A framework for "Need to Know" authorizations in medical computer systems: responding to the constitutional requirements.
- 1 January 1994
- journal article
- p. 392-6
Abstract
"Need to Know" systems which restrict access to computerized data to those with a specified need for the data have been described as part of the solution to the problem of privacy in health care information systems. However, no operational "need to know" system is described in the medical literature. Recent legal developments in constitutional privacy protection make a "need to know" system mandatory, not optional. In sophisticated information systems users can utilize the unique characteristics of the system itself to implement a high level "need to know" system, based on the institution's own patient treatment pattern. This article provides an analytical tool for helping to define a "need to know" system with reference to the specific problems of health care institutions.This publication has 8 references indexed in Scilit:
- The need for security--a clinical view.1994
- Health information, privacy, confidentiality and ethics.1994
- Privacy and Security of Personal Information in a New Health Care SystemJAMA, 1993
- Information management and patient privacy in the NHS.BMJ, 1993
- Protection of patient data in multi-institutional medical computer networks: regulatory effectiveness analysis.1993
- Computerized patient information under the Privacy Act: a regulatory effectiveness analysis.1992
- Medical informatics: The revolution in law, technology, and medicineJournal of Legal Medicine, 1986