Confidentiality of Electronic Health Data: Methods for Protecting Personally Identifiable Information. Confidentiality of Electronic Health Data


Electronic health data can improve the quality and efficiency of health care, research, and public health surveillance and interventions. To achieve these benefits without unacceptable risk to patient confidentiality, electronic health data must be created, used, transmitted, aggregated, and abstracted in ways and in environments that maintain data security and accuracy; prevent inadvertent or accidental release; prevent or deter access by unauthorized users; and discourage, detect, and punish inappropriate use of health data by unauthorized users.

This selective bibliography is primarily intended for those who are responsible for protecting electronic health data and need information on appropriate strategies for doing so. It includes references to publications, organizations, and electronic sources that address methods for preserving the confidentiality and security of electronic health data. The methods covered include technical approaches, institutional policies and procedures, staff and patient education, and legal and regulatory requirements. In addition to substantive discussions of measures for preserving confidentiality and security of health data, the bibliography also has references to some recent standards and guidelines that apply to electronic data in general. Letters, editorials, news items, and general descriptions of health information systems in which security and privacy prevention are mentioned briefly generally have been excluded.

The bibliography has a tight focus on how to protect electronic health data and therefore also excludes references to the large body of literature on related topics such as: the need to protect privacy; the need for federal legislation; the potential privacy and security problems associated with computer-based patient records; the public's perceptions of privacy issues; special ethical and privacy considerations associated with genetic screening, AIDS testing, and occupational health records; the conditions under which medical and psychiatric records must or must not be disclosed to courts; the tension between privacy and the public good in cases involving infectious disease, potential violence, etc.; institutional review boards; and informed consent, except as it relates directly to consent about use of health data.

In general, publication dates for references included in this bibliography range from January 1990 through March 1996, and publications are primarily in English. Journal articles, books and book chapters, conference proceedings and papers, meeting abstracts, laws and legal documents, and technical reports, as well as unpublished documents, have been surveyed and selected for inclusion. Arrangement of the bibliography is by subject and citations within each category are listed alphabetically by author; a citation appears under only one category.

A number of Internet sites created by various organizations that address confidentiality or computer security may be found by using various world wide web searching tools. A selected list of these are included in the Organizations section of this bibliography. All Internet addresses were functional on the date that this bibliography became available.

The compilers wish to thank Marlyn Schepartz, National Library of Medicine, for her technical assistance with production of this bibliography.