Adopting Confidentiality Principles for Electronic Health Records in Iran

Download PDF
3 downloads 0 Views 193KB Size Report
Comment
information, and the conditions for movement of data abroad ... In some countries, however, civil and .... absolute rights have not been considered in Iran's right.
J Med Syst DOI 10.1007/s10916-009-9370-x

ORIGINAL PAPER

Adopting Confidentiality Principles for Electronic Health Records in Iran: A Delphi Study Mehrdad Farzandipour & Maryam Ahmadi & Farahnaz Sadoughi & Iraj Karimi irajk

Received: 6 June 2009 / Accepted: 19 August 2009 # Springer Science + Business Media, LLC 2009

Abstract A growing capacity of information technologies in collection, storage and transmission of information has added a great deal of concerns since electronic records can be accessed by numerous consumers at various locations. Thus, the basic question is “what kind of Model is suitable for guaranteeing the confidentiality of EHR information in Iran?” The present study is a descriptive investigation made in Iran in 2007. Based on the collected data the preliminary model was designed and it was assessed through questionnaires and Delphi Technique and finally the noted model was designed and proposed. The findings showed the experts emphasize patient’s consent for collecting, using and releasing information in electronic health records. A comprehensive model is presented in six pivots. data ownership, inclusion of information accessibility laws in all organizations, responsibility for inaccessibility to information, and the conditions for movement of data abroad, have been confirmed as new dimensions added based on this study in the model.

M. Farzandipour Kashan University of Medical Sciences, 3rd km. of ravand- Kashan Highway, Kashan, Iran e-mail: [email protected] e-mail: [email protected] M. Ahmadi : F. Sadoughi (*) : I. Karimi irajk Iran University of Medical Sciences, Tehran, Iran e-mail: [email protected] M. Ahmadi e-mail: [email protected] I. Karimi irajk e-mail: [email protected]

Keywords Confidentiality principles . Confidentiality model . Electronic health record . Information confidentiality

Introduction Nowadays, developing electronic health records is one of the priorities in many countries. This electronic capacity to collate, share, match and manipulate information generates risks as well as benefits [1]. Taking these risks into account, one of the most significant factors to be considered in designing an electronic health record is to create a suitable ‘infrastructure’ for health information[2]. The proper performance of this infrastructure relies heavily on health information confidentiality and security principles [3]. The growing capacity of Information and Communication Technologies in collecting, storing and transmitting great amounts of information has added considerable concerns. Health service users are concerned that information technology (IT) and EHRs make their personal information accessible by a greater number of individuals [4, 5]. The studies in the United States (2004), show that security and confidentiality issues are the greatest obstacle to the administration of computerized record systems and dissemination of data [6]. The investigations made in Iran (2005) indicate that in most cases there are no certain laws for the disclosure of the health information. The absence of clear directions for the patients’ information confidentiality has made medical record departments act haphazardly and consequently ignore the patients’ rights. A study in Iran by Meidani (2003) also indicates that the health information management (HIM) departments do not meet the confidentiality criteria in the hospitals of Iran [7]. In some countries, however, civil and penal punishments are exercised for those who offend against EHR confidentiality principles [8].

J Med Syst

and England, and then compared these principles in six axes including:

Electronic health discussion started with the approval of TAKFAB project in Iran, Ministry of Health, Treatment and Medical Education in 2001. Further related studies reveal that TAKFAB measures have not been truly national or have remained unfinished [9]. Dispersed activities are presently done in relation to hospital information systems in Iran. The potentials and needs for sharing information hardly taken into account in these systems and all of them supplied in non-shareable formats [10]. Thus, one of the basic issues of EHR is that patients can see their electronic records, and in the future each citizen will be able to observe his/her EHR with proper confidentiality and security precautions [9]. The establishment of private limits and security for information causes people to be able to control their personal information and to guarantee its confidentiality and security [11]. Considering these serious concerns among both scholars and people and a recent decision made by the Iran’s Ministry of Health, Treatment and Medical Education to apply IT to health and the development of electronic health records for each individual, confidentiality is inseparable part of electronic health record architecture, and its technical and executive principles must be thought of. Therefore general standards of information security and confidentiality management as well as specific standards in health domain are utilized. In addition more guidelines and rules for this specific context need to be compiled and developed and the study of EHR confidentiality and privacy policies is one of crucial steps to take in Iran [12].

1. National effort to developing Electronic health records and its Infrastructure 2. Expansion of designing and trail accomplishment scope of Electronic Health Records 3. Cooperation of private section along with governmental section in designing and; 4. Suitable investment in designing and developing of Electronic Health Records.

Objective

Phase two: Designing preliminary model

With regard to the recent attention of the Ministry of Health, Treatment and Medical Education, to establishing EHR for each Iranian and to the concerns about information confidentiality and privacy, it is necessary to provide and compile EHR confidentiality principles and use other countries, experiences. Thus, the basic question of this study is, “what kind of Model is suitable for guaranteeing the confidentiality of EHR information in Iran?

In order to design a preliminary pattern we made first a comparison between the selected countries based on the collected data in the six major axes mentioned before. The repetitious items once included and others were excluded from the proposed pattern, also dissimilar items were included in each axis. Then we had the newly designed model evaluated by professionals.

Data collection conditions: individuals awareness, collecting personal information from some one else Data usage principles: use and none use of individuals health information with consent and without consent of patient Information disclosure principles: disclosure and none disclosure of individuals health information with consent and without consent of patient Access to information principles: access and no access to health information in some cases Information Maintenance conditions, and finally responsibilities of EHR custodians: Responsible person, transference of health information abroad. The decision on the selection of these countries was made based on available library and internet resources, consultations with HIM specialists in Iran, and consideration of the following aspects [2, 3, 13–17]:

Phase three: Testing the reliability of the questionnaire and validity of the proposed model Methods This descriptive study has been made in Iran in 2007. It comprises three phases as follows: Phase one: Comparative study As the first step, we made an investigation on the model of confidentiality principles for EHRs in Australia, Canada

To develop the proposed model we used Delphi Technique. To do this first a questionnaire was designed. In this questionnaire for each item in every axis, three options were considered namely agreed, disagreed and neutral. Three open-ended questions were also included for the specialists to add their probable viewpoints. Although the collected data had been extracted from the reliable sites of the selected countries,

J Med Syst

we decided to assess the validity of the proposed questionnaire. In order to do so the questionnaires were administered to a number of the academic professionals, medical record specialists and health information administrators, and they were asked to complete them. After we received the completed questionnaires, some items were included based on the professions’ viewpoints as an answer to the openended questions. The final questionnaire was administered to a number of specialists. After 10 days the questionnaires were given to same individuals and asked to answer them again. In both steps, the tools and method of data collection were approved by the specialists. In addition, the reliability of the questionnaire was determined by Brown Pearson’s Method (with 95% of confidence co efficiency). After testing the reliability of the questionnaire of proposed model, we used the first stage of Delphi Technique. In this stage the questionnaires were sent to 35 specialists including faculty members of universities in Medical Record Departments, Health Information Administrators in medical universities and professionals in Medico legal Organization. The questionnaires were either sent through post or forwarded through e-mail. Thirty-four participants completed the questionnaires. To analyze the collected data, we applied descriptive statistical methods. And by the application of Delphi Technique, the items in the model which had been approved by less than 50% of the experts were excluded and those approved by75% of professionals or more were adopted. Those items from the model approved by 50 to 74% of the participants as well as their recommended items based on open questions were identified. We classified these recommended items base on their theme, then inserted in their axes and assessed in the second stage of the Delphi Technique to achieve a consensus. In the second stage of the Delphi Technique, questionnaires were sent to the same 35 professionals, and from this number 30 participants completed the questionnaires. After the analysis of the collected data, the following results were achieved.

legal organization and 15% had Ph.D. The field of study of about 85% was ‘Medical Records’ and 15% was ‘Health Information Management’. Seventy-four percent were a faculty member of universities while about 26% were not. In the second stage, about 60% of the specialists were women. Fifty-three percent of the participants were between 25–34 years old and the rest were between 35 and 54. About 60% of them were with 3 to 9 years work experience and 40% with 10-year or more.23% were at B. A. level, 67% were at M.A. level and 10% had Ph.D. the field of study of about 90% was Medical Records and 10% was Health Information Management. Sixty percent were faculty member and 40% were not. According to the specialists’ in Iran, the collection of information with the one’s consent and also for legal action, the awareness of the individual of the manner and conditions of collection and disclosure, the conditions of collection from someone else and the organization’s obligation not to disclose the personal information without the one’s consent have been highlighted (Table 1). The specialists’ emphasize using health information with the patient’s consent, and refraining from the release of information for purposes outside the care and treatment cycle without the individual’s consent.Table 2 shows axes 2 and 3 (Table 2). The experts’ emphasize the individual’s access to the information in electronic health record based on request and unavailability of information in certain conditions (Table 3). The experts’ emphasize the need for a written policy regarding the maintenance of health information, all kinds of access to it and retrieval of data from electronic health records (Table 4). The professionals in Iran made an emphasis on developing administrative, technical and physical safeguards and making all information agents aware of these requirements (Table 5). In the second stage of Delphi Test, the experts approved the disclosure of health information by the one who receives information with patient’s consent for a purpose other than what the collection of information is intended (Table 6).

Results Discussion Results related to reliability of the model Data collection Based on the findings in the first stage, about 65% of the specialists were women and about 35% of them were men. 50% of the participants were between 25 and 34 years old and the rest were between 35 and 54. About 56% of them were with 3 to 9-year work experience and 44% with 10year or more. Sixty-five percent were at M.A. level, 20% were at B.A. level that eight persons were from medico-

The comments put by the experts emphasis on the collection of health information with one’s consent and only with his or her consent. American Health Information Management (AHIMA) believes that the documents related to patients or his custodian’s consent should be included in the patient’s health records [13].

J Med Syst Table 1 Conditions for collection of information from EHR from the professionals’ point of view (in the first stage of Delphi technique) Items agreed on by 75% or more According to law and limited to required data to achieve legal objectives Collection of Information From the individual with his consent and only from that person To make or defend a lawful or fair claim In case that the individual’s personal privacy is not violated With the individual’s express consent for purposes outside the care cycle except with legal permission The identity of the organization that collects information and how to contact it Individual’s awareness of The ability to gain access to the information The purposes for which the information is collected The organizations to which the information will be disclosed The law that requires the particular information to be collected The main consequences for the individual if the information is not provided The types of information that is to be collected about that individual To prevent or reduce the serious threat to the life and health of any individual Collection personal information If the individual is not able to consent from some one else If the individual is not able to give a written consent With permission from the individual whom data are about If a legal representative is determined as a substitute by the individual If there is a possibility for collecting inaccurate information from the patient In it is not possible to collect practical collection of information from the individual whom the data are about Organization’s commitment not to disclose the individual’s information without his consent If the one who collects information supposes the existence of patient’s implicit consent in reasonable conditions except that he or she withdraws the implicit consent by delivering a note Items agreed on by 50% to 75% Collection of Information only to fulfill the organization’s duties or activities such as health service delivery If permanent information are not identified before their disclosure with reasonable steps of the organization which collects data

Zahedifar’s investigation (2002) in Esfahan, Iran concluded that in all the hospitals with a manual system, consents in the back of the admission sheet should be received from the patients [18]. Taheri, H (1998) in his article “Is the Physician a Guarantor?” states that the physicians are required to obtain a clearance from a patient or his guardian before the treatment [19]. On the other hand, the study by Mohammadpour (2006) showed that there is not too much conformity between hospital standards in Iran and international standards for patient rights (58% of the standards are not in congruity) [20]. This indicates that the Iran’s Ministry of Health, Treatment and Medical Education has not set any standards concerning conditions for collecting information in the patients’ rights and their informed consent. Sarbaz, M. (2002), in addition, argues that a great number of patients’ absolute rights have not been considered in Iran’s right charter including the right of consent in treatment and the patient’s right privacy [21]. As a result, in spite of the great emphasis by experts on the need for obtaining the patient’s consent for the collection of health information in EHRs, there are no well-organized principles in Iran. These facts have made

HIM departments in this country act haphazardly, and breach the patients’ rights in some cases. Therefore, considering the inauguration of EHRs by the Iran’s Ministry of Health, Treatment and Medical Education it is recommended that a comprehensive electronic consent form be designed, the patient get aware of the reasons for information collection before or during collecting it, and finally the patient’s consent be taken into account as the necessary condition for the collection of the information. Data usage Professionals in Iran emphasize that health information must not be used without the patient’s consent. They also emphasize the use of health information for current care and treatment without the patient’s consent. Kluge (1995) in an investigation in Australia argues that the data in the records should be used for authorized legal objectives [22]. Behnam, S. in his study (2005) concluded that the patient’s consent to use the information in the records for care and treatment is not required [15]. These findings are in line with the results in this study.

J Med Syst Table 2 Principles of use and disclosure of health information in EHRs from professionals’ point of view (in the first stage of Delphi technique) Items agreed on by 75% or more Non use or disclosure of health information

Non use of health information without the individual’s consent For purposes outside the cycle of care and treatment except with the individual’s consent For a person, board or agency other than the patient except with the one’s awareness or consent Use or disclosure of the individual’s health For purposes outside the cycle of health and treatment by law or to safeguard the public information interest Suits by public sector To leave a note in the individual’s record indicating the use or disclosure of information Use or disclosure of the individual’s health For prevention, detection, investigation, prosecution or punishment of criminal offences information with no consent For enforcement of laws relating to confiscation to the proceeds of crime For determination of health care costs or investment for the payment To guarantee the quality and standards To communicate with the individual’s relative or friend for the cases that the individual is incapable of consenting To lessen or prevent serious threat for the life or health of the individual or others To audit the information in case that the information is destroyed immediately after the audit To train health service providers For the custodian or a person nominated by the individual, if the individual is incapacitated or unable to consent To deliver an appropriate care or treatment to the individual For the individual’s attorney limited to the extent needed or permitted To fulfill the objectives of research with the patient’s name in anonymity For another custodian to prevent fraud and malpractice, plan, monitor, evaluate, to allocate resources and prescribe certain drugs To supervise the public health or other public health objectives To assist the service-provider to fulfill the duties or to develop public health system The enforcement of civil and penal fines for unauthorized disclosure of the patient’s health records Items agreed on by 50% to 75% Non use or disclosure of health information By the one who receives the information for a purpose other than what the information is intended to be given Use or disclosure of the individual’s health If the custodian of information is justified information Just for certain purposes when needed Items agreed on by less than 50% Use or disclosure of the individual’s health For purposes outside the cycle of care and treatment in case that it is not possible to get the information individual’s consent before the use or disclosure Suits by private sector Use or disclosure of the individual’s health To change the information in order to hide the identity of the individual information with no consent For direct marketing For the one’s family members For others who have an intimate relationship with the patient For the applicant for health information of the deceased person

However, the study by Behnam indicates in the majority of the cases there are no certain principles to use health records in manual system [15]. Farzandipour’s investigation (1995) shows that the access by physicians and other health practitioners to health records in order to deliver health care in manual system has been made possible in most cases by their request and it has been in proportion to their

responsibility and their authority in hospital management. The use of health records by government offices in manual systems by their request and hospital management’s permission and some units it has usually been possible without their permission [23]. These findings indicate that what is usually going on in Iran is not in line with the experts’ viewpoint who participated in this study.

J Med Syst Table 3 Principles of one’s access to information in EHRs from professionals’ point of view (in the first stage of Delphi technique) Items agreed on by 75% or more An access to his or her information on a request by the individual That there is a serious and imminent threat to individual’s life or health No access to health information in That there is a possibility for the disclosure of the individual’s information by someone else case Of disagreement with law Of damage to prevention, detection, prosecution or punishment of criminal offences Of damage to enforcement of laws relating to the confiscation of proceeds of crime Of damage to public interest Inclusion of laws related to access to health information for both private and public sectors Inclusion of laws related to access to health information for maintained documents in an organization other than that providing health care Items agreed on by 50% to 75% That there is an unreasonable request to have an access No access to health information in That the information relates to legal actions between the organization and the individual case Of transparency and openness and damage to organization objectives relating to negotiations with the individual Of data collection for peer investigations, Standard Committee or Risk Evaluation Management The Individual’s access to all kinds of recorded information based on express need to know

Data disclosure The professionals in Iran confirmed the disclosure of electronic health information for purposes outside the cycle of care and treatment under law and to safeguard the public interest, or the release of information under certain conditions. Also, they have recognized permissible to disclose information for courts only by public sectors and have considered necessary to enforce civil and penal punishments for unauthorized disclosure of patient’s health records. In a study by Kluge it is noted by that the patients’ health records must not be released outwards except by the one’s formal consent or by legal authority or action in legal procedures [22]. Based on the laws in South Wales, courts have no right to have an access to the records made

in private sectors [1]. In the United States, the state laws force both civil and penal punishments for breach of confidence [8]. These findings confirm the results of the present study. Nevertheless, according to the investigations by Behnam and Farzandipour on patients’ records in a manual system, in most cases no certain principles can be found in delivering and disclosing patients’ health information [15, 23]. Zahedifar’s study indicates that about 9% of the studied units manage to obtain the patient a written consent to disclose information to insurance organizations, attorneys, public media and physicians who do not work in that hospital [18]. Salahi’s investigation (1998) also shows only a percentage of 28.6 for the hospitals which possess guidelines for disclosure of health information in manual system [24]. These findings again

Table 4 Principles of maintenance of information in EHRs from professionals’ point of view (in the first stage of Delphi technique) Items agreed on by 75% or more Protection of health information from misuse, damage, unauthorized access, modification or disclosure Correction, completion and updating of health information Maintenance of sufficient and relevant health information The existence of appropriate yardsticks maintenance and easy access to health information The existence of standards to maintain health information, guarantee the continuation and facilitate the access to information by authorized persons The existence of written policies for maintenance of health information Non qualification of organizations to delete clinical information before the time the law requires The maintenance of the accesses to information and tracing the data in records Items agreed on by 50% to 75% Non maintenance of the one’s health information more than the required period of time

J Med Syst Table 5 Responsibilities of custodians of information in EHRs from professionals’ point of view (in the first stage of Delphi technique) Items agreed on by 75% or more To assess privacy impact of health information on collection, use and disclosure To protect health information in their release and transmission from unauthorized destruction, use, modification, access or disclosure To follow and implement policies and related legal actions To designate a contact person to help ensure compliance with the legislation To notify the individual of the use or disclosure of health information without the one’s consent and to seek the one’s consent if the use or disclosure is to continue Explicit access of public to policies and confidentiality procedures To establish appropriate security safeguards by custodians who entrust health information to information management To establish administrative, technical and physical safeguards and to ensure that information agents are all aware of all them To maintain administrative, technical and physical safeguards To ensure that the information is correct, complete and up-to-date To disclose the information to the person authorized to receive the information To apply appropriate sanctions for willful contraventions of these privacy requirements To make required warnings about restrictions on information disclosure in records Acceptance of Responsibility For the patient as data owner To establish a board to supervise the confidentiality of information Forbiddance of transferring health information for countries without sufficient protective levels of information confidentiality It is legal and required to receive information and to follow the Transference of health information abroad in case information transference laws Of one’s consent to transfer the information Of information transference to the one’s benefit Service-provider The responsibility for the absence of a quick access to health information Health information custodian for the patient’s care by Information confidentiality supervision board Items agreed on by 50% to 75% Authority to refrain from giving the information to the patient if required or permitted to do so For custodians of health information as data owners Acceptance of Responsibility For the board supervising the confidentiality of information as data owners Items agreed on by less than 50% Acceptance of responsibility For care-providers as data owners Transference of health information abroad in case It is not possible to obtain one’s consent The responsibility for the absence of a quick access to health information for the patient’s care by The patient

show the nonexistence of any principles in this regard in Iran in contrast to the selected countries and professionals’ viewpoints participated in this study. In summary, considering the studies made in Iran within these10 years, no certain principles can be found governing the release of patients’ health records and the custodians have been indifferent or unaware of the need for such principles. In addition, considering the vital role of private sector in health and treatment in Iran and a necessity for the surveillance on the performance of private sector, despite the specialists’ standpoint, it seems necessary that both public and private sectors be responsible for required information by the courts. They should give the courts the patients’ records if necessary. Moreover, legal principles should be set and implemented for punishing the unauthorized disclosure of patients’ information.

Access to information According to the specialists’ standpoints in Iran the one’s access to his health information based on a request and based on the express need to know is considered permitted. Nevertheless, some restrictions are deemed necessary for one’s access to his health information. In addition, they believed that it is necessary to enact the laws of one’s access to health information for both public and private sectors and any organizations other than the health care provider institute. According to the findings in Australia (2000), privacy and access to health records were applied to records in private and public sectors and to the documents which were kept in an organization other than the care-delivering organization [25, 26]. American Hospital Association

J Med Syst Table 6 Principles of confidentiality of information in EHRs from professionals’ point of view (in the second stage of Delphi technique) Items agreed on by 75% or more Conditions of health information collection To fulfill the objectives and activities of that organization Data collection by organization Provided that the information is anonymous before disclosure by the organization that collects the information Principles of health information use When required for certain purposes if the custodian of information is justified about the need for use Use of health information without one’s of that information consent To determine the patient’s state of health to receive current health care Principles of disclosure of information in EHR the disclosure of health information by the one who receives information with patient’s consent for a purpose other than what the collection of information is intended Principles of one’s access to his health information The accessibility to information by the individual except The information is collected for evaluation and Standard Committee The Individual’s access to all kinds of recorded information based on express need to know Conditions of maintenance of health information in the organization Until the legal time voted Maintenance of the individual’s health Longer than the legal time if needed by the organization custodian of the information information Punishments for destruction of electronic records before their legal time Responsibilities of health information custodians Giving the ownership of data in electronic health records to the patient as well as health information custodians Giving the ownership of data in electronic health records to the patient as well as the information confidentiality supervision board Items agreed on less than 50% The request for an access to information is frivolous and unreasonable The information is related to legal actions between the individual and organization and the access to the information breaches the rights It leads to transparency and openness and a damage to organization objectives relating to negotiations with the individual Delivering the patient’s health record to him if destruction of the record is required by law Authority to refrain from giving the information to the patient if required or permitted to do so

