home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
nlmpubs.nlm.nih.gov
/
2014.05.nlmpubs.nlm.nih.gov.tar
/
nlmpubs.nlm.nih.gov
/
bibs
/
cbm
/
confiden.txt
< prev
next >
Wrap
Text File
|
1996-05-29
|
106KB
|
2,822 lines
CBM 95-10
Confidentiality of Electronic Health Data:
Methods for Protecting Personally Identifiable Information
January 1990 through March 1996
448 Selected Citations
Prepared by
Ione Auston, M.L.S., National Library of Medicine
Betsy L. Humphreys, M.L.S., National Library of Medicine
Paul D. Clayton, Ph.D., Columbia-Presbyterian Medical Center
Isaac S. Kohane, M.D., Ph.D., Harvard Medical School
Lance J. Hoffman, Ph.D., George Washington University
Zdenka Geisslerova, National Library of Medicine
U.S. DEPARTMENT OF HEALTH
AND HUMAN SERVICES
Public Health Service
National Institutes of Health
National Library of Medicine
Reference Section
8600 Rockville Pike
Bethesda, Maryland 20894
1996
National Library of Medicine Cataloging in Publication
Confidentiality of electronic health data : methods for
protecting personally identifiable information : January
1990 through March 1996 : 448 selected citations /
prepared by Ione Auston ... [et al.]. -- Bethesda, Md.
(8600 Rockville Pike, Bethesda 20894) : U.S. Dept. of
Health and Human Services, Public Health Service, National
Institutes of Health, National Library of Medicine,
Reference Section ; Pittsburgh, PA : Sold by the Supt. of
Docs., U.S. G.P.O., 1996.
-- (Current bibliographies in medicine ; 95-10)
1. Confidentiality - bibliography 2. Computer Security
- bibliography 3. Medical Informatics - bibliography I.
Auston, Ione II. National Library of Medicine (U.S.).
Reference Section III. Title IV. Series
02NLM: ZW 1 N272 no.95-10
SERIES NOTE
Current Bibliographies in Medicine (CBM) is a continuation in
part of theNational Library of Medicine's Literature Search
Series, which ceased in 1987 with No. 87-15. In 1989 it also
subsumed the Specialized Bibliography Series. Each bibliography
in the new series covers a distinct subject area of biomedicine
and is intended to fulfill a current awareness function.
Citations are usually derived from searching a variety of online
databases. NLM databases utilized include MEDLINE, AVLINE,
BIOETHICSLINE, CANCERLIT, CATLINE, HEALTH, POPLINE and TOXLINE.
The only criterion for the inclusion of a particular published
work is its relevance to the topic being presented; the format,
ownership, or location of the material is not considered.
Comments and suggestions on this series may be addressed to:
Karen Patrias, Editor
Current Bibliographies in Medicine
Reference Section
National Library of Medicine
Bethesda, MD 20894
Phone: 301-496-6097
Fax: 301-402-1384
Internet: patrias@nlm.nih.gov
This bibliography, CBM 95-10, is the last publication in this
series for calendar year 1995.
Ordering Information:
Current Bibliographies in Medicine is sold by the Superintendent
of Documents, U.S. Government Printing Office, P.O. 371954,
Pittsburgh, PA 15250-7954. To order the entire CBM series for
calendar year 1996 (approximately 10 bibliographies), send $47.00
($58.75 foreign) to the Superintendent of Documents citing GPO
List ID: CBM96. For your convenience an order blank is given
inside the back cover. Orders for individual bibliographies in
the series ($5.50, $6.88 foreign) should be sent to the
Superintendent of Documents citing the title, CBM number, and the
GPO List ID given above.
Internet Access:
The Current Bibliographies in Medicine series is also available
at no cost to anyone with Internet access through FTP (File
Transfer Protocol). FTP to nlmpubs.nlm.nih.gov and login as
anonymous. The index file in the "bibs" directory provides
information on the bibliographies available.
Use of funds for printing this periodical has been approved by
the Director of the Office of Management and Budget through
September 30, 1996.
FOREWORD
In 1995, in response to a request from the Vice-President of the
United States of America, the Department of Health and Human
Services assumed a leadership role in addressing four major
issues surrounding the use of the National Information
Infrastructure to advance health care and the public health: (1)
telemedicine; (2) health data privacy; (3) health data standards;
and (4) consumer access to health information. One specific
health data privacy objective is the identification and
dissemination of information about current best practices for
ensuring the confidentiality of electronic health data. This
bibliography of information sources that provide concrete
guidance on the policies, procedures, and technologies useful in
safeguarding electronic health data is a first step toward that
objective. Although the bibliography contains many useful
references, the literature search conducted to produce it has
confirmed that published information about how to protect
electronic health data is fragmented and incomplete. Many
institutions are currently addressing the need for comprehensive
policies and procedures for safeguarding electronic health, but,
to date, few institutional documents have been completed and
released.
Materials cited in this bibliography have been one source of
input to a study of "best practices" for protecting the
confidentiality of electronic health care data that is currently
being undertaken by the Computer Sciences and Telecommunications
Board of the National Research Council, under the chairmanship of
Paul Clayton, Ph.D., Columbia-Presbyterian Medical Center.
Funded by the National Library of Medicine and the Warren G.
Magnuson Clinical Center, National Institutes of Health, DHHS,
the study is also collecting data through a series of site visits
to institutions with electronic health information systems. Its
final report, scheduled for release by January 1997, will bring
us a step closer to the goal of developing practical and coherent
guidelines for protecting the confidentiality of electronic
health data.
Nan D. Hunter
Deputy General Counsel
U.S. Department of Health and Human Services
Chair, Interdepartmental Health Privacy Working Group
CONFIDENTIALITY OF ELECTRONIC HEALTH DATA
Electronic health data can improve the quality and efficiency of
health care, research, and public health surveillance and
interventions. To achieve these benefits without unacceptable
risk to patient confidentiality, electronic health data must be
created, used, transmitted, aggregated, and abstracted in ways
and in environments that maintain data security and accuracy;
prevent inadvertent or accidental release; prevent or deter
access by unauthorized users; and discourage, detect, and punish
inappropriate use of health data by unauthorized users.
This selective bibliography is primarily intended for those who
are responsible for protecting electronic health data and need
information on appropriate strategies for doing so. It includes
references to publications, organizations, and electronic sources
that address methods for preserving the confidentiality and
security of electronic health data. The methods covered include
technical approaches, institutional policies and procedures,
staff and patient education, and legal and regulatory
requirements. In addition to substantive discussions of measures
for preserving confidentiality and security of health data, the
bibliography also has references to some recent standards and
guidelines that apply to electronic data in general. Letters,
editorials, news items, and general descriptions of health
information systems in which security and privacy prevention are
mentioned briefly generally have been excluded.
The bibliography has a tight focus on how to protect electronic
health data and therefore also excludes references to the large
body of literature on related topics such as: the need to protect
privacy; the need for federal legislation; the potential privacy
and security problems associated with computer-based patient
records; the public's perceptions of privacy issues; special
ethical and privacy considerations associated with genetic
screening, AIDS testing, and occupational health records; the
conditions under which medical and psychiatric records must or
must not be disclosed to courts; the tension between privacy and
the public good in cases involving infectious disease, potential
violence, etc.; institutional review boards; and informed
consent, except as it relates directly to consent about use of
health data.
In general, publication dates for references included in this
bibliography range from January 1990 through March 1996, and
publications are primarily in English. Journal articles, books
and book chapters, conference proceedings and papers, meeting
abstracts, laws and legal documents, and technical reports, as
well as unpublished documents, have been surveyed and selected
for inclusion. Arrangement of the bibliography is by subject and
citations within each category are listed alphabetically by
author; a citation appears under only one category.
A number of Internet sites created by various organizations that
address confidentiality or computer security may be found by
using various world wide web searching tools. A selected list of
these are included in the Organizations section of this
bibliography. All Internet addresses were functional on the date
that this bibliography became available.
The compilers wish to thank Marlyn Schepartz, National Library of
Medicine, for her technical assistance with production of this
bibliography.
SEARCH STRATEGY
A variety of online databases are usually searched in preparing
bibliographies in the CBM series. To assist you in updating or
otherwise manipulating the material in this search, the strategy
used for the NLM's MEDLINE database is given below. Please note
that the search strategies presented here differ from individual
demand searches in that they are generally broadly formulated and
irrelevant citations edited out prior to printing.
SS 1 = CONFIDENTIALITY OR COMPUTER SECURITY OR PRIVACY (TW)
SS 2 = PATIENT IDENTIFICATION SYSTEMS OR PUBLIC HEALTH
ADMINISTRATION OR TELEMEDICINE OR DATABASES, FACTUAL OR NURSING
AUDIT OR PEER REVIEW, HEALTH CARE OR PROFESSIONAL REVIEW
ORGANIZATIONS OR MEDICAID OR SYSTEMS INTEGRATION OR JCAHO (MH)
SS 3 = *EPIDEMIOLOGIC METHODS (PX)
SS 4 = EXPLODE *MANAGEMENT INFORMATION SYSTEMS OR EXPLODE
*MEDICAL AUDIT OR EXPLODE *UTILIZATION REVIEW OR EXPLODE MEDICARE
OR EXPLODE CLINICAL TRIALS OR EXPLODE *MEDICAL INFORMATICS
SS 5 = EXPLODE OFFICE MANAGEMENT OR EXPLODE *INSURANCE
SS 6 = 1 AND 2
SS 7 = 1 AND 3
SS 8 = 1 AND 4
SS 9 = 1 AND 5
SS 10 = 6 OR 7 OR 8 OR 9
GRATEFUL MED and INTERNET GRATEFUL MED
To make online searching easier and more efficient, the Library
offers GRATEFUL MED, microcomputer-based software that provides a
user-friendly interface to most NLM databases. This software was
specifically developed for health professionals and features
multiple choice menus and "fill in the blank" screens for easy
search preparation. GRATEFUL MED runs on an IBM PC (or
IBM-compatible) with DOS 2.0 or a Macintosh, and requires a Hayes
(or Hayes-compatible) modem. It may be purchased from the
National Technical Information Service in Springfield, Virginia,
for $29.95 (plus $3.00 per order for shipping). For your
convenience, an order blank has been enclosed at the back of this
bibliography.
INTERNET GRATEFUL MED is available from the World Wide Web. The
user with Internet access and an NLM user account need only point
a compatible Web browser (Netscape Navigator is strongly
recommended) to http://igm.nlm.nih.gov. No other software at
the user end is required. At present, MEDLINE is the only NLM
database available through INTERNET GRATEFUL MED, but the Library
expects to add access to other files rapidly.
SAMPLE CITATIONS
Citations in this bibliographic series are formatted according to
the rules established for Index Medicus*. Sample journal and
monograph citations appear below. For journal articles written
in a foreign language, the English translation of the title is
placed in brackets; for monographs, the title is given in the
original language. In both cases the language of publication is
shown by a three letter abbreviation appearing at the end of the
citation.
Journal Article:
Authors Article Title
Barrows RC Jr, Clayton PD. Privacy, confidentiality, and
electronic medical records.
J Am Med Inform Assoc 1996 Mar-Apr;3(2):139-48.
Abbreviated Journal Date Volume Issue Pages
Title
Monograph:
Authors/Editors Title
Barber B, Treacher A, Louwerse CP, editors. Towards security on
medical telematics: legal and technical aspects.
Washington: IOS Press; 1996. 252 p.
Place of Publisher Date Total No.
Publication of Pages
_________________________________
*For details of the formats used for references, see the
following publication:
Patrias, Karen. National Library of Medicine recommended formats
for bibliographic citation. Bethesda (MD): The Library; 1991
Apr. Available from: NTIS, Springfield, VA; PB91-182030.
TABLE OF CONTENTS
OVERVIEW
General
Health
POLICIES & POSITION STATEMENTS
General
Health
Institutional
RISK ANALYSIS & CONTINGENCY PLANNING
EDUCATION & TRAINING
ACCESS CONTROL/AUTHENTICATION
PERSONAL IDENTIFIERS
AUDIT TRAILS
ELECTRONIC SIGNATURES
ENCRYPTION
SOFTWARE & APPLICATION DESIGN/PROTECTION
NETWORK SECURITY
IMAGES & TELEMEDICINE
SECONDARY USAGE OF HEALTH DATA
Research & Quality Review
Statistics
SMART CARDS
LAWS, REGULATIONS, LEGAL ASPECTS
Federal
Laws, Bills, & Regulations
Legal Aspects - Commentary
State
Laws, Bills, & Regulations
Legal Aspects - Commentary
Other Countries
Laws, Bills, & Regulations
Legal Aspects - Commentary
OTHER BIBLIOGRAPHIES
ORGANIZATIONS
General
Health
OVERVIEW
General
Bacard A. The computer privacy handbook. Berkeley (CA): Peachpit
Press; 1995.
Bowen J, Stavridou V. [Safety-critical systems. Formal methods
are standards]. Genie Log Syst Expert 1993 Mar;30:37-64. (Fre).
Castano S. Database security. Reading (MA): Addison-Wesley; 1994.
Clark DD, Wilson DR. A comparison of commercial and military
computer security policies. In: Proceedings of the 1987 IEEE
Symposium on Security and Privacy; 1987 Apr 27-29; Oakland, CA.
Washington: IEEE Computer Society Press; 1987. p. 184-94.
Gilbert DM. Sample statements of work for federal computer
security services: for use in-house or contracting out. Lynch N,
editor. Gaithersburg (MD): National Institute of Standards and
Technology (US), Computer Systems Laboratory; 1991 Dec. Report
No.: NIST Internal Report (NISTIR) 4749. Available from: NTIS,
Springfield, VA; PB92-148261.
Guttman B, Roback EA. An introduction to computer security: the
NIST handbook. Gaithersburg (MD): National Institute of Standards
and Technology (US); 1995 Oct. Report No.: NIST Special
Publication 800-12. 272 p. Available from: US GPO, Washington;
SN003-003-03374-0.
National Institute of Standards and Technology (US); National
Computer Security Center (US). 17th National Computer Security
Conference; 1994 Oct 11-14; Baltimore, MD. [Ft. Meade (MD):
National Computer Security Center]; 1995. 2 vols. Available
from: National Security Agency, Publications Office, Ft. Meade,
MD (410/766-8729).
National Institute of Standards and Technology (US), National
Computer Security Center (US). 18th National Information Systems
Security Conference); 1995 Oct 10-13; Baltimore. [Ft. Meade (MD):
National Computer Security Center]; 1996. 2 vols. Available
from: National Security Agency, Publications Office, Ft. Meade,
MD (410/766-8729). Formerly the National Computer Security
Conference.
Nazario NA, editor. General procedures for registering computer
security objects. Gaithersburg (MD): National Institute of
Standards and Technology (US), Computer Systems Laboratory; 1993
Dec. Report No.: NIST Internal Report (NISTIR) 5308. Available
from: NTIS, Springfield, VA; PB94-134897.
Saltman RG, editor. Good security practices for electronic
commerce, including electronic data interchange. Gaithersburg
(MD): National Institute of Standards and Technology (US),
Computer Systems Laboratory; 1993 Dec. Report No.: NIST Special
Publication 800-9. Available from: NTIS, Springfield, VA;
PB94-139045.
Saltman RG, editor. Workshop on Security Procedures for the
Interchange of Electronic Documents: selected papers and results.
Gaithersburg (MD): National Institute of Standards and Technology
(US), Computer Security Laboratory; 1993 Aug. Report No.: NIST
Internal Report (NISTIR) 5247. 128 p. Available from: NTIS,
Springfield, VA; PB94101854.
SECURICOM 95. Proceedings of the 13th Worldwide Congress on
Computer and Communications Security and Protection; 1995 Jun
8-9; Paris, France. Paris: Manifestations & Commun. Int.; 1995.
288 p.
United States, Congress, Office of Technology Assessment.
Information security and privacy in network environments.
Washington: U.S. Government Printing Office; 1994 Sep. Report
No.: OTA-TCT-606. 244 p.
United States, Congress, Office of Technology Assessment. Issue
update on information security and privacy in network
environments. Washington: U.S. Government Printing Office; 1995
Jun. Report No.: OTA-BP-ITC-147. 142 p.
Health
Bakker AR. Security in medical information systems. In: van
Bemmel JH, McCray AT, editors. Yearbook of medical informatics:
Stuttgart: Schattauer; 1993. p. 52-60.
Barber B, Bakker A, Bengtsson S. Conclusions and
recommendations. Int J Biomed Comput 1994;35 Suppl:221-9.
Barber B, O'Moore R. The six safety first principles of health
information systems - Progress Report. In: Commission of the
European Communities DG XIII/F AIM. Data protection and
confidentiality in health informatics: handling health data in
Europe in the future. Washington: IOS Press; 1991. p. 308-14.
(Studies in health technology and informatics; vol. 1).
Barrows RC Jr, Clayton PD. Privacy, confidentiality, and
electronic medical records. J Am Med Inform Assoc 1996
Mar-Apr;3(2):139-48.
Benson T, Neame R. Healthcare computing: a guide to health
information management and systems. Harlow (Essex, UK): Longman
Group Ltd.; 1994. Chapter 11, Security and privacy; p. 143-63.
Biskup J, Bleumer G. Reflections on security of database and data
transfer systems in health care. In: Information processing '94.
Applications and impacts. Proceedings of the 13th IFIP World
Computer Congress; 1994 Aug 28-Sep 2; Hamburg, Germany.
Amsterdam: Elsevier Science Pub.; 1994. p. 549-56. (IFIP
transactions A (computer science and technology); vol.A-52).
Blum BI. Computer security in a clinical environment. In:
Jajodia S, Landwehr CE, editors. Database Security, 4: Status and
Prospects. Results of the IFIP WG 11.3 workshop; 1990 Sep 18-21;
Halifax, UK. Amsterdam: North-Holland; 1991. p. 1-12.
Bruce JAC. Privacy and confidentiality of health care
information. 3rd ed. Chicago: American Hospital Pub.; Forthcoming
1996.
Bunz H, Bertsch A, Jurecic M, Baum-Waidner B. Secure multimedia
applications and teleservices: security requirements and
prototype for health care. In: Steinmetz R, editor. Multimedia:
advanced teleservices and high-speed communication architectures.
Proceedings of the 2nd International Workshop, IWACA '94; 1994
Sep 26-28; Heidelberg, Germany. Berlin: Springer-Verlag; 1994. p.
224-36.
Caring for Health Information - Safety, Security and Secrecy.
Results of a working conference of the International Medical
Informatics Association. Heemskerk, The Netherlands, 1993 Nov
13-16. Int J Biomed Comput 1994 Feb;35 Suppl:1-235.
Commission of the European Communities DG XIII/F AIM. Data
protection and confidentiality in health informatics: handling
health data in Europe in the future. Washington: IOS Press; 1991.
Executive summary; p. 1-61. (Studies in health technology and
informatics; vol. 1).
Confidentiality and security measures for health care. Toward
Electron Patient Rec 1994 Jun-Jul;3(1):1-13.
de Roulet D, Scherrer JR, editors. Data protection within a
hospital information system. In: SECURICOM 90. 8th Worldwide
Congress on Computer and Communications Security and Protection;
1990 Mar 14-16; Paris, France. Paris: SEDEP; 1990. p. 27-45.
Dolezol W. System protection techniques within the hospital
information system at the hospitals of the University of
Wurzburg. MUG Q 1991 Sep;21(4):27-32.
Furnell SM, Gaunt PN, Pangalos G, Sanders PW, Warren MJ. A
generic methodology for health care data security. Med Inf
(Lond) 1994 Jul-Sep;19(3):229-45.
Gabrieli ER. Guidelines for minimal data security measures for
the protection of computer-based patient records. J Clin Comput
1993;22(1):1-48.
Hamilton DL. Identification and evaluation of the security
requirements in medical applications. Bristol (UK):
Hewlett-Packard Laboratory; 1992 Jun. Report No.: HPL-92-75. 11
p.
Health Records: Social Needs and Personal Privacy. Conference
Proceedings; 1993 Feb 11-12; Washington, DC. Washington: U.S.
Government Printing Office; 1993 Feb. Also available from: NTIS,
Springfield, VA; PB94168192.
Hoffman LJ. Data security and privacy in health information
systems. Top Emerg Med 1995 Dec;17(4):24-6.
Iversen KR. Security requirements for electronic patients
records: the Norwegian view. Int J Biomed Comput 1994 Feb;35
Suppl:51-6.
Jurecic M, Bunz H. Exchange of patient records-prototype
implementation of a Security Attributes Service in X.500. In:
Proceedings of 2nd ACM Conference on Computer and Communications
Security; 1994 Nov 2-4; Fairfax, VA. New York: ACM; 1994. p.
30-8.
Kaplan JG. Protecting sensitive medical information. In:
Database Security, 6: Status and Prospects. IFIP WG 11.3
workshop; 1992 Aug 19-21; Vancouver, BC, Canada. [Amsterdam?:
North Holland?]; 1993. p. 1-14. (IFIP transactions A (computer
science and technology); vol. A-21).
Lincoln TL, Essin D. The computer-based patient record: issues of
organization, security and confidentiality. In: Database
Security, 5: Status and Prospects. Results of the IFIP WG 11.3
workshop; 1991 Nov 4-7; Shepherdstown, WV. [Amsterdam?: North
Holland?]; 1992. p. 1-19. (IFIP transactions A (computer science
and technology); vol.A-6).
Louis Harris and Associates. Equifax-Harris consumer privacy
survey 1994. New York: The Associates; 1994. Available from:
Equifax, Inc., Atlanta, GA.
Louis Harris and Associates. Equifax-Harris mid-decade consumer
privacy survey 1995. New York: The Associates; 1995. Available
from: Equifax, Inc., Atlanta, GA.
Louis Harris and Associates. Health care information privacy: a
survey of the public and leaders. New York: The Associates; 1993.
Available from: Equifax, Inc., Atlanta, GA.
Louwerse CP. The organisation and management of information
security issues in health care. Int J Biomed Comput 1994 Feb;35
Suppl:195-200.
Meranda D. Administrative and security challenges with
electronic patient record systems. J AHIMA 1995 Mar;66(3):58-60.
Moehr JR. Privacy and security requirements of distributed
computer based patient records. Int J Biomed Comput 1994 Feb;35
Suppl:57-64.
O'Connor K. Confidentiality, privacy and security concerns in
the modern healthcare environment. Aust Comput J 1994
Aug;26(3):70-7.
Pfitzmann A, Pfitzmann B. Technical aspects of data protection in
health care informatics. In: Noothoven van Goor J, Christensen
JP, editors. Advances in medical informatics: results of the AIM
Exploratory Action. Washington: IOS Press; 1992. p. 368-86.
(Studies in health technology and informatics; vol. 2).
Schmaus D. Computer security and data confidentiality. AORN J
1991 Oct;54(4):885-90.
Shea S, Sengupta S, Crosswell A, Clayton PD. Network information
security in a phase III Integrated Academic Information
Management System (IAIMS). Proc Annu Symp Comput Appl Med Care
1992;16:283-6.
Task Force on the Privacy of Private-Sector Health Records. Final
report. Rockville (MD): Kunitz and Associates, Inc.; 1995 Sep.
Contract No.: HHS-100-91-0036. 128 p. plus appendices.
Sponsored by the U.S. Department of Health and Human Services.
United States, Congress, Office of Technology Assessment.
Bringing health care online: the role of information
technologies. Washington: U.S. Government Printing Office; 1995
Sep. Report No: OTA-ITC-624. Chapter 3, Networks for health
information; p. 79-122.
United States, Congress, Office of Technology Assessment.
Protecting privacy in computerized medical information.
Washington: U.S. Government Printing Office; 1993 Sep. Report
No.: OTA-TCT-576. 157 p.
Woodward B. The computer-based patient record and
confidentiality. N Engl J Med 1995 Nov 23;333(21):1419-22.
Wright B. Security concerns of computer-based health care
information. Comput Secur J 1994 Spring;10(1):83-9.
POLICIES & POSITION STATEMENTS
General
Bennett CJ. Regulating privacy: data protection and public policy
in Europe and the United States. Ithaca (NY): Cornell University
Press; 1992.
Information and Privacy Commissioner/Ontario. Access and the
Canadian information highway: submission to the Information
Highway Advisory Council Secretariat in response to the
Discussion Paper entitled Access, Affordability and Universal
Service on the Canadian Information Highway. [Ottawa (Ontario,
Canada): The Commissioner]; 1995 Mar. 8 p.
Information and Privacy Commissioner/Ontario. The information
highway: access and privacy principles. [Ottawa (Ontario,
Canada): The Commissioner]; 1994 Dec. 12 p.
Information and Privacy Commissioner/Ontario. Privacy and the
Canadian information highway: submission to the Information
Highway Advisory Council Secretariat. [Ottawa (Ontario, Canada):
The Commissioner]; 1994 Dec. 12 p.
Information Infrastructure Task Force (IITF), Information Policy
Committee, Privacy Working Group. Privacy and the National
Information Infrastructure: principles for providing and using
personal information. Final version. [Washington]: The Group;
1995 Oct. [13 p.] Available from: Office of Management and
Budget, Washington, DC.
Information Infrastructure Task Force (IITF), National
Information Infrastructure Security Issues Forum. NII security:
the federal role. [Washington]: The Forum; 1995 Jun 5. [35 p.]
Available from: Office of Management and Budget, Washington, DC.
Draft report issued for public comment, June 14, 1995.
Irving L, Farquhar MC, Brown KC, et al. Privacy and the NII.
Safeguarding telecommunications - related personal information.
[Washington]: Department of Commerce (US), National
Telecommunications and Information Administration; 1995 Oct. 28
p., Appendix A1-9.
Health
American College of Healthcare Executives. Ethical policy
statement. Medical records confidentiality. Healthc Exec 1994
May-Jun;9(3):43.
American Medical Association, Council on Ethical and Judicial
Affairs. Current opinions of the Council on Ethical and Judicial
Affairs. Chicago: The Association; 1992. Section 7.00, Opinions
on physician records; p. 32-3.
American Medical Association, Council on Ethical and Judicial
Affairs. Current opinions of the Council on Ethical and Judicial
Affairs. Chicago: The Association; 1992. Sections 5.05-5.09,
Confidentiality; p. 25-8.
Anderson RJ. Security in clinical information systems [monograph
online]. Cambridge (UK): University of Cambridge Computer
Laboratory; 1996 Jan 12. Available from: World Wide Web,
http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html.
Prepared for the British Medical Association.
Barber B, Jensen OA, Lamberts H, Roger-France F, De Schouwer P,
Zöllner H. The six safety first principles of health information
systems: A programme of implementation: part 1 safety and
security. In: Commission of the European Communities DG XIII/F
AIM. Data protection and confidentiality in health informatics:
handling health data in Europe in the future. Washington: IOS
Press; 1991. p. 296-301. (Studies in health technology and
informatics; vol. 1).
Barber B, Treacher A, Louwerse CP, editors. Towards security in
medical telematics: legal and technical aspects. Washington: IOS
Press; 1996. 252 p. (Studies in technology and informatics; vol.
27).
Bengtsson S, Solheim BG. Enforcement of data protection, privacy
and security in medical informatics. In: Lun KC, Degoulet P,
Piemme TE, Rienhoff O, editors. MEDINFO 92. Proceedings of the
7th World Congress on Medical Informatics; 1992 Sep 6-10; Geneva,
Switzerland. Vol. 2. Amsterdam: North-Holland; 1992. p. 1561-5.
Blair JS. Overview of standards related to the emerging health
care information infrastructure. Schaumburg (IL): The
Computer-based Patient Record Institute; 1995 Jan. Reprinted by
the Computer-based Patient Record Institute with permission of
CRC Press.
Brandt MD. Issue: disclosure of health information. A position
statement. Chicago: American Health Information Management
Association; 1993 Dec. 2 p.
Brandt MD. Issue: disclosure of health information relating to
alcohol and drug abuse. A position statement. Chicago: American
Health Information Management Association; 1993 Dec. 1 p.
Brandt MD. Issue: facsimile transmission of health information.
A position statement. Chicago: American Health Information
Management Association; 1994 May. 3 p.
Brandt MD. Issue: managing health information relating to
infection with the human immunodeficiency virus (HIV). A
position statement. Chicago: American Health Information
Management Association; 1994 Feb. 2 p.
Brandt MD. Issue: patient cards. A position statement. Chicago:
American Health Information Management Association; 1993 Nov. 2
p.
Brandt MD. Issue: protecting patient information after a closure.
A position statement. Chicago: American Health Information
Management Association; 1994 Apr. 4 p.
Brandt MD. Issue: physician signatures on attestations. A
position statement. Chicago: American Health Information
Management Association; 1993 Nov. 1 p.
Brandt MD. Issue: redisclosure of health information. A position
statement. Chicago: American Health Information Management
Association; 1993 Dec. 1 p.
Brandt MD. Issue: retention of health information. A position
statement. Chicago: American Health Information Management
Association; 1994 Mar. 2 p.
Brandt MD. Maintenance, disclosure, and redisclosure of health
information. Chicago: American Health Information Mangement
Association; 1993. 23 p.
Canadian Medical Association. The medical record:
confidentiality, access and disclosure. [CMA policy summary].
Can Med Assoc J 1992 Dec 15;147(12):1860A-1860B. (Eng, Fre).
Christensen JP, Villasante J. Data protection and confidentiality
in health care informatics. In: Noothoven van Goor J, Christensen
JP, editors. Advances in medical informatics: results of the AIM
Exploratory Action. Washington: IOS Press; 1992. p. 387-92.
(Studies in health technology and informatics; vol. 2).
Computer-based Patient Record Institute (CPRI). Guidelines for
establishing information security policies at organizations using
computer-based patient record systems. Schaumburg (IL): The
Institute; 1995. Prepared by the CPRI Work Group on
Confidentiality, Privacy, and Security, 1995 Feb.
Computer-based Patient Record Institute (CPRI). Position paper:
access to patient data. Schaumburg (IL): The Institute; 1994 Apr
15.
Computer-based Patient Record Institute (CPRI). Position paper:
authentication in a computer-based patient record. Schaumburg
(IL): The Institute; 1993 Aug 11.
Conference of Medical Royal Colleges and Their Faculties in the
United Kingdom. Interim guidelines on confidentiality and
medical audit. BMJ 1991 Dec 14;303(6816):1525.
Conference of Medical Royal Colleges and Their Faculties in the
United Kingdom, Audit Working Group. Access to medical records
for the purposes of medical audit. [Statement]. BMJ 1993 Apr
3;306(6882):896-7.
Council on Competitiveness. Highway to health: transforming U.S.
health care in the information age. Washington: The Council; 1996
Mar. Chapter 4, Integration of health information systems; p.
40-60.
Data confidentiality--could this policy work for you? QRC Advis
1993 May;9(7):7-8.
De Schouwer P, Barber B, Jensen OA, Lamberts H, Roger-France F,
Zöllner H. The six safety first principles of health information
systems: A programme of implementation: Part 2 the environment,
convenience and legal issues. In: Commission of the European
Communities DG XIII/F AIM. Data protection and confidentiality
in health informatics: handling health data in Europe in the
future. Washington: IOS Press; 1991. p. 302-07. (Studies in
health technology and informatics; vol. 1).
Feasibility of ensuring confidentiality and security of
computer-based patient records. Council on Scientific Affairs,
American Medical Association. Arch Fam Med 1993 May;2(5):
556-60.
Feste L. Issue: confidentiality of the computer-based patient
record. A position statement. Chicago: American Health
Information Management Association; 1992 Jul. 2 p.
Feste LK. Issue: patient access to personal health information.
A position statement. Chicago: American Health Information
Management Association; 1992 Mar. 2 p.
Guideline No. 4. Security of data held in computer systems.
Institute of Health Record Information and Management. IHRIM
1995 Feb;36(1 Suppl):1-2.
Health care information: collection and privacy [microfiche] :
Hearing Before the Senate Comm. on Governmental Affairs, 103rd
Cong., 2d Sess. (May 6, 1994). Washington: U.S. Government
Printing Office; 1995. 125 p. Available from: US GPO,
Washington; Y 4.G 74/9:S.HRG. 103-100.
Joint Commission on Accreditation of Healthcare Organizations.
1996 accreditation manual for hospitals. Vol.1, Standards.
Chicago: The Commission; 1996. Section 2, Management of
information; p. 171-90.
Mayo Clinic Foundation, Information Security Subcommittee. Data
security policies and standards. Unpublished internal document
dated September 1994.
Metzger JB, Stevens JM, Schwartz JE, Nelson R. Implications of
the JCAHO information management initiative for information
systems. Healthc Inf Manage 1994 Spring;8(2):23-30.
National Healthcare Billing Audit Guidelines, adopted March 13,
1992. AHIMA, AHA, Association of Healthcare Internal Auditors,
Blue Cross and Blue Shield Association, HFMA, and HIAA. J AHIMA
1992 Jun;63(6):105-9.
Pitman SC. Standards in the medical transcription service
industry. J Am Health Inf Manag Assoc 1992;63(7):75-7.
Position statement: Confidentiality of the computer-based patient
record. American Health Information Management Association. J
AHIMA 1992 Sep;63(9):125-6.
Sommerville A. Confidentiality and medical records. In: British
Medical Association, Ethics Science and Information Division.
Medical ethics today: its practice and philosophy. London: BMJ
Publishing Group; 1993. p. 36-68, 339-40.
Tiemann S. The individual, society and the protection of personal
data. In: Commission of the European Communities DG XIII/F AIM.
Data protection and confidentiality in health informatics:
handling health data in Europe in the future. Washington: IOS
Press; 1991. p. 62-4. (Studies in health technology and
informatics; vol. 1).
United States, Congress, Office of Technology Assessment.
Genetic monitoring and screening in the workplace. Washington:
U.S. Government Printing Office; 1990 Oct. Report No.:
OTA-BA-455. 262 p.
Users and uses of patient records. Report of the Council on
Scientific Affairs. Council on Scientific Affairs, American
Medical Association. Arch Fam Med 1993 Jun;2(6):678-81.
Wanerus P, Brandt MD. Issue: Managing health information in
facility mergers and acquisitions. A position statement.
Chicago: American Health Information Management Association; 1994
Apr. 4 p.
Wogan MJ. Issue: HCFA's uniform clinical data set (UCDS). A
position statement. Chicago: American Health Information
Management Association; 1991 Nov. 2 p.
Work Group on Computerization of Patient Records. Toward a
national health information infrastructure: report of the Work
Group on Computerization of Patient Records to the Secretary of
the U.S. Department of Health and Human Services. [Washington:
Department of Health and Human Services (US)]; 1993 Apr.
Workgroup for Electronic Data Interchange (WEDI). The new
Workgroup for Electronic Interchange, summary report, April 1995.
[place unknown]: The Workgroup; 1995?
Workgroup on Electronic Data Interchange (WEDI). Report, October
1993. [place unknown]: The Workgroup; 1993?
Workgroup for Electronic Data Interchange (WEDI). Report to
Secretary of U.S. Department of Health and Human Services, July
1992. [place unknown]: The Workgroup; 1992?
Institutional
Brandt M. Developing an information management plan. J AHIMA
1995 May;66(5):24-8, 30, 32-3.
Gramlich D. Confidentiality issues in the 90's. NAHAM Manag J
1992 Fall;18(2):6-8.
Hospital survey shows computer-based patient record protection
weaknesses. Inf Manag Bull 1994 Fall;7(3-4):5-6.
Katsikas SK, Gritzalis DA. The need for a security policy in
health care institutions. Int J Biomed Comput 1994 Feb;35
Suppl:73-80.
RISK ANALYSIS & CONTINGENCY PLANNING
Bakker AR. Benefits and threats of new technologies. In:
Commission of the European Communities DG XIII/F AIM. Data
protection and confidentiality in health informatics: handling
health data in Europe in the future. Washington: IOS Press; 1991.
p. 191-6. (Studies in health technology and informatics; vol.
1).
Bakker AR. Computers in hospitals, vulnerability aspects. In:
Adlassnig KP, Grabner G, Bengtsson S, Hansen R, editors. Medical
Informatics Europe 1991. Proceedings; 1991 Aug 19-22; Vienna,
Austria. Berlin: Springer-Verlag; 1991. p. 62-6. (Lecture notes
in medical informatics; 45).
Barber B. Are your systems securely engineered? Br J Healthc
Comput Inf Manag 1995 Apr;12(3):30-1.
Barber B, Davey J. Approaching safe and secure health
information systems in Europe. Comput Methods Programs Biomed
1994 Jul;44(1):23-9.
Barber B, Davey J. The use of the CCTA risk analysis and
management methodology (CRAMM) in health information systems.
In: Lun KC, Degoulet P, Piemme TE, Rienhoff O, editors. MEDINFO
92. Proceedings of the 7th World Congress on Medical Informatics;
1992 Sep 6-10; Geneva, Switzerland. Vol. 2. Amsterdam:
North-Holland; 1992. p. 1589-93.
Barber B, Fairey M. Attack and defence: NHS security and data
protection programme. Br J Healthc Comput Inf Manag 1995
Jul;12(6):30-2.
Berleur J, Beardon C, Laufer R, editors. Proceedings of the IFIP
WG9.2 Working Conference on Facing the Challenge of Risk and
Vulnerability in an Information Society; 1993 May 20-22; Namur,
Belgium. Amsterdam: Elsevier Science Pub.; 1993. 311 p. (IFIP
Transactions A (Computer Science and Technology); vol.A-33).
Brandt M. Confidentiality today: where do you stand? J AHIMA
1993 Dec;64(12):59-62.
Cloud AC. An EDP audit with a twist. Inf Exec 1990
Fall;3(4):14-5.
Cox TP. The 'paperless' physician office: a risk management
perspective. J Healthc Risk Manag 1993 Fall;13(4):29-35.
Davey J. Risk analysis and management. In: Commission of the
European Communities DG XIII/F AIM. Data protection and
confidentiality in health informatics: handling health data in
Europe in the future. Washington: IOS Press; 1991. p. 350-9.
(Studies in health technology and informatics; vol. 1).
Eleazar PY. Risks associated with clinical databases. Top
Health Rec Manag 1991 Nov;12(2):49-58.
Ferraiolo DF, Gilbert DM, Lynch N. Assessing federal and
commercial information security needs. Gaithersburg (MD):
National Institute of Standards and Technology (US), Computer
Systems Laboratory; 1992 Nov. Report No: NIST Internal Report
(NISTIR) 4976. Available from: NTIS, Springfield, VA;
PB93-138956.
Furnell SM, Sanders PW, Stockel CT. An expert system for health
care data security: a conceptual outline. In: Ifeachor EC, Rosen
KG, editors. Proceedings of the International Conference on
Neural Networks and Expert Systems in Medicine and Healthcare.;
1994 Aug 23-26; Plymouth, UK. Plymouth (UK): Univ. of Plymouth;
1994. p. 346-52.
Gabrieli ER. Data security. J Clin Comput 1992;21(1-2):17-41.
Gritzalis D, Tomaras A, Katsikas S, Keklikoglou J. Data security
in medical information systems: the Greek case. Comput Secur
1991 Apr;10(2):141-59.
Liczbanski M. Protect your data! Data Based Advis 1992
May;10(5):114-24.
Louwerse CP. Practical aspects of handling data protection and
data security. In: Commission of the European Communities DG
XIII/F AIM. Data protection and confidentiality in health
informatics: handling health data in Europe in the future.
Washington: IOS Press; 1991. p. 324-33. (Studies in health
technology and informatics; vol. 1).
Miller D. Security, durability & portable computers. Healthc
Inform 1993 May;10(5):72, 74.
Miller DW. Commonly overlooked information security issues.
Toward Electron Patient Rec 1994 May;2(10):1, 3-7.
Morris DC. It could never happen here! Comput Healthc 1990
Aug;11(8):38-44.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Guideline for the analysis of local area
network security. Gaithersburg (MD): The Institute; 1994 Nov.
(Federal information processing standards; FIPS PUB 191).
Available from: NTIS, Springfield, VA.
Pangalos GJ. Medical database security evaluation. Med Inf
(Lond) 1993 Oct-Dec;18(4):283-92.
Picukaric JM. The computer-based patient record: risks,
security, and the HIM role. J AHIMA 1992 Mar;63(3):78-84.
Skok R. Security systems: malpractice insurance for healthcare
organizations. J AHIMA 1993 Jan;64(1):51-2.
Warnock-Matheron A, Gruending DL, Hannah KJ. A risk management
approach to the security of hospital information systems. Can J
Nurs Adm 1993 May-Jun;6(2):22-4, 30.
Warren MJ, Sanders PW, Gaunt PN. Security criteria expert system
concept: the healthcare application. In: Ifeachor EC, Rosen KG,
editors. Proceedings of the International Conference on Neural
Networks and Expert Systems in Medicine and Healthcare; 1994 Aug
23-26; Plymouth, UK. Plymouth (UK): Univ. Plymouth; 1994. p.
146-53.
EDUCATION & TRAINING
Brown MM. Building respect for confidentiality through
education. J AHIMA 1993 Dec;64(12):65-6.
Computer-based Patient Record Institute (CPRI). Guidelines for
information security education programs at organizations using
computer-based patient record systems. Schaumburg (IL): The
Institute; 1995. Prepared by the CPRI Work Group on
Confidentiality, Privacy, and Security, 1995 Jun.
Merski P. Optical imaging the Right way. J AHIMA 1993
May;64(5):69-72.
Self-assessment tool. Confidentiality and security in the
computer-based patient record environment. J AHIMA 1992
May;63(5):77-9.
Smith HJ, Kallman EA. Information privacy: medical record
directors' perceptions of policy and practice. J AHIMA 1993
Feb;64(2):48-51.
ACCESS CONTROL/ AUTHENTICATION
Birkegaard N. User authorization in distributed hospital
information systems. In: Commission of the European Communities
DG XIII/F AIM. Data protection and confidentiality in health
informatics: handling health data in Europe in the future.
Washington: IOS Press; 1991. p. 285-95. (Studies in health
technology and informatics; vol. 1).
Biskup J. Protection of privacy and confidentiality in medical
information systems: problems and guidelines. In: Spooner DL,
Landwehr C, editors. Database Security, 3: Status and Prospects.
Results of the IFIP WG 11.3 workshop; 1989 Sep 5-7; Monterey, CA.
Amsterdam: North-Holland; 1990. p. 13-23.
Biskup J, Eckert C. [Secure delegation in information systems].
In: Weck G, Horster P, editors. Proceedings of VIS '93; 1993 May
11-13; Munich, Germany. Wiesbaden: Vieweg; 1993. p. 107-33.
(Ger).
Bobis KG. Implementing right to know security in the
computer-based patient record. In: Proceedings of the IEEE 13th
Annual International Phoenix Conference on Computers and
Communications; 1994 Apr 12-15; Phoenix, AZ. Piscataway (NJ):
IEEE; 1994. p. 156-60.
Brannigan VM. A framework for Need to Know authorizations in
medical computer systems: responding to the constitutional
requirements. Proc Annu Symp Comput Appl Med Care 1994;18:392-6.
Dargahi R, Classen DW, Bobroff RB, Petermann CA, Moreau DR, Beck
JR, Buffone GJ. The development of a data security model for the
Collaborative Social and Medical Services System. Proc Annu Symp
Comput Appl Med Care 1994;18:349-53.
Decoster C. [Data protection within the Ministry of Public
Health and in the hospitals]. Acta Hosp 1994;34(1):87-91. (Dut).
Eichenwald S. Information technologies. Physician- hospital
networks. J AHIMA 1992 Mar;63(3):50-1.
Gritzalis D, Katsikas S, Keklikoglou J, Tomaras A. Data security
in medical information systems: technical aspects of a proposed
legislation. Med Inf (Lond) 1991 Oct-Dec;16(4):371-83.
Henkind SJ, Orlowski JM, Skarulis PC. Application of a
multilevel access model in the development of a security
infrastructure for a clinical information system. Proc Annu Symp
Comput Appl Med Care 1993;17:64-8.
High-tech privacy issues in health care: Hearings Before the
Subcomm. on Technology and the Law of the Senate Comm. on the
Judiciary, 103d Congress, 1st and 2d Sess. (October 27, 1993,
and January 27, 1994). Washington: U.S. Government Printing
Office; 1994. 137 p. Available from: US GPO, Washington; Y 4.J
89/1; Y 4.J 89/22:S.HRG.103-836.
Kohler CO. [Medical documentation in the 'new health care
system']. Nachr Dok 1994 May-Jun;45(3):135-42. (Ger).
Lonquet P, Barthier S, Leport C, Bompis B, Guilloy Y, Vlide JL.
Assessement of a written procedure to improve the protection of
confidentiality for hospitalized patients. Int Conf AIDS 1991
Jun 16-21;7(1):424. Abstract no. M.D.4138.
Morris P, McDermid J. The structure of permissions: a normative
framework for access rights. In: Database Security, 5: Status
and Prospects. Results of the IFIP WG 11.3 workshop; 1991 Nov
4-7; Shepherdstown, WV. [Amsterdam?: North Holland?]; 1992. p.
77-97. (IFIP transactions A (computer science and technology);
vol.A-6).
Murphy G, Anderson EM. An organizational model for data access
and management--work in progress. J AHIMA 1994 Aug;65(8):50-2,
54.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Automated password generator (APG).
Gaithersburg (MD): The Institute; 1993 Oct. (Federal information
processing standards; FIPS PUB 181). Available from: NTIS,
Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Guideline for the use of advanced
authentication technology alternatives. Gaithersburg (MD): The
Institute; 1994 Sep. (Federal information processing standards;
FIPS PUB 190). Available from: NTIS, Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Standard on password usage. Gaithersburg
(MD): The Institute; 1985 May. (Federal information processing
standards; FIPS PUB 112). Available from: NTIS, Springfield, VA.
Notargiacomo LA, Graubart RD, Jajodia S, Landwehr CE. Health
delivery: the problem solved? In: Database Security, 4. Status
and Prospects. Results of the IFIP WG 11.3 workshop; 1990 Sep
18-21; Halifax, UK. Amsterdam: North-Holland; 1991. p. 13-26.
Orr GA, Brantley BA Jr. Development of a model of information
security requirements for enterprise-wide medical information
systems. Proc Annu Symp Comput Appl Med Care 1992;16:287-91.
Pangalos G, Khair M, Bozios L. Enhancing medical database
security. J Med Syst 1994 Aug;18(4):159-71.
Pangalos GJ. Medical database security policies. Methods Inf
Med 1993 Nov;32(5):349-56; discussion 357.
Peterson HE. Management and staff issues in data protection. In:
Commission of the European Communities DG XIII/F AIM. Data
protection and confidentiality in health informatics: handling
health data in Europe in the future. Washington: IOS Press;
1991. p. 315-23. (Studies in health technology and informatics;
vol. 1).
Pinkert JR. Contemporary issues in HIM. Kerberos--security for
sensitive data. J AHIMA 1994 Jun;65(6):22-4, 26-8.
Quisquater JJ, Bouckaert A. Zero-knowledge procedures for
confidential access to medical records. In: Quisquater JJ,
Vandewalle J, editors. Advances in cryptology - EUROCRYPT '89.
Proceedings of the Workshop on the Theory and Application of
Cryptographic Techniques; 1989 Apr 10-13; Houthalen, Belgium.
Berlin: Springer-Verlag; 1990. p. 662-4.
Rihaczek K. Data protection in networks. In: Commission of the
European Communities DG XIII/F AIM. Data protection and
confidentiality in health informatics: handling health data in
Europe in the future. Washington: IOS Press; 1991. p. 249-70.
(Studies in health technology and informatics; vol. 1).
Riley WD. Safe as a bank. LAN Technol 1992 May;8(5):29-31.
Safran C, Rind D, Citroen M, Bakker AR, Slack WV, Bleich HL.
Protection of confidentiality in the computer-based patient
record. MD Comput 1995 May-Jun;12(3):187-92.
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access
control models. Computer 1996 Feb;29(2):38-47.
Shimaoka A. Security evaluation for the information system of
Oita Medical University Hospital [abstract]. Annu Meet Int Soc
Technol Assess Health Care 1994;10:Abstract no. 131.
Wear LL, Pinkert JR. Computer security. J AHIMA 1993
Sep;64(9):30-2, 34, 36-7.
Yamamoto K, Ishikawa K, Miyaji M, Nakamura Y, Nishi S, Sasaki T,
Tsuji K, Watanabe R. Necessity to improve common understanding
about the security issues among hospitals in Japan and some
feasible approaches. Int J Biomed Comput 1994 Feb;35
Suppl:205-12.
PERSONAL IDENTIFIERS
American Medical Informatics Association. Standards for medical
identifiers, codes, and messages needed to create an efficient
computer-stored medical record. J Am Med Inform Assoc 1994
Jan-Feb;1(1):1-7.
Asher A, Edson D, Howell E, Pence K. The unique record number: an
alternative to traditional person identifiers. In: Toward the
year 2000: refining the measures. Proceedings of the 24th Public
Health Conference on Records and Statistics; 1993 Jul 19-21;
Washington. Hyattsville (MD): National Center for Health
Statistics (US); 1994. p. 308-11.
Baitty RL, Jain RB, Hager C, Pope W, Goosby EP, Bowen GS.
Protecting confidentiality in a national reporting system for HIV
services. Int Conf AIDS 1993 Jun 6-11;9:947 Abstract no.
PO-D36-4374.
Barber B, France FR, Winkeler B, Olsen P. The EuroHealth
Database-handling personal data without access to personal
identification. In: Adlassnig KP, Grabner G, Bengtsson S, Hansen
R, editors. Medical Informatics Europe 1991. Proceedings;
1991 Aug 19-22; Vienna, Austria. Berlin: Springer-Verlag; 1991.
p. 646-52. (Lecture notes in medical informatics; 45).
Carpenter PC, Chute CG. The Universal Patient Identifier: a
discussion and proposal. Proc Annu Symp Comput Appl Med Care
1993;17:49-53.
Concept models of patient identification: issues surrounding the
use of social security numbers for patient identification.
Toward Electron Patient Rec 1993;Analysis 2:1-15.
Dilger K. [Use of computers for patient data and billing].
Fortschr Ophthalmol 1990;87 Suppl:S1-4. (Ger).
Fitzmaurice JM, Murphy G, Wear P, Korpman R, Weber G, Whiteman J.
Patient identifiers: stumbling blocks or cornerstones for CPRs
(computer-based patient records)? Healthc Inform 1993
May;10(5):38-40, 42.
Gabrieli ER. Guide for unique healthcare identifier model. J
Clin Comput 1993;21(5):101-39.
Gardner RM. Integrated computerized records provide improved
quality of care with little loss of privacy. J Am Med Inform
Assoc 1994 Jul-Aug;1(4):320-2.
Goldschmidt AJW, Gaal L. [Optimised computer-aided random number
generation for achieving anonymity of patients' records]. Softw
Kur Med Psychol 1991;4(5):145-50. (Ger).
Information and Privacy Commissioner/Ontario. Privacy and
electronic identification in the information age. [Ottawa
(Ontario, Canada): The Commissioner]; 1994 Nov. 13 p.
Meux E. California's experience: SSN and confidentiality. In:
Toward the year 2000: refining the measures. Proceedings of the
24th Public Health Conference on Records and Statistics (US);
1993 Jul 19-21; Washington. Hyattsville (MD): National Center for
Health Statistics (US); 1994. p. 312-4.
Meux E. Encrypting personal identifiers. Health Serv Res 1994
Jun;29(2):247-56.
Mjolsnes SF. Privacy, cryptographic pseudonyms, and the state of
health. In: Imai H, Rivest RL, Matsumoto T, editors. Advances in
cryptology - ASIACRYPT '91. Proceedings of the International
Conference on the Theory and Application of Cryptology; 1991 Nov
11-14; Fujiyoshida, Japan. Berlin: Springer-Verlag; 1993. p.
493-4.
Mulligan D. Methods of identifying individuals in health
information systems. In: Toward an electronic patient record '95.
11th International Symposium on the Creation of Electronic Health
Record Systems. Proceedings; 1995 Mar 14-19; Orlando, FL. Vol.
2. Newton (MA): Medical Records Institute; 1995. p. 428-41.
National ID systems demand proper safeguards. Data Protection
Registrar advocates debate. IHRIM 1994 Aug;35(3):9-10.
Szolovits P, Kohane I. Against simple universal health-care
identifiers. J Am Med Inform Assoc 1994 Jul-Aug;1(4):316-9.
Thirion X, Maldonado J, Sambuc R, San Marco JL. An experiment in
the anonymous distribution of AIDS-medicaments in Southern
France. Int Conf AIDS 1990 Jun 20-23;6(3):301. Abstract no.
S.D.845.
Waegemann CP. Patient identifiers: insurance identification and
patient identification in health care. Executive summary.
Toward Electron Patient Rec 1993 Oct;Analysis 3:10-4.
Williams BC, Demitrack LB, Fries BE. The accuracy of the
National Death Index when personal identifiers other than Social
Security number are used. Am J Public Health 1992 Aug;82(8):
1145-7.
AUDIT TRAILS
Bakker AR. Special care needed for the heart of medical
information systems. In: Biskup J, Morgenstern M, Landwehr CE,
editors. Database Security, 8: Status and Prospects. Proceedings
of the IFIP WG11.3 Working Conference on Database Security; 1994
Aug 23-26; Bad Salzdetfurth, Germany. London: Chapman & Hall
Ltd.; 1994. p. 3-10. (IFIP transactions A (computer science and
technology); vol. A-60).
Borten K. Using an audit facility to protect patient data at the
Massachusetts General Hospital. In: Toward an electronic patient
record '95. 11th International Symposium on the Creation of
Electronic Health Record Systems. Proceedings; 1995 Mar 14-19;
Orlando, FL. Newton (MA): Medical Records Institute; 1995. p.
115-20.
Hammond JE, Berger RG, Carey TS, Fakhry SM, Rutledge R, Kichak
JP, Cleveland TJ, Dempsey MJ, Tsongalis NM, Ayscue CF. Report on
the clinical workstation and clinical data repository utilization
at UNC Hospitals. Proc Annu Symp Comput Appl Med Care
1994;18:276-80.
Hayam A. Security Audit Center--a suggested model for effective
audit strategies in health care informatics. Int J Biomed Comput
1994 Feb;35 Suppl:115-27.
Kowalski S. An accountability server for health care information
systems. Int J Biomed Comput 1994 Feb;35 Suppl:129-38.
Muhlenberg provides secure access to patient files. Commun News
1995 May;32(5):16.
Schwartz M. Protecting patient data confidentiality in the
healthcare environment. EDPACS 1993 Sep;21(3):12-8.
Walker NS. An integrated clinical computer system: implications
for a medical information services department. J AHIMA 1994
Dec;65(12):41-3.
ELECTRONIC SIGNATURES
Barber B, Douglas S. An initial approach to the security
techniques required by the electronic patient record. Int J
Biomed Comput 1994 Feb;35 Suppl:33-8.
Branstad DK, editor. Report of the NIST Workshop on Digital
Signature Certificate Management, December 10-11, 1992.
Gaithersburg (MD): National Institute of Standards and Technology
(US), Computer Systems Laboratory; 1993 Aug. Report No.: NIST
Internal Report (NISTIR) 5234. Available from: NTIS,
Springfield, VA; PB94-135001.
Bryant LE Jr. Health law: legal authorization for the electronic
signature or computer-generated signature code on medical records
in Illinois. J AHIMA 1992 Sep;63(9):18-9.
Curtis EH. Electronic signature of computerized patient records.
Top Health Inf Manag 1994 Aug;15(1):64-73.
French B, Priester RA. Electronic signature thrives in different
environments. J AHIMA 1995 Jun;66(6):61-3.
Kadzielski MA, Reynolds MB. Legal review: auto- authentication
of medical records raises verification concerns. Top Health Inf
Manag 1993 Aug;14(1):77-82.
Lima C. Challenges in the approval process for the physician
computerized signature. J AHIMA 1993 Feb;64(2):55-8.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Digital signature standard (DSS).
Gaithersburg (MD): The Institute; 1994 May 19. (Federal
information processing standards; FIPS PUB 186). Available from:
NTIS, Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Secure hash standard. Gaithersburg (MD): The
Institute; 1995 Apr. (Federal information processing standards;
FIPS PUB 180-1). Available from: NTIS, Springfield, VA.
Noel LA. Electronic signatures: a brief overview. J Am Med Rec
Assoc 1991 Sep;62(9):38-43.
Silva A. Electronic signatures: one hospital's approach. J Am
Med Rec Assoc 1991 Jul;62(7):24-5.
Smith JP. Authentication of digital medical images with digital
signature technology. Radiology 1995 Mar;194(3):771-4.
Waegemann CP. The new standard guide for electronic signatures.
ASTM Stand News 1995 Aug;23(8):4-7.
ENCRYPTION
Abou-Tayiem E. Implementation of the RSA public-key cryptosystem.
Stevenage (Herts, UK): Institution of Electrical Engineers; 1995.
Baum MS. Federal certification authority liability and policy.
Gaithersburg (MD): National Institute of Standards and Technology
(US), Computer Systems Laboratory; 1994 Jun. Report No: NIST GCR
94-654. Available from: NTIS, Springfield, VA; PB94-191202.
Garfinkel S. PCP: pretty good privacy. Sebastopol (CA): O'Reilly
& Associates, Inc.; 1994.
Houser WR. NIST's 'victory' will save DSS users an arm and a
leg. Gov Comput News 1993 Jul 5;12(14):25-6.
National Institute of Standards and Technology (US). Proposed
Federal Information Processing Standard (FIPS) for public key
cryptographic entity authentication mechanisms. Fed Regist 1995
Jun 6;60(108):29830-2.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Appendix 5. Example of the DSA. Gaithersburg
(MD): The Institute; 1995 Oct 2. (Federal information processing
standards; FIPS PUB 186).
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Data encryption standard. Gaithersburg (MD):
The Institute; 1993 Dec (Reaffirmed until 1998). (Federal
information processing standards; FIPS PUB 46-2). Available
from: NTIS, Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Escrowed encryption standard (EES).
Gaithersburg (MD): The Institute; 1994 Feb. (Federal information
processing standards; FIPS PUB 185). Available from: NTIS,
Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Key management using ANSI X9.17. Gaithersburg
(MD): The Institute; 1992 Apr. (Federal information processing
standards; FIPS PUB 171). Available from: NTIS, Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Security requirements for cryptographic
modules. Gaithersburg (MD): The Institute; 1994 Jan. (Federal
information processing standards; FIPS PUB 140-1). Available
from: NTIS, Springfield, VA.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Standard on computer data authentication.
Gaithersburg (MD): The Institute; 1985 May. (Federal information
processing standards; FIPS PUB 113). Available from: NTIS,
Springfield, VA.
Oldehoeft AE, Branstad D, editors. Report of the NIST Workshop on
Key Escrow Encryption. Gaithersburg (MD): National Institute of
Standards and Technology (US), Computer Systems Laboratory; 1994
Jun. Report No.: NIST Internal Report (NISTIR) 5468. Available
from: NTIS, Springfield, VA; PB94-209459.
Olnes J. EDIFACT security made simple-the EDIMED approach.
Comput Secur 1993 Dec;12(8):765-74.
Schneier B. Applied cryptography: protocols, algorithms and
source code in C. 2nd ed. New York: Wiley & Sons, Inc.; 1995.
Stevens A. Hacks, spooks, and data encryption. Dr Dobbs J 1990
Sep;15(9):127-38.
Zamparo R. A study of OSI key management. Gaithersburg (MD):
National Institute of Standards and Technology (US), Computer
Systems Laboratory; 1992 Nov. Report No.: NIST Internal Report
(NISTIR) 4983. Available from: NTIS, Springfield, VA;
PB93-151579.
SOFTWARE & APPLICATION DESIGN/PROTECTION
Bassham LE, Polk WY. Security of SQL-based implementations of
product data exchange using STEP. Gaithersburg (MD): National
Institute of Standards and Technology (US), Computer Systems
Laboratory; 1993 Oct. Report No.: NIST Internal Report (NISTIR)
5283. Available from: NTIS, Springfield, VA; PB94-139649.
Bassoe CF. [Data hygiene. Data security, prevention of wrong or
useless information and high quality of communication]. Tidsskr
Nor Laegeforen 1995 Jan 20;115(2):252-5. (Nor).
Baum-Waidner B, Bunz H, Capellaro C. SAMSON, security management
in a health care scenario. In: Kugler HJ, Mullery A, Niebert N,
editors. 2nd International Conference on Intelligence in
Broadband Services and Networks; 1994 Sep 7-9; Aachen, Germany.
Berlin: Springer-Verlag; 1994. p. 503-12.
Bennett PA. Safety standards in medical software. In: Commission
of the European Communities DG XIII/F AIM. Data protection and
confidentiality in health informatics: handling health data in
Europe in the future. Washington: IOS Press; 1991. p. 197-213.
(Studies in health technology and informatics; vol. 1).
Biskup J. Medical database security. In: Commission of the
European Communities DG XIII/F AIM. Data protection and
confidentiality in health informatics: handling health data in
Europe in the future. Washington: IOS Press; 1991. p. 214-30.
(Studies in health technology and informatics; vol. 1).
Cannataci JA. Data protection issues in database management and
expert systems. In: Commission of the European Communities DG
XIII/F AIM. Data protection and confidentiality in health
informatics: handling health data in Europe in the future.
Washington: IOS Press; 1991. p. 161-80. (Studies in health
technology and informatics; vol. 1).
Davey J. Tools and techniques for the development of secure
software. Int J Biomed Comput 1994 Feb;35 Suppl:173-8.
Eichinger S, Pernul G. Design environment for a hospital
information system: meeting the data security challenge. In: Lun
KC, Degoulet P, Piemme TE, Rienhoff O, editors. MEDINFO 92.
Proceedings of the 7th World Congress on Medical Informatics;
1992 Sep 6-10; Geneva, Switzerland. Vol.2. Amsterdam:
North-Holland; 1992. p. 1582-8.
Filsinger J. Integrity and the audit of trusted database
management systems. In: Database Security, 6: Status and
Prospects. IFIP WG 11.3 workshop; 1992 Aug 19-21; Vancouver, BC,
Canada. [Amsterdam?: North-Holland?]; 1993. p. 349-65. (IFIP
transactions A (computer science and technology); vol. A-21).
Haber L. Prevention is the best medicine. (impact and prevention
of computer viruses and the emergence of anti-virus software).
MIDRANGE Syst 1992 Feb 4;5(3):68-70.
Kailey JB, editor. Validated products list 1995 No. 2. Vol. 1,
Programming languages, database language SQL, graphics, POSIX,
and computer security; Vol. 2, GOSIP. Gaithersburg (MD): National
Institute of Standards and Technology (US), Computer Systems
Laboratory; 1995 Apr. Report No: NIST Internal Report (NISTIR)
5629. Available from: NTIS, Springfield, VA; PB95-937301.
Kemmerer RA. A multi-level formal specification of a mental
health care database. In: Jajodia S, Landwehr CE, editors.
Database Security, 4: Status and Prospects. Results of the IFIP
WG 11.3 workshop; 1990 Sep 18-21; Halifax, UK. Amsterdam:
North-Holland; 1991. p. 27-51.
Morgan JD. Point of care and patient privacy: who is in control?
Top Health Inf Manag 1994 May;14(4):36-43.
Pangalos G, Pomportsis A, Bozios L, Khair M. Development of
secure medical database systems. In: Karagiannis D, editor.
Proceedings of DEXA 94; 1994 Sep 7-9; Athens, Greece. Berlin:
Springer-Verlag; 1994. p. 680-9.
Polk WT, Bassham LE. A guide to the selection of anti-virus tools
and techniques. Gaithersburg (MD): National Institute of
Standards and Technology (US), Computer Systems Laboratory; 1992
Dec. (NIST special publication; 800-5). Available from: NTIS,
Springfield, VA; PB93-152049.
Polk WT, Bassham LE. Security issues in the database language
SQL. Gaithersburg (MD): National Institute of Standards and
Technology (US), Computer Systems Laboratory; 1993 Aug. (NIST
special publication; 800-8). Available from: US GPO, Washington;
SN 003-003-03225-5.
Ting TC. Application information security semantics: a case of
mental health delivery. In: Spooner DL, Landwehr C, editors.
Database Security, 3: Status and Prospects. Results of the IFIP
WG 11.3 workshop; 5-7 Sep 1989; Monterey, CA. Amsterdam:
North-Holland; 1990. p. 1-12.
Ulirsch RC, Ashwood ER, Noce P. Security in the clinical
laboratory. Guidelines for managing the information resource.
Arch Pathol Lab Med 1990 Jan;114(1):89-93.
van Dorp HD, Dubbeldam JF. The AIM SEISMED guidelines for system
development and design. Int J Biomed Comput 1994 Feb;35
Suppl:179-86.
Watt R. Security in VAX DSM Version 6.0. MUG Q 1991
Jun;21(3):106-11.
Weingarten J. Can confidential patient information be kept
private in high-tech medicine? MD Comput 1992
Mar-Apr;9(2):79-82.
NETWORK SECURITY
Bagwill R, Barkley J, Carnahan L, et al. Security in open
systems. Gaithersburg (MD): National Institute of Standards and
Technology (US), Computer Systems Laboratory; 1994 Jul. (NIST
special publication; 800-7). Available from: US GPO, Washington;
SN003-003-03276-0.
Bleumer G. Security for decentralized health information
systems. Int J Biomed Comput 1994 Feb;35 Suppl:139-45.
Campbell LA. How secure is the Internet for health care
applications? Toward Electron Patient Rec 1995 Jun-Jul;4(1):1,
3-16.
Castagna R. The well-guarded LAN. PC Sources 1991
Sep;2(9):139-42.
Cheswick WR, Bellowin SM. Firewalls and Internet security:
repelling the wily hacker. Reading (MA): Addison-Wesley Pub. Co.,
Inc.; 1994. 306 p.
Dayanim J. Disaster recovery: options for public and private
networks. (includes related article on network recovery for
integrated LAN/WAN networks). Telecommunications 1991 Dec;
25(12):48-52.
de Roulet D, Le HS, Scherrer JR. The technical conditions for an
open architecture. Int J Biomed Comput 1994 Feb;35 Suppl:107-14.
Fernandez Del Val C. Medical network security and viruses. In:
Commission of the European Communities DG XIII/F AIM. Data
protection and confidentiality in health informatics: handling
health data in Europe in the future. Washington: IOS Press;
1991. p. 271-84. (Studies in health technology and informatics;
vol. 1).
Harwood R. Install the wall. DEC Prof 1994 Dec;13(12):44-5.
