Health IT: A Framework for Managing Privacy Impact Assessment of Personally Identifiable Data

Health IT: A Framework for Managing Privacy Impact Assessment of Personally Identifiable Data

Cyril Onwubiko (Research Series Limited, UK)
DOI: 10.4018/978-1-4666-8614-4.ch019


Health IT is the use of Information Technology (IT) in healthcare to improve patients' experience, enable quality care, efficiency, speed, and security of the collection, exchange, sharing, and storage of sensitive personal information. But Health IT faces a number of notable challenges ranging from privacy risks to trust and confidence in the use of EHRs. In this chapter, a framework for conducting Privacy Impact Assessment (PIA) of Health IT projects is discussed. Privacy impact assessment is a process through which privacy risks are assessed. The chapter includes recommendations for mitigating identified risks and ensuring compliance to policy and processes for handling and processing of highly sensitive and Personally Identifiable Information (PII).
Chapter Preview


In 2009 the US government signed the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act, 2009), a federal initiative that seeks to improve American health care delivery and patient care through an unprecedented investment in Health Information Technology (Health IT). Simply, Health IT is the use of IT in healthcare to improve patients’ experience, enable quality care, efficiency, speed and security of personal information collection, exchange, sharing and storage. So Health IT encourages and incentivizes the use of electronic health records (EHRs) instead of paper medical records to maintain people’s health information, the secure use and sharing of health information, and the use of IT to improve the quality and efficiency of care.

The goals of Health IT were pretty clear – to convince all physicians and hospitals to adopt EHRs, incentivize care service providers to adopt EHRs and to use them in ways that improves patients experience, quality and efficiency of care. But five years down the line, have these goals been realised? What have improved, and what haven’t? What are perceived major drawbacks, and what could be done to improve?

The use of IT in Health to improve patients experience, improve quality of care, reduce delays in treatment, and improve healthcare standards as a whole is a welcome development and should be encouraged. Lessons learnt from other countries that currently use EHR information systems attest to impressive results, improvements in patient care experience, overall healthcare efficiency as seen with lower levels of drug error rates in Europe. For example, Denmark has the lowest rate of inappropriate medication in eight European countries (Denmark, the Netherlands, the UK, Iceland, Norway, Finland, Italy and the Czech Republic) – a 5.8 percent rate, compared to 19.8 percent in these countries on average (Lesk, 2013). Meanwhile, the US is still struggling to reduce errors. According to the 2000 National Research Council report (Grady, 2010) estimated that approximately 100,000 deaths resulted from medical errors each year; this figure has not improved over a decade later (Lesk, 2013).

Unfortunately, IT in Health comes with some challenges, especially, when use of IT in health is going to fundamentally and radically change existing healthcare practices such as use of EHRs for patient information record management, culture change in terms of electronic use, sharing and transmission of patients’ information. As with any change, both patients and practitioners are going to react to this change one way or another. Similarly, the implementation and operation of Health IT in accordance to the HITECH Act are going to be challenging, too. These challenges are going to be multifaceted, including but not limited to technical, policy, interoperability, interface, privacy, security and data formatting and presentation issues. This thought is not radical, as the Office of the National Coordinator for Health Information Technology (ONC) itself had envisaged this, leading to the initiation of the Strategic Health IT Advanced Research Projects (SHARP), a program researching into, and addressing some of the perceived challenges in four specific areas – security and health information technology, patient-centered cognitive support, health care application and network design and secondary use of EHR information (Office of the National Coordinator for Health Information Technology, 2010).

Complete Chapter List

Search this Book: