Cloudy confidentiality: Clinical and legal implications of cloud computing in health care

Journal of the American Academy of Psychiatry and the Law

Volumn 39, Issue 4, 2011, Pages 571-578

  Klein, Carolina A ^a  

^a St Elizabeths Hospital   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARTICLE; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; GOVERNMENT REGULATION; HEALTH INSURANCE; INFORMATION RETRIEVAL; INTERNET; LEGAL ASPECT; UNITED STATES;

CONFIDENTIALITY; ELECTRONIC HEALTH RECORDS; GOVERNMENT REGULATION; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT; INFORMATION STORAGE AND RETRIEVAL; INTERNET; UNITED STATES;

EID: 84856892603     PISSN: 10936793     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (36)

1. Summary of Selected Federal Laws and Regulations Addressing Confidentiality, Privacy and Security. Available at http://www.google.com/url?sa=t&source=web&cd=1&ved=0CCUQFjAA&url=http%3A%2F%2Fhealthit.hhs.gov%2Fportal%2Fserver.pt%2Fgateway%2FPTARGS_0_11113_911059_0_0_18%2FFederal%2520Privacy%2520Laws%2520Table%25202%252026%252010%2520Final.pdf&rct=j&q=summary%20of%20selected%20federal%20laws%20and%20regulations%20addressing%20confidentiality%20privacy%20and%20security&ei=Vjd2Tse-NMTIsQLQ_YiMBQ&usg=AFQjCNHKb0_zqpjEY4_aP3D2xjj4gPPDKQ&sig2=6fMD5C3Kz_5GIDsOnNE_cw. AccessedSeptember 18, 2011
2. Health Information Privacy. Available at http://www.hhs.gov/ocr/privacy. Accessed November 29, 2010
3. National Institute of Standards and Technology U.S. Department of Commerce. An introductory resource guide for implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Information Security. Available at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf. Accessed November 29, 2010
4. Summary of the HIPAA Security Rule. Available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html. Accessed November 29, 2010
5. 45 C.F.R. § 164.506, 510, 512, 514(e) (2002)
6. 45 C.F.R. § 160.103 (2002)
7. Office for Civil Rights. Personal Health Records and the HIPAA Privacy Rule. Washington, DC: Department of Health and Human Services. Available at http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html. Accessed October 19, 2011
8. Secretary Leavitt announces new principles, tools to protect privacy, encourage more effective use of patient information to improve care, December 15, 2008. Available at http://www.hhs.gov/news/press/2008pres/12/20081215a.html. Accessed October 19,2011
9. U.S. Department of Health and Human Services. Health Information Privacy Summary of the HIPAA Security Rule. Available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html. Accessed October 19, 2011
10. The Health IT Privacy and Security Toolkit. Available at http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov_privacy_security_framework/1173. Accessed September 16, 2011
11. Security Standards: Technical Safeguards. Available at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf. Accessed November 29, 2010
12. Mendelson D: Healthcare identifiers legislation: a whiff of fourberie. J Law Med 17:660-76, 2010
13. El Emam K, Jabbouri S, Sams S, et al: Evaluating common deidentification heuristics for personal health information. J Med Internet Res 8:e28, 2006
14. Walsh D, Passerini K, Varshney U, et al: Safeguarding patient privacy in electronic healthcare in the USA: the legal view. Int J Electron Healthc 4:311-326, 2008
15. Myers J, Frieden TR, Bherwani KM, et al: Ethics in public health research: privacy and public health at risk: public health confidentiality in the digital age. Am J Public Health 98:793-801, 2008
16. Dougherty M, Washington L: Still seeking the legal EHR: the push for electronic records increases, the record management questions remain. J AHIMA 81:42-45, 2010
17. Edlin M, Johns S: High standards: a decade after the law went into effect, there is still debate about the pros and cons of the HIPAA privacy and electronic transaction regulations. AHIP Cover 47: 26-29, 2006
18. Fontaine P, Zink T, Boyle RG, et al: Health information exchange: participation by Minnesota primary care practices. Arch Intern Med 170:622-629, 2010
19. May M: Focus on electronic health records. 'HIPAA2' legislation means more delicate handling of data. Nat Med 16:250, 2010
20. Falcao-Reis F, Costa-Pereira A, Correia ME: Access and privacy rights using web security standards to increase patient empowerment. Stud Health Technol Inform 137:275-285, 2008
21. Nine Smartphone Apps. Available at http://www.medscape.com/viewarticle/729536. Accessed November 29, 2010
22. Official Google response about HIPAA. Available at http://www.google.com/intl/en-US/health/hipaa.html. Accessed November 29, 2010
23. The Office of the National Coordinator for Health Information technology. Available at http://healthit.hhs.gov/portal/server.pt?open=512&objID=1175&parentname=CommunityPage&parentid=10&mode=2&in_hi_userid=10732&cached=true. Accessed November 29, 2010
24. Guidance on the use of email containing PHI. Available at http://hipaa.yale.edu/guidance/index.html. Accessed October 19, 2011
25. Perry N, Chester T: To HIPAA, a son: assessing the technical, conceptual, and legal frameworks for patient safety information, in Regulating for Patient Safety: The Law's Response to Medical Errors. Widener Law Rev 12:134, 2006
26. Goldman v. United States, 316 U.S. 129 (1942)
27. Katz v. United States, 389 U.S. 347 (1967)
28. Kyllo v. United States, 533 U.S. 27 (2001)
29. Acosta v. Byrum, 638 S.E.2d 246 (N.C. Ct. App. 2006)
30. Connecticut v. Health Net, Inc., 383 F.3d 1258 (11th Cir. 2004)
31. Touchet B, Drummond S, Yates WR: The impact of fear of HIPAA violation on patient care. Psychiatr Serv 55:575- 576, 2004
32. Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices. Washington, DC: U.S. Department of Health and Human Services. Undated. Available at http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fhealthit.hhs.gov%2Fportal%2Fserver.pt%2Fgateway%2FPTARGS_0_10731_848086_0_0_18%2FSmallPracticeSecurityGuide-1.pdf&ei=LNb7TOeWI8WclgfkvfyLBQ&usg=AFQjCNGeum6QplgMF7F5X1VBgeZWJ-s6Hw&sig2=hcC-zn2Guc_K4X68VM_WeQ. Accessed November 29, 2010
33. HIPAA Procedure 5039. De-identification and limited data set procedures. Available at http://www.yale.edu/ppdev/Procedures/hipaa/5039/5039PR1.pdf. Accessed November 29, 2010
34. Vicare. Available at http://www.openmedsoftware.org/wiki/8._HIPAA_de-identification. Accessed November 29, 2010
35. Houston M: The psychiatric medical record, HIPAA, and the use of electronic medical records. Child Adolesc Psychiatr ClinNAm 19:107-114, 2010
36. Agrawal R, Johnson C: Securing electronc health records without impeding the flow of information. Int J Med Inform 76:471-479, 2007