Howlett P, Powell T. United we stand (hospital network
security). Br J Healthc Comput Inf Manag 1994 Oct;11(8):26-7.
Klimmins J, Dinkel C, Walters D. Telecommunications security
guidelines for telecommunications management network.
Gaithersburg (MD): National Institute of Standards and Technology
(US); 1995 Oct. 37 p. (NIST special publication; 800-13).
Available from: US GPO, Washington; SN003-003-03376-6.
Leon BJ, Narayanan R. Network management information for system
control. In: Proceedings of GLOBECOM '93. IEEE Global
Telecommunications Conference; 1993 Nov 29 - Dec 2; Houston, TX.
Vol. 3. New York: IEEE; 1993. p. 1553-7.
McWilliams S. How Boston's Beth Israel Hospital copes with
security on the Internet. IS Anal 1994 Dec;33(12):12-6.
Moehr JR, McDaniel JG. Security precautions for networked
computers. Dimens Health Serv 1991 Apr;68(3):21-4.
National Institute of Standards and Technology (US), Computer
Systems Laboratory. Standard security label for information
transfer. Gaithersburg (MD): The Institute; 1994 Sep. (Federal
information processing standards; FIPS PUB 188). Available from:
NTIS, Springfield, VA.
Pfitzmann A, Pfitzmann B. Security in medical networks. In:
Commission of the European Communities DG XIII/F AIM. Data
protection and confidentiality in health informatics: handling
health data in Europe in the future. Washington: IOS Press;
1991. p. 231-48. (Studies in health technology and informatics;
vol. 1).
Private Branch Exchange (PBX) security guidelines. Gaithersburg
(MD): National Institute of Standards and Technology (US),
Computer Systems Laboratory; 1993 Sep. Report No.: NIST GCR
93-635. Available from: NTIS, Springfield, VA; PB94-100880.
Rotenberg M. Communications privacy: implications for network
design. Commun ACM 1993 Aug;36(8):61-9.
Vaughan-Nichols S. Safety nets and Unix networks. Comput Shopp
1991 Dec;11(12):770-2.
Wack JP, Carnahan LJ. Keeping your site comfortably secure: an
introduction to Internet firewalls. Gaithersburg (MD): National
Institute of Standards and Technology (US), Computer Systems
Laboratory; 1994 Dec. (NIST special publication; 800-10).
Available from: US GPO, Washington; SN003-03313-8.
IMAGES & TELEMEDICINE
Gilbert F. How to minimize the risk of disclosure of patient
information used in telemedicine. Telemed J 1995;1(2):91-4.
Kuroda C, Yoshioka H, Kadota T, Narumi Y, Okamoto H, Kumatani T,
Hiruma O, Kumatani Y, Yoshida J. Small PACS for digital medical
images--reliability and security in a clinical setting. Comput
Methods Programs Biomed 1994 May;43(1-2):101-6.
Manny B. Professional practice forum: photographs and
videotapes. J AHIMA 1992 Dec;63(12):24-6.
Norton SA, Lindborg CE, Delaplain CB. Consent and privacy in
telemedicine. Hawaii Med J 1993 Dec;52(12):340-1.
Ohyama N. IS & C system and file protection mechanism. Comput
Methods Programs Biomed 1994 May;43(1-2):37-42.
Parsons DF. Progress and problems of interhospital consulting by
computer networking. Ann N Y Acad Sci 1992 Dec 17;670:1-11.
Savkar S, Waters RJ. Telemedicine - implications for patient
confidentiality and privacy. Health Inf Syst Telemed 1995;
(1):4-7.
Smith JP. Ensuring confidentiality on computer networks. Diagn
Imaging (San Franc) 1995 Jul;17(7):43-4, 47.
Yachida M, Kitagawa H. [File security techniques on Image Save
and Carry system]. J Inst Telev Eng Jpn 1993 Feb;47(2):154-7.
(Jpn).
SECONDARY USAGE OF HEALTH DATA
Research & Quality Review
Agency for Health Care Policy and Research (US). Report to
Congress: the feasibility of linking research-related data bases
to federal and non-federal medical adminstrative data bases.
Rockville (MD): The Agency; 1991 Apr. (AHCPR Pub; no. 91-0003).
Benbassat J, Levy M. Ethical and legal problems in researcher's
access to data stores. In: Allebeck P, Jannsson B, editors.
Ethics in medicine: individual integrity versus demands of
society. New York: Raven Press; 1990. p. 159-65.
Bentley-Cooper JE. Protecting human research from an invasion of
privacy: the unintended results of the Commonwealth Privacy Act
1988. Aust J Public Health 1991 Sep;15(3):228-34.
Berglund CA. Australian standards for privacy and
confidentiality of health records in research: implications of
the Commonwealth Privacy Act. Med J Aust 1990 Jun
18;152(12):664-9.
Beto JA, Geraci MC, Marshall PA, Bansal VK. Pharmacy computer
prescription databases: methodologic issues of access and
confidentiality. Ann Pharmacother 1992 May;26(5):686-91.
Clayton EW. Panel comment: why the use of anonymous samples for
research matters. J Law Med Ethics 1995;23(4):375-7.
Donaldson MS. Regional health databases, health services
research, and confidentiality: summary of an invitational
workshop. National Implications of the Development of Regional
Health Database Organizations; 1994 Jan 31-Feb 1; Washington.
Washington: Institute of Medicine; 1994. 49 p.
Donaldson MS, Lohr KN, editors. Health data in the information
age: use, disclosure, and privacy. Washington: National Academy
Press; 1994. 257 p.
Edouard L, Rawson NS. Use of personal records for research
purposes. Identification numbers help maintain confidentiality
[letter]. BMJ 1995 Jan 28;310(6974):257-8. Comment on: BMJ 1994
Nov 26;309(6966):1422-4.
Fayerweather WE, Tirey SL, Baldwin JK, Hoover BK. Issues in data
sharing and access: an industry perspective. J Occup Med 1991
Dec;33(12):1253-6.
Flaherty DH. Privacy, confidentiality, and the use of Canadian
health information for research and statistics. Can Public Adm
1992 Spring;35(1):75-93.
Gostin LO, Lazzarini Z. Childhood immunization registries. A
national review of public health information systems and the
protection of privacy. JAMA 1995 Dec 13;274(22):1793-9.
Gulbinat W. Dialogue: will the increased integration of
information systems necessitate lowering standards for patient
confidentiality and data privacy? Balancing individual and
societal needs: micro- vs. macro-ethics. Behav Healthc Tomorrow
1994 Jan-Feb;3(1):32, 39-41.
Hakulinen T. [Cancer registry and data security]. Nord Med
1993;108(8-9):213-5. (Swe).
Harding N, Giles A, Graveney M. Evolution and protection of the
health care record as a European document. In: Commission of the
European Communities DG XIII/F AIM. Data protection and
confidentiality in health informatics: handling health data in
Europe in the future. Washington: IOS Press; 1991. p. 88-121.
(Studies in health technology and informatics; vol. 1).
Helgason T. Epidemiological research needs access to data.
Scand J Soc Med 1992 Sep;20(3):129-33.
Jones JK, Staffa J, Lian J, Miwa L. Record linkages. Eur J Clin
Res 1994;6:87-91.
Kluge EH. Advanced patient records: some ethical and legal
considerations touching medical information space. Methods Inf
Med 1993 Apr;32(2):95-103. Comment in: Methods Inf Med 1993
Apr;32(2):104-7.
Kluge EH. Health information, the fair information principles
and ethics. Methods Inf Med 1994 Oct;33(4):336-45. Comment in:
Methods Inf Med 1994 Oct;33(4):348-50.
Lawrence LM. Safeguarding the confidentiality of automated
medical information. Jt Comm J Qual Improv 1994
Nov;20(11):639-46.
Lincoln TL. Privacy: a real-world problem with fuzzy boundaries
[editorial]. Methods Inf Med 1993 Apr;32(2):104-7. Comment on:
Methods Inf Med 1993 Apr;32(2):95-103.
Lincoln TL, Essin DJ. In search of rules for confidentiality: a
critique of oneproposal [editorial]. Methods Inf Med 1994
Oct;33(4):348-50. Comment on: Methods Inf Med 1994
Oct;33(4):336-45.
Logan JA 3rd, Hebbeler G. Formatting and presenting quality data
to medical staffs and hospital boards. Physician Exec 1994 Oct;
20(10):19-21.
Lousson JP. [Teletransmission, health care and deontology]. Ann
Pharm Fr 1995;53(2):79-82. (Fre).
Lowel H, Lewis M, Gostomzyk J, Keil U. [Population-based heart
infarct register in the Augsburg region: possibilities and
limitations]. Soz Praventivmed 1991;36(3):159-65. (Ger).
Lynge E. European directive on confidential data: a threat to
epidemiology [editorial]. BMJ 1994 Feb 19;308(6927):490.
Comment on: BMJ 1994 Feb 19;308(6927):522-3.
McClure ML. The uses and abuses of large data sets. J Prof Nurs
1991 Mar-Apr;7(2):72.
Panda SK, Nagabhushanam A. Fuzzy data distortion. Comput Stat
Data Anal 1995 May;19(5):553-62.
Reilly PR. Panel comment: the impact of the Genetic Privacy Act
on medicine. J Law Med Ethics 1995;23(4):378-81.
Schrage R. [Cancer register problems--modified reporting law
model for the improvement of data protection]. Offentl
Gesundheitswes 1991 Nov;53(11):746-52. (Ger).
Ten Ham M. Confidentiality of medical databases and
pharmaco-epidemiology. Drug Inf J 1995;29(1):343-49.
Thomas SP. Issues in data management and storage. J Neurosci
Nurs 1993 Aug;25(4):243-5.
Tuchsen F, Bach E, Andersen O, Jorgensen J. The use of a
national hospital register for hypothesis generation. Inf Serv
Use 1990;10(1-2):15-23.
van der Leer OF. The use of personal data for medical research:
how to deal with new European privacy standards. Int J Biomed
Comput 1994 Feb;35 Suppl:87-95.
Verloove-Vanhorick SP, Brand R. [Perinatal registration: a pilot
study of matching of data from the National Obstetrics
Registration and the National Neonatology Registration]. Ned
Tijdschr Geneeskd 1992 Oct 24;136(43):2127-31. (Dut)
Walsh M, Cortez F. Quality assurance system must balance
functionality with data security. Comput Nurs 1991
Jan-Feb;9(1):27-8.
Wan L. The legality of unlinked anonymous screening for HIV
infection: the U.S. approach. Health Policy 1990
Jan-Feb;14(1):29-35.
Westrin CG. Ethical, legal, and political problems affecting
epidemiology in European countries. IRB 1993 May-Jun;15(3):6-8.
Statistics
Ahituv N, Lapid Y, Neumann S. Protecting statistical databases
against retrieval of private information. Comput Secur 1988
Feb;7(1):59-63.
Denning DE, Schlorer J. Inference controls for statistical
databases. Computer 1983 Jul:69-82.
Duncan GT, Jabine TB, de Wolf VA, editors. Private lives and
public policies: confidentiality and accessibility of government
statistics. Washington: National Academy Press; 1993.
Guynes CS, Maples GE, Prybutok VR. Privacy issues in statistical
database environments. Comput Soc 1995 Dec;25(4):3-5.
Hoffman LJ, Miller WF. Getting a personal dossier from a
statistical data bank. Datamation 1970 May;16(5):74-5.
Ozsoyoglu G, Chin FY. Enhancing the security of statistical
databases with a question-answering system and a kernel design.
IEEE Transact Softw Eng 1982 May;SE-8(3):223-34.
Thelot B. [A general solution to the linkage of anonymous
medical data]. C R Acad Sci III 1990;310(8):333-8. (Fre).
SMART CARDS
Allaert FA, Dusserre L. Security of health information system in
France: what we do will no longer be different from what we tell.
Int J Biomed Comput 1994 Feb;35 Suppl:201-4.
Boulanger MH. Legal aspects of the medical data card. I. Comput
Law Secur Rep 1990 Sep-Oct;6(3):8-11.
Card technologies. Toward Electron Patient Rec 1993 Oct;Analysis
3:1-6.
Chaum D, editor. Smart Card 2000. Selected papers from the 2nd
International Smart Card 2000 Conference; 1989 4-6 Oct;
Amsterdam, Netherlands. Amsterdam: North-Holland; 1991. 206 p.
de Martino A. The laser card: a challenge for physicians. In:
Waegemann CP, editor. Patient care with computers and cards. 5th
Global Congress on Patient Cards and Computerization of Health
Records; 1993 Jun 7-9; Venice, Italy. Newton (MA): Medical
Records Institute; 1993. p. 33-5.
Guanyabens J, Baig B. AIM coordinated action on patient data
cards. In: Noothoven van Goor J, Christensen JP, editors.
Advances in medical informatics: results of the AIM Exploratory
Action. Washington: IOS Press; 1992. p. 393-96. (Studies in
health technology and informatics; vol. 2).
Guibert H, Gamache A. Optical memory card applicability for
implementing a portable medical record. Med Inf (Lond) 1993
Jul-Sep;18(3):271-8.
Gunner C. Portable health card interface for multiple health care
applications. In: 3rd Global Conference on Patient Cards; 1991
Mar 12-15; Barcelona, Spain. Newton (MA): Medical Records
Institute; 1991. p. 305-16.
Hartleb U. Administrative aspects of data protection. In:
Commission of the European Communities DG XIII/F AIM. Data
protection and confidentiality in health informatics: handling
health data in Europe in the future. Washington: IOS Press;
1991. p. 334-49. (Studies in health technology and informatics;
vol. 1).
Hayes G. The AIM Patient Data Card Working Group's view of
security. In: 3rd Global Conference on Patient Cards; 1991 Mar
12-15; Barcelona, Spain. Newton (MA): Medical Records Institute;
1991. p. 280-3.
Klein GO. Smart cards--a security tool for health information
systems. Int J Biomed Comput 1994 Feb;5 Suppl:147-51.
Kohler CO, Rienhoff O, Schaeffer OP, editors. Health cards '95.
Proceedings of the Health Cards '95 Conference; 1995 Oct 23-26;
Frankfurt. Washington: IOS Press; 1995. 372 p. (Studies in health
technology and informatics; vol. 26).
Krings G. Intelligent memory chips for smart cards. Siemens
Compon (Eng Ed) 1994 Jan-Feb;29(1):13-7.
Kuhnel E, Klepser G, Engelbrecht R. Smart cards and their
opportunities for controlling health information systems. Int J
Biomed Comput 1994 Feb;35 Suppl:153-7.
Martelli M, Tenneriello L. The CP8 smart card: a technology for
solutions in medical areas. In: Waegemann CP, editor. Patient
care with computers and cards. 5th Global Congress on Patient
Cards and Computerization of Health Records; 1993 Jun 7-9;
Venice, Italy. Newton (MA): Medical Records Institute; 1993. p.
36-8.
Nguyen Nam T, Printz Y, Saadoui S, Nicolay A. Benefit and risk
assessment of computerized health cards: a case study. In:
Berleur J, Beardon C, Laufer R, editors. Proceedings of the IFIP
WG9.2 Working Conference on Facing the Challenge of Risk and
Vulnerability in an Information Society; 1993 May 20-22; Namur,
Belgium. Amsterdam: Elsevier Science Pub.; 1993. p. 153-60. (IFIP
transactions A (computer science and technology); vol. A-33).
Pangalos G. Design and implementation of computer-readable
patient data cards--applications in Europe. Med Inf (Lond) 1992
Oct-Dec;17(4):243-56.
Paradinas P, Vandewalle JJ. A personal and portable database
server: the CQL card. In: Litwin W, Risch T, editors.
Proceedings of 1994 International Conference on Applications of
Databases; 1994 Jun 21-23; Vadstena, Sweden. Berlin:
Springer-Verlag; 1994. p. 444-57.
Pernice A, Doare H, Rienhoff O, editors. Healthcare card systems,
EUROCARDS concerted action, European Commission, Healthcare
Telematics, DG XIII-C4. Washington: IOS Press; 1995. 218 p.
(Studies in health technology and informatics; vol. 22).
Poullet Y, Boulanger MH. Data protection-medicine. III. Towards
a new normative framework. Comput Law Secur Rep 1991
Jan-Feb;6(5):18-23.
Poullet Y, Boulanger MH. Part II-existing regulations applicable
to medical data cards. Comput Law Secur Rep 1990
Nov-Dec;6(4):25-8.
Quisquater JJ. Practical zero-knowledge protocols. In:
Proceedings of Compsec International 1990; 1990 Oct 10-12;
London. Oxford (UK): Elsevier Advanced Technol.; 1990. p. 427-8.
Rossing N, Pernice A. Harmonized developments of patient data
cards in the European Community. Toward Electron Patient Rec
1993 Oct;Analysis 3:6-10.
Scherrer JR. Smart cards and medical data protection. In: 3rd
Global Conference on Patient Cards; 1991 Mar 12-15; Barcelona,
Spain. Newton (MA): Medical Records Institute; 1991. p. 276-9.
Seaton B. The smart card: a tool for smart hospitals. Dimens
Health Serv 1991 Apr;68(3):15-8.
Takac PF. A discussion of the application of smart cards within
health care. Int J Comput Appl Technol 1993;6(2-3):112-21.
Waegemann CP. The role of patient cards in health care. Toward
Electron Patient Rec 1993 Oct;2(3):1, 3-4, 8-15.
LAWS, REGULATIONS, LEGAL ASPECTS
Federal
- Laws, Bills, & Regulations
A Bill to Safeguard Individual Privacy of Genetic Information
from the Misuse of Records Maintained by Agencies or Their
Contractors or Grantees for the Purpose of Research, Diagnosis,
Treatment, or Identification of Genetic Disorders, and to Provide
to Individuals Access to Records Concerning their Genome which
are Maintained by Agencies for Any Purpose. H.R. 2045, 102d
Cong., 1st Sess. (1991). Introduced April 24, 1991 by John
Conyers.
Civil money penalties for failure to report on medical
malpractice payments and for breaching the confidentiality of
information--HHS. Final rule. Fed Regist 1991 Jun
21;56(120):28488-94.
Fair Health Information Practices Act of 1995. H.R.435, 104th
Congress, 1st Sess. (1995). Introduced by Gary Condit,
California.
Federal Privacy Act of 1974, 5 U.S.C. Sec. 552a (1988).
Medicaid program: computer matching and privacy protection for
Medicaid eligibility--HCFA. Final rule. Fed Regist 1994 Jan
31;59(20):4252-5.
Medical Records Confidentiality Act of 1995. S.1360, 104th
Congress, 1st Sess. (1995). Introduced by Robert Bennett, Utah.
Smith RE, Sulanowski JS, editors. Compilation of state and
federal privacy laws. Providence (RI): Privacy Journal; 1992.
Medical records; p. 32-7.
- Legal Aspects - Commentary
Alpert S. Smart cards, smarter policy. Medical records, privacy,
and health care reform. Hastings Cent Rep 1993
Nov-Dec;23(6):13-23.
American Health Information Management Association. Health
information model legislation language. Chicago: AHIMA; 1993
Feb. 14 p.
American Health Information Management Association. Language for
model health information legislation on creation, authentication
and retention of computer-based patient records. Chicago: AHIMA;
1995 May. 6 p.
Andresen DC. The computerization of health care: can patient
privacy survive? J Health Hosp Law 1993 Jan;26(1):1-10, 19.
Annas GJ, Glantz LH, Roche PA. Drafting the Genetic Privacy Act:
science, policy, and practical considerations. J Law Med Ethics
1995;23(4):360-6.
Brannigan V, Beier B. Standards for privacy in medical
information systems: a technico-legal revolution. Proc Annu Symp
Comput Appl Med Care 1990;14:266-70.
Brannigan VM. Behavioral healthcare computer systems and the
law: the problem of privacy. Behav Healthc Tomorrow 1994
Jan-Feb;3(1):57-61.
Brannigan VM. Protecting the privacy of patient information in
clinical networks: regulatory effectiveness analysis. Ann N Y
Acad Sci 1992 Dec 17;670:190-201.
Brannigan VM. Protection of patient data in multi-institutional
medical computer networks: regulatory effectiveness analysis.
Proc Annu Symp Comput Appl Med Care 1993;17:59-63.
Branscomb AW. Who owns information? From privacy to public
access. New York: BasicBooks; 1994. Chapter 3, Who owns your
medical history; p. 54-72, 202-8.
Collins HL. Legal risks of computer charting . RN 1990
May;53(5):81-6. Published erratum appears in RN 1990 Sep;53(9):9.
Cummings NB. Patient confidentiality. Second Opin 1993
Oct;19(2):112-6.
Frawley KA. Achieving the CPR while keeping an ancient oath.
Healthc Inform 1995 Apr;12(4):28-30.
Gobis LJ. Protecting the confidentiality of computerized medical
records, preparing for litigation. Healthspan 1994
Sep;11(8):11-3.
Gostin LO. Genetic privacy. J Law Med Ethics 1995;23(4):320-30.
Gostin LO. Health information privacy. Cornell Law Rev 1995
Mar;80(3):451-528.
Gostin LO, Turek-Brezina J, Powers M, Kozloff R. Privacy and
security of health information in the emerging health care
system. Health Matrix 1995 Winter;5(1):1-36.
Gostin LO, Turek-Brezina J, Powers M, Kozloff R, Faden R,
Steinauer DD. Privacy and security of personal information in a
new health care system. JAMA 1993 Nov 24;270(20):2487-93.
Comment in: JAMA 1994 May 18;271(19):1484-5.
Green VL, Marsh CK. Unauthorized disclosure of medical records
opens facility to liability. Provider 1992 Sep;18(9):58-60.
Ivancic JM. Confidentiality of health care information: some
notable concerns. Perspect Healthc Risk Manag 1992
Winter;12(1):13-6.
Miller DW. Fulfilling the transcriptionist's responsibility for
information security. J Am Assoc Med Transcr 1995
May-Jun;14(3):30, 32-5.
Miller DW. Preserving the privacy of computerized patient
records. Healthc Inform 1993 Oct;10(10):72-4.
Oliver WW. Technology versus privacy: prescription
accountability in the health care delivery system. J Psychoact
Drugs 1992 Jul-Sep;24(3):285-90.
Reed K. Computerization of health care information: more
automation, less privacy. J Health Hosp Law 1994
Dec;27(12):353-68, 384.
Roach WH. Medical records and the law. 2nd ed. Gaithersburg
(MD): Aspen Pub.; 1994. 346 p.
Schwartz PM. The protection of privacy in health care reform.
Vanderbilt Law Rev 1995 Mar;48(2):VI-347.
Simpson RL. Ensuring patient data, privacy, confidentiality and
security. Nurs Manag 1994 Jul;25(7):18-20.
Tomes JP. Compliance guide to electronic health records: a
practical reference to legislation, codes, regulations, and
industry standards. New York: Faulkner & Gray; 1996.
Tomes JP. Health care records management disclosure and
retention: the complete legal guide. Chicago: Probus Pub; 1994.
636 p.
Tyler JM. The Internet: legal rights and responsibilities.
Medsurg Nurs 1995 Jun;4(3):229-33.
van Dam MN. The scarlet letter A: AIDS in a computer society.
Comput Law J 1990 Apr;10(2):233-64.
Waldman MT, Tapay NH. Electronic data interchange and
computerized information systems: privacy and confidentiality
issues in a changing health care system. In: Group Health
Association of America. Navigating reform: HMOs and managed
care in a time of transition. Proceedings of the 44th Annual
Group Health Institute; 1994 Jun 5-8; Miami Beach, Florida.
Washington: The Association; 1994. p. 406-30.
Waller AA, Fulton DK. The electronic chart: keeping it
confidential and secure. J Health Hosp Law 1993 Apr;26(4):104-9.
Zick CJ. Legal aspects of medical records confidentiality. J
AHIMA 1995 May;66(5):57-62.
State
- Laws, Bills, & Regulations
Boynton MM, Paltzer-Fleming J. Educating your patients about
health records--the new notice law. Minn Med 1994
Nov;77(11):57-61.
Buckner F. The uniform health-care information act: A
physician's guide to record and health care information
management. J Med Pract Manag 1990;5(3):207-12.
Health Care Access and Cost Commission - Medical Care Data Base
Collection - Notice and Informed Consent. H.R. 557, 410th Sess.
(1996) Maryland General Assembly. Also introduced as S. 702.
Jones R. Medical record access laws. J AHIMA 1992
Mar;63(3):29-34.
Medical Records Institute's State Watch Project. Toward Electron
Patient Rec 1995 Dec;4(5):14-23.
Patient confidentiality. Salt Lake City: Med-Index Pub.; 1993.
104 p.
- Legal Aspects - Commentary
Cohen JD. HIV/AIDS confidentiality: are computerized medical
records making confidentiality impossible? Softw Law J 1990
Oct;4(1):93-115.
Curran WJ, Stearns B, Kaplan H. Privacy, confidentiality and
other legal considerations in the establishment of a centralized
health-data system. N Engl J Med 1969 Jul 31;281(5):241-8.
Green JH. Confidentiality of medical records under Minnesota
law. Minn Med 1993 Oct;76(10):31-6.
Prentnieks ME. Minnesota access to health records. Practical
steps to complying with a confusing law. Minn Med 1992
Sep;75(9):39-41.
Ryland CF. Confidentiality of medical records. Md Bar J 1993
Jul-Aug;26(4):44-8.
Vilensky R. New York law on confidentiality of medical records.
(part 1). N Y State Bar J 1994 Jan;66(1):38-44.
Vilensky R. New York law on confidentiality of medical records.
(part 2). N Y State Bar J 1994 Feb;66(2):24-30.
Other Countries
- Laws, Bills, & Regulations
Access to Health Records Act 1990. (Great Britain). Ind Relat
Leg Inf Bull 1991 Nov 1;(436):11-2.
Assia N. Data protection in Israel-the Protection of Privacy
Law. Comput Law Pract 1990 May-Jun;6(5):158-62.
Cavoukian A. The privacy provisions of the Freedom of
Information and Privacy Act. Health Law Can 1990;10(3):206-9.
Great Britain, Department of Health, National Health Service.
Access to Health Records Act, 1990: a guide for the NHS. London:
NHS Management Executive; 1991 Aug 23. 29 p.
Health Administration (Quality Assurance Committees) Amendment
Bill 1989, New South Wales. Aust Clin Rev 1990;10(1):19-21.
Laske C. Data protection laws in Europe. Toward Electron
Patient Rec 1995 Dec;4(5):1, 3-13.
Lee-Winser J. The Data Protection Act: a decade of data
protection in the NHS. Br J Healthc Comput Inf Manag 1995
Jun;12(5):20-1.
Revill S. Privacy Act 1993. Health sector perspective. N Z
Health Hosp 1993 Sep-Oct;45(5 Suppl):1-3.
