to access the systems in which patient data and the information is stored without the knowledge of the person responsible. Besides accessing, the information, unauthorized users can maliciously plant malware or virus on the system housing the patient information. Disabling file-sharing reduces a known risk to the patient information on the system.

Security risks and threats have been changing rapidly. Therefore, hospitals should always update their security software and applications. This one of the ways of knowing that they have the latest tools and methods for preventing unauthorized access to the patient health data and information. Besides the maintenance of the security software and applications, hospitals should update the systems’ operating system. This is one way of ensuring they are running up to date and secure versions of applications and operating systems available for the system. The system should be configured to alert the system admin of the system and application updates. However, the system admin should ensure that applications and software are not updated without their authorization.

One of the benefits of the CPR system is convenience. However, these systems have their challenges in the way they protect and secure health information. There is a risk of the computers in which the system is installed being stolen leading to unauthorized use and disclosure of the patient information in the systems. Hospitals can limit access by unauthorized users, theft, or tampering of the system by physically securing the computers and the place in which the computers are housed. The computers should be locked securely in a location like a drawer thus preventing unauthorized users from accessing health data and information through the computers or on the computers. In the same way, computers or devices where health information is stored should be locked when they are not being used. Locking the devices ensure they ask for a password to unlock them. This prevents unauthorized users from easily accessing health data and information through the computers or on the computers (Erickson & Millar, 2005).


Everyone is entitled to privacy and confidentiality. Hospitals as healthcare providers have ethical and legal obligation of safeguarding the privacy and confidentiality of personal health data and information for every patient. Although it is increasingly becoming a challenge in today’s healthcare environment, it is possible. Every hospital should comprehensively understand the need for protecting the confidentiality of patients’ health data and information. Also, they should understand the connection between the patients and hospitals depend on the protection of the health information. Therefore, these hospitals should implement advanced technology as has been shown in this paper to make it more and more possible to keep the promise of ensuring adequate security of patient information to prevent unauthorized access to sensitive information.


Bloustein, E. (1967). Privacy as an aspect of human dignity: An answer to Dean Prosser. New York Law Review, 34-39.

Claerhout, B., & Moor, G. D. (2005). Privacy protection for clinical and genomic data: The use of privacy-enhancing techniques in medicine. Journal of Medical Informatics, 74, 257- 265.

Erickson, J. I., & Millar, S. (2005). Caring for patients while respecting their privacy: Renewing  our commitment. Online Journal of Issues in Nursing, 10 (2).

Gostin, L. O. (1995). Health information privacy. Cornel Law Review, 80, 101-184.

Sherry Roberts is the author of this paper. A senior editor at Melda Research in nursing writing services if you need a similar paper you can place your order for Customized Research Papers.

Leave Your Comment

Leave a Reply

%d bloggers like this: