ethical & legal issues for health it in thailand's context
TRANSCRIPT
![Page 1: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/1.jpg)
Ethical & Legal Issues for Health IT in Thailand’s Context
Nawanan Theera‐Ampornpunt, MD, PhDAugust 23, 2012
Except where citing other works
![Page 2: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/2.jpg)
Leads to patient outcomes, including deaths Provider‐patient relationship threatened by IT? “Rationing” of health care through CDSS Information risks Research ethics Informatics practitioners as “professionals” with specific skills, training, & competencies?
Most common question “Who owns the data?”
Why Important in Informatics?
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes. In Shortliffe (3rd Edition).
![Page 3: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/3.jpg)
Non‐maleficence “Do no harm”
Beneficence Provide benefits to patients
Justice Fair distribution of benefits, risks & costs
Respect for Autonomy Respect decisions made and rights to make decisions by individual persons
Relevant Ethical Principles
![Page 4: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/4.jpg)
Standard view With uncertainties around new technology, “scientific evidence counsels caution and prudence.”
Evidence & reason determine appropriate level of caution
If such systems improve care at acceptable cost in time & money, there’s an obligation to use it
Follows evolving evidence and standards of care
Appropriate Use of Health IT
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes. In Shortliffe (3rd Edition).
![Page 5: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/5.jpg)
Standard view For computer‐assisted clinical diagnosis CDS, human cognitive processes are more suited to complex task of diagnosis than machine, and should not be overridden or trumped by computers.
When adequate CDS tools are developed, they should be viewed and used as supplementary and subservient to human clinical judgment
Appropriate Use of Health IT
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes. In Shortliffe (3rd Edition).
![Page 6: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/6.jpg)
Fundamental Theorem of Informatics(Friedman, 2009)
![Page 7: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/7.jpg)
Standard view Practitioners have obligation to use tools responsibly, through adequate training & understanding the system’s abilities & limitations
Practitioners must not ignore their clinical judgment reflexively when using CDS.
Appropriate Use of Health IT
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes. In Shortliffe (3rd Edition).
![Page 8: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/8.jpg)
Health IT “should be used in clinical practice only after appropriate evaluation of its efficacy and the documentation that it performs its intended task at an acceptable cost in time & money”
Qualified (licensed, trained & experienced) health professionals as users
Systems should be used to augment/supplement, rather than replace or supplant individuals’ decision making
Adequate training
Appropriate Use of Health IT
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes. In Shortliffe (3rd Edition).
![Page 9: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/9.jpg)
Follow standard of care & scientific progress (evidence‐based)
System evaluation is ethically imperative
Ethics for Developers
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes. In Shortliffe (3rd Edition).
![Page 10: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/10.jpg)
Privacy: “The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.” (Wikipedia)
Security: “The degree of protection to safeguard ... person against danger, damage, loss, and crime.” (Wikipedia)
Information Security: “Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction” (Wikipedia)
Privacy & Security
![Page 11: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/11.jpg)
Information Security
Confidentiality Integrity Availability
![Page 12: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/12.jpg)
Physical Security System Security
Antivirus, Firewall, Intrusion Detection/Prevention System, Log files, Monitoring
Software Security Network Security Database Security User Security
User account management Education against phishing/social engineering
Encryption
Security Safeguards
![Page 13: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/13.jpg)
Dear mail.mahidol.ac.th Email Account User,
We wrote to you on 11th January 2010 advising that you change the password onyour account in order to prevent any unauthorised account access followingthe network instruction we previously communicated.
all Mailhub systems will undergo regularly scheduled maintenance. Accessto your e‐mail via the Webmail client will be unavailable for some timeduring this maintenance period. We are currently upgrading our data baseand e‐mail account center i.e homepage view. We shall be deleting old[https://mail.mahidol.ac.th/l accounts which are no longer active to createmore space for new accountsusers. we have also investigated a system widesecurity audit to improve and enhanceour current security.
In order to continue using our services you are require to update andre‐comfirmed your email account details as requested below. To completeyour account re‐comfirmation,you must reply to this email immediately andenter your accountdetails as requested below.
Username :Password :Date of Birth:Future Password :
Social Engineering Examples
Real social‐engineering e‐mail received by Speaker
![Page 14: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/14.jpg)
Phishing
Real phishing e‐mail received by Speaker
![Page 15: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/15.jpg)
Privacy Safeguards
Image: http://www.nurseweek.com/news/images/privacy.jpg
Security safeguards Informed consent Privacy culture User awareness building & education Organizational policy & regulations Enforcement Ongoing privacy & security assessments, monitoring, and protection
![Page 16: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/16.jpg)
Authentication & Authorization Role‐based access control Two‐factor authentication Audit trails
HIPAA Personal Health Information (PHI)
Any individually identifiable health information about a patient that is created, received, processed, or stored by a health plan, clearinghouse, or provider
Deidentified
Other Security Concepts & Techniques
![Page 17: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/17.jpg)
Health Insurance Portability and Accountability Act of 1996 More stringent state privacy laws apply HIPAAPrivacy Rule
Regulates use & disclosure of protected health information held by covered entities
Covered Entities: Health plans, providers, clearing houses, and their business associates
Protected Health Information (PHI): Any individually identifiable health information about a patient
HIPAA Security Rule Lays out security safeguards required for compliance
Administrative safeguards, Physical safeguards, Technical safeguards
New in HITECHAct of 2009 Breach notification
HIPAA (U.S.)
![Page 18: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/18.jpg)
Name Address Phone number Fax number E‐mail address SSN Birthdate Medical Record No. Health Plan ID Treatment date
Account No. Certificate/License No. Device ID No. Vehicle ID No. Drivers license No. URL IP Address Biometric identifier
including fingerprints Full face photo
Protected Health Information –Personal Identifiers in PHI
From a slide by David S. Pieczkiewicz for a Health Informatics II class (2006) at the University of Minnesota
![Page 19: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/19.jpg)
Some permitted uses and disclosures Treatment, payment, health care operations Quality improvement Competency assurance Medical reviews & audits Insurance functions Business planning & administration General administrative activities
Under HIPAAPrivacy Rule
![Page 20: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/20.jpg)
Conflicts between federal vs. state laws Variations among state laws of different states
HIPAA only covers “covered entities” No general privacy laws in place, only a few sectoral privacy laws e.g. HIPAA
Health Information Privacy Law: U.S. Challenges
![Page 21: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/21.jpg)
Canada ‐ The Privacy Act (1983), Personal Information Protection and Electronic Data Act of 2000
EU Countries ‐ EU Data Protection Directive UK ‐ Data Protection Act 1998 Austria ‐ Data Protection Act 2000 Australia ‐ Privacy Act of 1988 Germany ‐ Federal Data Protection Act of 2001
Health Information Privacy Law: Other Western Countries
![Page 22: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/22.jpg)
Hippocratic Oath...
What I may see or hear in the course of treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep myself holding such things shameful to be spoken about....
http://en.wikipedia.org/wiki/Hippocratic_Oath
![Page 23: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/23.jpg)
Copyright Act, B.E. 2537 พรบ.ลขสทธ พ.ศ. 2537 And other IP laws (e.g. Patent Act) Important for intellectual property considerations (e.g. who owns the software source code of an in‐house or outsourced system?)
Thai ICT Laws
Not considered professional legal opinion
![Page 24: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/24.jpg)
Computer‐Related Crimes Act, B.E. 2550 พรบ.การกระทาความผดเกยวกบคอมพวเตอร พ.ศ. 2550 Focuses on prosecuting computer crimes & computer‐related crimes
Responsibility of organizations as IT service provider: Logging & provision of access data to authorities
Thai ICT Laws
Not considered professional legal opinion
![Page 25: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/25.jpg)