Statement has announced that the patient has right to obtain complete information about the diagnosis and treatment of his illness from the physician, and when the patient is unable, the information must be given to someone who has an intimate relation with the patient [27]. Kluge noted in his investigation that the patient must have a right to access his electronic health information [22]. These findings are in line with the results of the present study. Behnam’s investigation shows that in Iran the patients are rarely talked with about his illness, medications and treatment progress and in most cases the patient has no access to his medical information in manual system [15]. In an investigation, Zahedifar indicated only in 36.4% of units, patients are permitted to have an access to their record physicians’ diagnosis in manual system when they are in appropriate mental conditions [18]. The investigation by Health Institute in South Wales (1999) on the problems with clients’ access to records indicates the clients have a little or no access to records in hospitals or through family physicians [28]. This finding is not in line with the results of this study.

The accessibility to information by the individual except

It appears that in order to safeguard the patients’ rights, the need for patients’ access to their health record information should be considered by all organizations, whether public or private. Therefore, it is recommended that in designing EHRs, a unique health identifier be considered for each client and the manner of the patient’s accessibility to his own health information and its mechanism be taken into consideration. Because the patients’ awareness of his heath record information creates a fair and better relationship between the patient and the physician, promotes informed consent, guarantees the maintenance of care by different care providers and gives the patient a greater control over one’s health [29]. Information maintenance The findings of the investigation emphasis on correctness, completeness and timeliness of the health information, and permissible to maintain the one’s health record more than the required time if needed by the organization custodian of the information.

J Med Syst

Anderson (1997) in his security principles has noted that no one is permitted to eliminate the clinical information except that their time period is expired [30]. Davis and Lacour (2002) state that data must be correct in order to be useful. If the data are not accurate, incorrect implications and knowledge may be transmitted to consumers. The completeness of data refers to collecting and recording data in its all details. Information must also be up-to-date when delivered [31]. These findings approve the results of the present study. Salahi, however, concluded in his study that in Iran there is no approach for the destruction of the paper records, and the instructions for the period of records maintenance were followed in only 11.5% of cases [24]. Therefore it is suggested that a database be developed for EHRs in each province. They should have the capability to maintain all the clients’ health information for the legal time required. Safeguarding the records from destruction and preventing from manipulation or deviation of information until the required time seem to be quite necessary. Considering the nonobservance of the present principles in manual records, the punishments are quite necessary for the individuals or organizations which illegally decide to destroy or to wipe out the records or even are careless in maintenance of computerized records. Responsibilities of custodians The specialists’ standpoints emphasis on public access to policies and procedures of privacy in electronic health information records. they also make an emphasis on some other item such as, giving the ownership of the data to the custodians of the health information and the Information Confidentiality Supervision Board as well as the patient, the forbiddance of transmitting the health information to countries without sufficient levels of protection for information confidentiality, transmission of health information abroad under certain conditions, and finally the responsibility for the absence of a quick access to health information to take care of the patient by care provider, information custodian and Information Confidentiality Supervision Board. The studies made indicate that according to the current laws in Australia, patients are not the owners of their records. In the United States, the problem of ownership of data in electronic records has not been resolved [32]. Data maintenance directive by the European Union in October in 1998 forbids the movement of information to countries without sufficient protection levels except it is done through patient’s consent [33]. Fuller and Jeffries (2001) cite the responsibilities of health information management in safeguarding the information as to get aware of information confidentiality laws, to enact laws and to

