jump to navigation

Do You Confuse the Terms Privacy and Security? February 17, 2011

Posted by mstarry in 2 - Enterprise Network Architecture and Security.
trackback

Based on the research discussed at RSA today, the answer is yes. I have to say I can’t agree more. If I had a nickel for every time the terms privacy and security were used interchangeably in the corporate environment, I would be a rich man.

With respect to health information, privacy is defined as the right of an individual to keep his/her individual health information from being disclosed. This is typically achieved through policy and procedure. Privacy encompasses controlling who is authorized to access patient information; and under what conditions patient information may be accessed, used and/or disclosed. This is achieved through mechanisms like Role Based Access (RBA), business partner agreements and concepts like “Trust but Verify”.

Unfortunately, you can’t obtain privacy without security controls. In health care, security is defined as the mechanism in place to protect the privacy of health information. This includes the ability to control access to patient information, as well as to safeguard patient information from unauthorized disclosure, alteration, loss or destruction. Security is typically accomplished through operational and technical controls.

Privacy and security teams need to work together in order to protect PHI in the health care organization, but do me a favor, don’t confuse the two terms, or use them interchangeably.

Advertisement

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.