- Legal Aspects - Commentary
Allaert FA, Dusserre L. Transborder flows of personal medical
data in Europe: legal and ethical approach. In: Lun KC, Degoulet
P, Piemme TE, Rienhoff O, editors. MEDINFO 92. Proceedings of the
7th World Congress on Medical Informatics; 1992 Sep 6-10; Geneva,
Switzerland. Vol. 2. Amsterdam: North-Holland; 1992. p. 1572-5.
Brahams D. Right of access to medical records [news]. Lancet
1994 Sep 10;344(8924):743.
Callens SH. The automatic processing of medical data in Belgium:
is the individual protected? Med Law 1993;12(1-2):55-9.
Cannataci JA. Legal aspects of picture archiving and
communications systems. Int J Biomed Comput 1992
May;30(3-4):209-14.
de Klerk A. The right of patients to have access to their
medical records: the position in South African law. Med Law
1993;12(1-2):77-83.
Dickens BM. Medical records - patient's right to receive copies
- physician's fiduciary duty of disclosure: McInerney v.
McDonald. (Canada). Can Bar Rev 1994 Jun;73(2):234-42.
Dierks C. Medical confidentiality and data protection as
influenced by modern technology. Med Law 1993;12(6-8):547-51.
European Parliament, Council of the European Union. Directive 95/
/EC of the European Parliament and of the Council of on the
protection of individuals with regard to the processing of
personal data and on the free movement of such data. Brussels:
The Council; 1995 Jul 20. 53 p.
Gritzalis D, Tomaras A, Katsikas S, Keklikoglou J. Medical data
protection: a proposal for a deontology code. J Med Syst 1990
Dec;14(6):375-86.
Howard G. Implications of the access to Health Records Act 1990.
Occup Health (Lond) 1991 Oct;43(10):294-5.
Jones RB, McGhee SM, McGhee D. Patient on-line access to medical
records in general practice. Health Bull (Edinb) 1992
Mar;50(2):143-50.
Laske C. Legal aspects of digital image management and
communication. Med Inf (Lond) 1994 Apr-Jun;19(2):189-96.
Legemaate J. The right of psychiatric patients to access to
their records: Dutch developments. Med Law 1990;9(1):707-12.
Lobato de Faria P. Data protection and confidentiality in health
informatics: A survey of legal issues in the EC community. In:
Noothoven van Goor J, Christensen JP, editors. Advances in
medical informatics: results of the AIM Exploratory Action.
Washington: IOS Press; 1992. p. 358-67. (Studies in
health technology and informatics; vol. 2).
Lobato De Faria P. A survey of legal issues and gaps in legal
coverage in the EC. In: Commission of the European Communities
DG XIII/F AIM. Data protection and confidentiality in health
informatics: handling health data in Europe in the future.
Washington: IOS Press; 1991. p. 122-37. (Studies in health
technology and informatics; vol. 1).
Miller DW. What we can learn from the European privacy standard.
Healthc Inform 1992 Jul;9(7):92, 94.
Naish J, Barr M. Records. Rights of access. Health Visit 1991
Sep;64(9):300-1.
Poullet Y. Legal aspects of data protection in medical
informatics. In: Commission of the European Communities DG
XIII/F AIM. Data protection and confidentiality in health
informatics: handling health data in Europe in the future.
Washington: IOS Press; 1991. p. 138-60. (Studies in health
technology and informatics; vol. 1).
Rienhoff O. Digital archives and communication highways in
health care require a second look at the legal framework of the
seventies. Int J Biomed Comput 1994 Feb;35 Suppl:13-9.
Robinson DM. A legal examination of computerized health
information. Health Law Can 1993;14(2):40-6.
Robinson DM. A legal examination of format, signature and
confidentiality aspects of computerized health information. In:
Lun KC, Degoulet P, Piemme TE, Rienhoff O, editors. MEDINFO 92.
Proceedings of the 7th World Congress on Medical Informatics;
1992 Sep 6-10; Geneva, Switzerland. Vol. 2. Amsterdam:
North-Holland; 1992. p. 1554-60.
Smith D. The challenges of new technologies applying the UK Data
Protection Act to document image processing. Int J Biomed Comput
1994 Feb;35 Suppl:81-6.
Tervo-Pellikka R. The principles of data protection concerning
patient related data in Finland. Int J Biomed Comput 1994 Feb;35
Suppl:39-50.
Thiry E. Personal medical and social data: their processing and
legal protection. Med Law 1993;12(6-8):643-9.
Vulliet-Tavernier S. [The protection of medical information data
in France]. In: Commission of the European Communities DG XIII/F
AIM. Data protection and confidentiality in health informatics:
handling health data in Europe in the future. Washington: IOS
Press; 1991. p. 181-90. (Studies in health technology and
informatics; vol. 1). (Fre).
Weigelt E, Scherb H. [Data protection and data access (I):
federal data protection law and the social welfare code with
reference to carrying out occupational medicine epidemiologic
studies in Germany]. Gesundheitswesen 1992 Nov;54(11):666-72.
(Ger)
Weigelt E, Scherb H. [Data protection and data access (II):
Physician's responsibility for confidentiality, federal
statistics law and data collection by authorization with
reference to implementing occupational medicine epidemiologic
studies in Germany]. Gesundheitswesen 1993 Jan;55(1):8-15.
(Ger).
OTHER BIBLIOGRAPHIES
Computer security and computer viruses [bibliography]. Tolland
(CT): NERAC, Inc.; 1995 Dec. Available from: NTIS, Springfield,
VA; PB96-858717. Prepared from Conference Papers Index.
Jaisingh C, Fountain P, compilers. Smart cards [bibliography].
London: Institute of Electrical Engineers; 1994. 91 p. Includes
information pack.
Tavani HT. A computer ethics bibliography. Comput Soc 1995
Dec;25(4):9-38. Section 7, Computers and privacy; p.18-24.
ORGANIZATIONS
General
Center for Democracy and Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
202/637-9800 (Voice)
202/637-0968 (Fax)
Email: info@cdt.org
http://www.cdt.org
CERT (Computer Emergency Response Team) Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
412/268-7090 (24-Hour Hotline)
412/268-6989 (Fax)
Email: cert@cert.org
http://www.cert.org
Computer Professionals for Social Responsibility (CPSR)
P.O. Box 717
Palo Alto, CA 94302
415/322-3778 (Voice)
415/322-4748 (Fax)
Email: admin@cpsr.org
http://www.cpsr.org
Computer Science and Telecommunications Board
National Research Council
2101 Constitution Avenue, NW, HA560
Washington, DC 20418
202/334-2605 (Voice)
202/334-2318 (Fax)
Email: cstb@nas.edu
http://www.nas.edu
Computer Security Resource Clearinghouse
Computer Systems Laboratory
National Institute of Standards and Technology
Bldg. 820, Room 426
Gaithersburg, MD 20899
301/975-2832 (Voice)
301/975-3282 (Voice Hotline)
Email: ramona.roach@nist.gov
http://www.ncsl.nist.gov
http://csrc.nist.gov
Computer Security Technology Center
Lawrence Livermore National Laboratory
L-303
P.O. Box 808
Livermore, CA 94551
510/423-6224 (Voice)
510/423-8002 (Fax)
Email: cstc@llnl.gov
http://ciac.llnl.gov/
Electronic Frontier Foundation
1667 K Street, NW
Suite 801
Washington, DC 20006-1650
202/861-7700 (Voice)
202/861-1258 (Fax)
Email: info@eff.org
http://www.eff.org
Electronic Privacy Information Center
666 Pennsylvania Avenue, SE
Suite 301
Washington, DC 20003
202/544-9240 (Voice)
202/547-5482 (Fax)
Email: info@epic.org
http://epic.org
Information Infrastructure Task Force Secretariat
Susannah B. Schiller
Program Office
National Institute of Standards and Technology
A1000 Admin
Gaithersburg, MD 20899
301/975-4529 (Voice)
301/216-0529 (Fax)
Email: susannah.schiller@nist.gov
http://iitf.doc.gov
Internet Engineering Task Force
c/o Corporation for National Research Initiatives (CNRI)
1895 Preston White Drive
Suite 100
Reston, VA 22091
703/620-8990 (Voice)
Email: ietf-web@cnri.reston.va.us
http://www.cnri.reston.va.us
Internet Society
12020 Sunrise Valley Drive
Suite 270
Reston, VA 22091
703/648-9888 (Voice)
Email: isoc@isoc.org
http://info.isoc.org
National Computer Security Association
10 South Courthouse Avenue
Carlisle, PA 17013
717-258-1816 (Voice)
717-243-8642 (Fax)
Email: mlightfoot@ncsa.com
http://www.ncsa.com
National Security Agency
Publications Office
INFOSEC Awareness Division
Attn: Y13/IAOC
9000 Savage Road
Ft. Meade, MD 20755-6000
410/766-8729 (Voice)
http://www.nsa.org:8080
Privacy Forum
c/o Lauren Weinstein
Vortex Technology
Woodland Hills, CA
818/225-2800 (Voice)
818/225-7203 (Fax)
Email: privacy@vortex.com
http://www.vortex.com
Privacy Journal
P.O. Box 28577
Providence, RI 02908
401/274-7861 (Voice)
Email: 0005101719@mcimail.com
Privacy Rights Clearinghouse
Center for Public Interest Law
5998 Alcala Park
San Diego, CA 92110
619/260-4806 (Voice)
619/298-3396 (Voice Hotline)
619/260-4753 (Fax)
Email: prc@teetot.acusd.edu
http://www.manymedia.com/prc/
Health
American Bar Association
Section of Science and Technology
Health Care Informatics Subsection
Francoise Gilbert, Chair
Altheimer & Gray
Suite 4000
10 South Wacker Drive
Chicago, Il 60606
312/715-4984 (Voice)
312/715-4800 (Fax)
Email: fgilbert@interserv.com
American Health Information Management Association (AHIMA)
919 N. Michigan Avenue, Suite 1400
Chicago, IL 60611
312/787-2672 (Voice)
312/787-5926 (Fax)
202/218-3535 (Voice - Washington, DC Office)
202/682-0078 (Fax - Washington, DC Office)
http://www.ahima.org
American Medical Informatics Association
4915 St. Elmo Avenue, Suite 401
Bethesda, MD 20814
301/657-1291 (Voice)
301/657-1296 (Fax)
Email: mail@amia2.amia.org
http://amia2.amia.org
American National Standards Institute
Healthcare Informatics Standards Planning Panel
11 West 42nd Street
New York, NY 10036
212/642-4969 (Voice)
212/398-0023 (Fax)
Email: scornish@ansi.org
http://www.ansi.org
American Society for Testing and Materials
Committee on Healthcare Informatics (E31)
(with Subcommittees:
E31.17 - Access, Privacy & Confidentiality of Medical Records;
E31.20 - Authentication of Computer-Based Health Information;
E31.21 - Health Information Networks)
100 Barr Harbor Drive
West Conshohocken, PA 19428-2959
610/832-9555 (Voice)
610/832-9666 (Fax)
Email: tluthy@local.astm.org
Arent Fox Kintner Plotkin & Kahn
Advisors in Technology and Information Law
(including Telemedicine)
1050 Connecticut Avenue, NW
Washington, DC 20036-5339
202/857-6000 (Voice)
202/857-6395 (Fax)
Email: infolaw@arentfox.com
http://www.arentfox.com/
American Telemedicine Association
901 15th Street, NW, Suite 230
Washington, DC 20005
202/408-1400 (Voice)
202/408-1134 (Fax)
Email: jlinkous@idi.net
Community Medical Network Society
5500 Interstate North Parkway, Suite 435
Atlanta, GA 30328
770/850-0540 (Voice)
770/850-9616 (Fax)
Email: comnet@comnetsociety.org
http://www.comnetsociety.org/~comnet
Computer-Based Patient Record Institute (CPRI)
1000 E. Woodfield Road, Suite 102
Schaumburg, IL 60173
847/706-6746 (Voice)
847/706-6747 (Fax)
Email: cprinet@aol.com
http://www.cpri.org
European Committee for Standardisation
Technical Committee 251 (Medical Informatics)
Working Group 6 (Healthcare Security, Privacy, Quality & Safety)
Dr. Gunnar Klein, Chair
Swedish Institute for Health Services Development (SPRI)
P.O. Box 70487 S-10726
Stockholm, Sweden
46-8-7024745 (Voice)
46-8-7024799 (Fax)
Email: gunnar.klein@spri.se
http://miginfo.rug.ac.be:8001/centc251/prestand/wg6/wg6.htm
Health Information Confidentiality Resource Center
Health Information Administration
Health Services Department
School of Public Health and Community Medicine
University of Washington
1107 NE 45th Street, Suite 355 JD-02
Seattle, WA 98105
206/543-8810 (Voice)
206/685-4719 (Fax)
Email: mahanken@u.washington.edu
Interdepartmental Health Privacy Working Group
Nan D. Hunter, Chair
Deputy General Counsel
Department of Health and Human Services
Room 713 Humphrey Building
200 Independence Avenue
Washington, DC 20201
202/690-7780 (Voice)
202/690-7998 (Fax)
Email: nhunter@ospag.ssw.dhhs.gov
Medical Records Institute
567 Walnut Street
P.O. Box 289
Newton, MA 02160
617/964-3923 (Voice)
617/964-3926 (Fax)
Email: cust_serv@medrecinst.com
http://www.medrecinst.com
Workgroup for Electronic Data Interchange (WEDI)
10 Rogers Street, Unit 321
Cambridge, MA 02142
617/374-9170 (Voice)
617/494-0727 (Fax)
Email: wedi@shore.net