Electronic Transactions Acts, B.E. 2544 & 2551 พรบ.วาดวยธรกรรมทางอเลกทรอนกส พ.ศ. 2544 และ พรบ.วาดวยธรกรรมทางอเลกทรอนกส (ฉบบท 2) พ.ศ. 2551 Legal binding of electronic transactions and electronic signatures
Security & privacy requirements for Determining legal validity & integrity of electronic transactions and documents, print‐outs, & paper‐to‐electronic conversions
Governmental & public organizations Critical infrastructures Financial sectors Electronic certificate authorities
Thai ICT Laws
Not considered professional legal opinion
![Page 26: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/26.jpg)
No universal personal data privacy law (Draft law has been proposed)
National Health Act, B.E. 2550 พรบ.สขภาพแหงชาต พ.ศ. 2550 “มาตรา 7 ขอมลดานสขภาพของบคคล เปนความลบสวนบคคล ผใดจะนาไปเปดเผยในประการทนาจะทาใหบคคลนนเสยหายไมได เวนแตการเปดเผยนนเปนไปตามความประสงคของบคคลนนโดยตรง หรอมกฎหมายเฉพาะบญญตใหตองเปดเผย แตไมวาในกรณใด ๆ ผใดจะอาศยอานาจหรอสทธตามกฎหมายวาดวยขอมลขาวสารของราชการหรอกฎหมายอนเพอขอเอกสารเกยวกบขอมลดานสขภาพของบคคลทไมใชของตนไมได”
Thai Privacy Laws
Not considered professional legal opinion
![Page 27: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/27.jpg)
The Sanatorium Acts, B.E. 2541 & 2547
พรบ.สถานพยาบาล พ.ศ. 2541 และ พรบ.สถานพยาบาล
(ฉบบท 2) พ.ศ. 2547 ประกาศกระทรวงสาธารณสข ฉบบท 3 (พ.ศ. 2542) เรอง ชนดหรอประเภทของการรกษาพยาบาล การบรการอนของ
สถานพยาบาลและสทธของผปวยซงผรบอนญาตจะตองแสดง
ตามมาตรา 32 (3)
Thai Privacy Laws
Not considered professional legal opinion
![Page 28: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/28.jpg)
คาประกาศสทธของผปวย
“...7. ผปวยมสทธทจะไดรบการปกปดขอมลเกยวกบตนเอง จากผประกอบวชาชพโดยเครงครด เวนแตจะไดรบความยนยอมจากผปวยหรอการปฏบตหนาทตามกฎหมาย
...9. ผปวยมสทธทจะไดรบทราบขอมลเกยวกบรกษาพยาบาลเฉพาะของตนทปรากฏในเวชระเบยนเมอรองขอ ทงน ขอมลดงกลาวตองไมเปนการละเมดสทธสวนตวของบคคลอน
...”
Thai Privacy Laws
Not considered professional legal opinion
![Page 29: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/29.jpg)
The Official Information Act, B.E. 2540 พรบ.ขอมลขาวสารของราชการ พ.ศ. 2540 “เปดเผยเปนหลก ปกปดเปนขอยกเวน”“มาตรา 15 ขอมลขาวสารของราชการทมลกษณะอยางหนงอยางใดดงตอไปน หนวยงานของรฐหรอเจาหนาทของรฐอาจมคาสงมใหเปดเผยกได โดยคานงถงการปฏบตหนาทตามกฎหมาย...ประกอบกน
...
(5) รายงานการแพทยหรอขอมลขาวสารสวนบคคลซงการเปดเผยจะเปนการรกลาสทธสวนบคคลโดยไมสมควร
(6) ขอมลขาวสารของราชการทมกฎหมายคมครองมใหเปดเผย...
...”
Thai Privacy Laws
Not considered professional legal opinion
![Page 30: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/30.jpg)
Official Information Act only covers governmental organizations
“Disclose as a rule, protect as an exception” not appropriate mindset for health information
National Health Act: One blanket provision with minimal exceptions: raising concerns about enforceability (in exceptional circumstances, e.g. disasters)
Health Information Privacy Law: Thailand’s Challenges
Not considered professional legal opinion
![Page 31: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/31.jpg)
No general data privacy law in place Unclear implications from ICT laws (e.g. Electronic Transactions Act)
Governance: No governmental authority responsible for oversight, enforcement & regulation of health information privacy protections
Policy: No systematic national policy to promote privacy protections
Health Information Privacy Law: Thailand’s Challenges
Not considered professional legal opinion
![Page 32: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/32.jpg)
We Need A Better Information Privacy Law That Takes Into Account the Unique Nature of Health Information and the
Various Use Cases & Contingencies in Use & Disclosure
of Health Information in Thailand’s Context
Nawanan Theera‐AmpornpuntNot considered professional legal opinion
![Page 33: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/33.jpg)
From Flickr by Bikoy (Victor Villanueva)
Privacy: The Cultural Aspect
![Page 34: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/34.jpg)
From Flickr by Saikofish
Privacy: The Cultural Aspect
![Page 35: Ethical & Legal Issues for Health IT in Thailand's Context](https://reader033.vdocuments.us/reader033/viewer/2022052522/554ad374b4c90524738b57c2/html5/thumbnails/35.jpg)
Can the electronic data in EHRs be used in court or for other legal purposes? If so, to what extent and under what legal provisions?
I wrote a personal opinion on this in March 2012. Not a professional legal opinion and only based on Ramathibodi’s context, but would be happy to share.
Extra
Not considered professional legal opinion