manipulate the contents in each medical record [34]. Denis Callahan (2001) in his article ‘The New Privacy Officer’s Game Plane’ notes that the requirements of health service organization for the person responsible for confidentiality is different from other occupations, and because of their trainings and experiences, practitioners in health information management have most of the required skills [35]. In addition, the investigation by Behnam indicated that in Iran there are practitioners in hospital responsible for issues such as accuracy and completeness of the information, educational programs for staff’s familiarity with information confidentiality, and observance of the laws related to safeguarding the security of information in patients’ records [15]. According to the investigation by Zahedifar, before starting to work, medical records personnel get familiar with their tasks and responsibilities concerning the confidentiality [18]. All in all, it seems that in order to protect and maintain the patients’ health records in Iran, individuals should be trained as medical record specialists who will be responsible for patients’ medical records. These practitioners must undertake the responsibility for the patients’ Electronic Health records in the future, and the competent authorities must not only set the required legal principles, complete and rectify job description for these personnel but also recognize them as custodians of electronic health records and as those responsible for observing and following laws related to information confidentiality. However, as the ownership of the data in electronic records has not been solved completely, and because of the nature of EHRs, it seems necessary to pay attention to the custodianship of the electronic health records instead of the ownership of their data.

Conclusion According to the findings by the present investigation, a comprehensive model of the electronic health record confidentiality principles is presented for Iran in six pivots. This model is a collection of EHR confidentiality principles from studied countries. Each of the subject countries uses only part of this new model. The common aspect of Iran’s model with the models in selected countries is the focus on the pivotal role of patient’s consent in the principles of confidentiality in electronic health records. The differences with studied countries model is that, the use and disclosure of health information for marketing and purposes outside the cycle of care and treatment without patient’s consent, family members or someone who has an intimate relation with the patient was not approved by Iranian professionals; the individual must be have an access to his/her health

J Med Syst

information in some cases; and finally the health information must not be kept more than the required time by law. In addition, punishment for disclosure or destruction of electronic health information, data ownership, inclusion of statutes related to access to information in all organizations, the responsibility for inaccessibility to information and the movement of information abroad have been confirmed as new dimensions added based on this study. Because the EHR issue and its confidentiality is novel in Iran, more research in this field must be carried out. Based on the results of the current study and researchers’ experiences, the weakness of the electronic health systems in Iran in this field consists of: 1. 2. 3. 4. 5.

Data collection conditions Data use principles Information disclosure principles Principles of information access Information maintenance conditions

On the other hand, it seems that attention to Duties of health information custodians of current medical information systems in the health centers of Iran is the sole strength of current systems. Thus there are many gaps between current situation and the desired EHR confidentiality principles in Iran. Considering the new approach of Ministry of Health, Treatment and Medical Education towards the creation of an electronic health record for each Iranian and the absence of well organized, comprehensive principles for the confidentiality of health records in Iran, it is recommended to use the proposed model by the officials of the Ministry of Health, Treatment and Medical Education in general and, the ‘Statistic and Information Technology Management Sector’ of Iran Health Ministry in particular. Conflict of interest No conflicts of interest have been declared

References 1. Carter, M., Should patients have access to their Medical records. J. Med. Image Anal. 169:96–97, 1998. 2. Commonwealth of Australia, International approaches to the electronic health record; 2003. http://www.healthconnect.gov.au/ internet/hconnect/publishing.nsf/Content/43598FE37A3E7270 CA257128007B7EB7/$File/v3–1.pdf. Accessed 2006. 3. National Committee on Vital and Health Statistics, Information for health; 2001. http://www.ncvhs.hhs.gov/nhiilayo.pdf. Accessed 2006. 4. Lyons, R., Payne, C., McCabe, M., and Fielder, C., Legibility of doctor’s hand writing: quantitative comparative study. BMJ. 317:863–864, 1998. 5. Woodward, B., The computer-based patient record and confidentiality. N. Engl. J. Med. 333:1419–1422, 1995. doi:10.1056/ NEJM199511233332112. 6. HIMSS, 2004 HIMSS National health information infrastructure survey; 2004. http://www.himss.org/content/files/2004 healthinfoInfrastructuresurvey.pdf. Accessed 2006.

