Legal and Technical Frameworks for Electronic Patient Records and Networked Health Information

Ching-Yi LIU <tgcn143@ibm.net>
Tamkang University
Taiwan

Da-Wei WANG <tgcn143@ibm.net>
Academia Sinica
Taiwan

Abstract

Legal and Technical Frameworks for Electronic Patient Records and Networked Health Information

By Ching-Yi Liu & Da-Wei Wang

This Paper studies and compares current legal frameworks of electronic patient records in different countries, mainly U.S.A. and several European and Asian countries. It further connects the result to issues arising from networked health information on the Internet. By comparing these systems and deriving correlation between legal systems and other attributes, such as degrees of democratization, human right situations and levels of economic development, in different societies, we expect to achieve a better understanding as to how legal rules are related to the management and working of electronic patient records in these countries. Based on the above analysis, this paper attempts to explore the question as to whether different econo-social situations and current laws governing electronic patient records would have impacts on how legal rules are constructed and applied to emerging networked health information. As an interdisciplinary study, we believe this paper will contribute to a more balanced and better regulatory architecture for health information systems in networked society.

In 1995, the National Research Council (NCR) of the National Academy of Sciences of USA was charged with evaluating the practical measures that could be used to reduce the risk of improper disclosure of confidential health information while providing justified access to those who are interested in improving the quality and reducing the cost of health care. Its result, "For the Record: Protecting Electronic Health Information", presents the findings of 2 years of work and recommends eight practices for immediate implementation and another five practices for future implementation. Furthermore, the Clinton Administration's Health Information and Applications Working Group (HIAWG) also proposed the development and implementation of a readily accessible, accurate, and reliable health information project in 1997. Both reports have their counterparts in many countries for the past several years and, more significantly, some computer program models have been developed to implement the recommended practices of NCR. Inspiring by the analyses of NCR and HIAWG, this paper will use its recommended practices as the metrics to compare different legal systems. In doing so, this paper will sample representative legal systems as our analytical subjects. We will study whether the recommended practices by U.S. are imbedded as these countries' separate legal requirements and what the implications are for their future development of networked health information systems.

As far as patient records and health information are concerned, the existence of an unique identifier for each individual could greatly simplify the problem of linking patient records from different sources. However, undoubtedly significant security and privacy concerns would be raised and debated when it comes to identifying systems. This paper will examine existing computer program models and attempt to propose the proper legal restrictions on such identifying systems and the possible technological solutions which could be utilized to overcome or alleviate security and privacy concerns associated with the use of linking technics. This paper then goes further to study whether the completeness and soundness of the legal coverage and technological solutions on these issues are strongly correlated to the degree of democratization, level of economic development and human right situation of the countries we have studied. It concludes with a set of observations as to the implications of our findings would be for the future of networked health information systems.