Privacy and Security

Understanding the Nature of Personal Information

The first Legal e-Speaking post, “You’ve Been Served: What Might Happen When Responding to a Subpoena,” was published online on March 12, 2015. Since then this column has addressed a number of legal topics ranging from, among many others, perspectives on information governance, collection of biometric information, and the loss of electronically stored information.

Privacy and data security topics were featured in several Legal e-Speaking posts in 2019. For example, this column discussed the Pennsylvania Supreme Court decision that recognized a negligence cause of action when a defendant healthcare provider allegedly failed to use care in safeguarding the sensitive personal information of its employees. There was also the Illinois Supreme Court decision that allowed a cause of action to proceed for an alleged violation of the Illinois Biometric Privacy Act. Another post looked at how healthcare providers might be impacted by enforcement of the California Consumer Privacy Act.

These posts demonstrate at least one common starting point: the need for health information professionals (HIM) and healthcare providers to understand the nature of the personal information that they might create, store, and use and how those actions must comply with duties imposed by law, whether judge-made or arising out of a statute. Those duties exist—or may be created—regardless of the technology concerned and, from a HIM perspective, require continuing education, continuous monitoring, and updating of information governance policies, including records retention schedules.

Volumes and varieties of healthcare-related electronic information are expanding exponentially, as are the technologies by which that information is being created, stored, and used. At the same time, privacy and cybersecurity concerns are increasing. These trends will put a premium on successful governance of health information.

The need for successful information governance is demonstrated by media reports of collaboration between healthcare providers and business entities, which may lead to the exchange of large volumes of protected health information. These relationships and data exchanges put a premium on the participation of HIM professionals. Those professionals should look forward to interesting times as we move into 2020 and beyond.

This post marks the final installment of the Legal e-Speaking column. The new Journal of AHIMA website will continue to publish content that explores the importance of understanding the relationship between health information and legal issues in 2020 and beyond.

[author] [author_image timthumb='on']/Portals/0/uploads/content_hub/Rons-Headshot.png[/author_image] [author_info]Ron Hedges, JD, is a former US Magistrate Judge in the District of New Jersey and is currently a writer, lecturer, and consultant on topics related to electronic information. He is a regular contributor to Journal of AHIMA and a regular speaker at AHIMA's conferences.[/author_info] [/author]

 

**Editor’s note: The views expressed in this column are those of the author alone and should not be interpreted otherwise or as advice.

Tags: privacy , personal health information , protected health information