7. Meidani, M., A Comparative investigation on standards of medical records in selected countries and Iran. Thesis, Medical Information Management Faculty, Iran University of Medical Sciences, Tehran; 2003 8. Aspen Reference Group, Health information management manual, 1st edition. Maryland, Aspen, 1999. p. 5:1. 9. Bitaraf, E., Riazi, H., and Fathi Roodsari, B., Comparative study of electronic health in the word, 2/2nd edition. Ministry of Health and Medical education, Tehran, 2007. 10. Riazi, H., Fathi Roodsari, B., and Bitaraf, E., Electronic health record, concepts, standards and development approaches, Version 1.1. Ministry of Health, Treatment and Medical Training, Tehran, 2007. 11. Cornwall, A., Electronic health Records: an international perspective; 2002. http://www.home.vicnet.net.au. Accessed 2006. 12. Itiran, Looking to progress path of electronic health records. 2008. Available from: http://itiran.com/?type=article&id=9999. Accessed 2009. 13. Farzandipour, M., Ahmadi, M., Sadoughi, F., and Karimi, I., A comparative study on confidentiality principles of electronic health records in the selected countries. Journal of Health Information Management. 5(2):139–149, 2009. 14. Commonwealth Department of Health and Aged Care, The benefits and difficulties of introducing a national approach to electronic health records in Australia; 2002. http://www.health.gov.au. Accessed 2006. 15. Behnam, S. A comparative study of accessibility levels and confidentiality of medical records in selected countries. Thesis, Medical Information Management Faculty. Tehran, Iran University of Medical Sciences, 2005. 16. CIHI, Privacy and Confidentiality of health information at Canadian institute for health information; 2002. http://www. secure.cihi.ca/cihiweb/en/downloads/privacy_policy_priv2002_e. pdf. Accessed 2006. 17. Department of Health and Human Services. 45CFRparts 160,162 and 164 Health Insurance Reform: security standard; Final Rule; 2003. Available from: http://www.hipaa.org. Accessed 2009. 18. Zahedifar, R., Study rate of respect for patients rights in Medical Records Units of Isfahan University of Medical Sciences. Thesis, Medical Information Management Faculty. Tehran, Iran University of Medical Sciences, 2002. 19. Taheri, H., Is the physician a guarantor? J. Medicolegal Org. 14:25–30, 1998. 20. Mohammadpour, A., A comparative study on the Hospital Standards of Ministry of Health and International Standards of Joint Commission on Accreditation of Hospital. Thesis, Medical Information Management Faculty, Tehran, Iran University of Medical Sciences, 2006. 21. Sarbaz Zarinabad, M., A comparative investigation of patients’ rights charter in some selected countries and finding a suitable solution for Iran. Thesis, Medical Information Management Faculty, Tehran, Iran University of Medical Sciences, 2002. 22. Kluge, E. H., Patients, patient records, and ethical principles. Med info. 8:1596–1600, 1995. 23. Farzandipour, M., An investigation on policies of delivering medical records in Tehran University’s Hospitals. M. Sc. Thesis, Medical Information Management Faculty. Tehran, Iran University of Medical Sciences, 1995. 24. Salahi, M., An investigation on conditions of storage and retrieval of patients’ medical records in teaching hospitals of Iran University of Medical Sciences and their comparison with national standards and standards in the US. Thesis, Medical Information Management Faculty, Tehran, Iran University of Medical Sciences, 1998. 25. National Electronic Health Records Taskforce. A health information Network for Australia; 2000. http://www.health.gov.au/ internet/hconnect/publishing.nsf/content/7746B10691FA666C CA257128007B7EAF/$File/ehrrept.pdf. Accessed 2006.

J Med Syst 26. National Electronic Health Records Taskforce, A national approach to electronic health Records for Australia; 2000. http://www.healthcon nect.gov.au/internet/hconnect/publishing.nsf/content. Accessed 2006. 27. Mcmiller, K., Brady being a medical record clerk. Prentice Hall, Englwood Cliffs, 1992. 28. Advisory Council on Health Infostructure, Canada Health infoway; 1999. http://www.hc-sc.gc.ca/hcs-sss/alt-formats/iab-dgiac/ pdf. Accessed 2006. 29. Consumer’s Health Forum of Australia, The use of consumers’ health information for research purposes. Consumers’ Health Forum of Australia, Australia, 1998. 30. Anderson, R. J., An update on the BMA security policy. Spring, Berlin, 1997.

31. Davis, N., and Lacour, M., Introduction to Health Information Technology. Saunders, Philadelphia, 2002. 32. Tang, P. C., and Hammond, W. E., A progress report on computerbased patient records in the United States. National Academy press, Washington, 1997. 33. European commission, European Union Directive. On the protection of individuals with regard to the processing of personal data and on the free movement of such data. European Commission, Brussels, 1995. 34. Fuller, B., and Jeffries, J., From DNA to data privacy. J. Am. Health Inf. Manag. Assoc. 72(3):46–50, 2001. 35. Callahan, D., The new privacy officer’s game plane. J. Am. Health Inf. Manag. Assoc. 72(6):26–32, 2001.