Review of literature for health information security on Sri Lankan health

Sri Lanka Journal of Bio-medical Informatics Pub Date : 2019-12-31 DOI:10.4038/sljbmi.v10i3.8069

R. Ranwala

{"title":"Review of literature for health information security on Sri Lankan health","authors":"R. Ranwala","doi":"10.4038/sljbmi.v10i3.8069","DOIUrl":null,"url":null,"abstract":"Introduction: A large number of government health institutions in Sri Lanka are using Health Information Systems at present. However, there is no national-level health information security policy or privacy protection legislation in the country to regulate health information security and privacy. The objective of this study was to identify the current policies and acts related to health information security and privacy in Sri Lanka. Methods: A literature search was carried out in PubMed and google scholar databases. Grey literature is also included in the search, such as Health Ministry publications. Following keywords/ search terms were used: Information Security Policy in Sri Lanka, Information Security Act in Sri Lanka, Health Information Security, Health Data privacy. Results: There were no specific documents on health information security and privacy in Sri Lankan context. However, nine documents published by the ministry of health were related to health information. Except for the National Policy on health information, other documents have limited description on security-related areas such as data storage, information disclosure, patient privacy and patient consent. Data/Information Security, Client Privacy, Confidentiality and ethics were addressed with few strategies including fair information practices, Anonymity and Pseudo anonymity and empowering health care recipients in The National Policy on Health information. In addition, there are some general e-laws and policies related to electronic data which can be partially linked to information management in the health sector. Conclusions: Most of the available documents only briefly address security and privacy issues. However, when a legal value has been given to electronic information systems, it helps to restrict information misuse and promotes authorized use of personal health data. As there is no specific policy or acts to safeguard health information security and privacy there is an urgent requirement to develop policy documents and guidelines addressing issues like data ownership, data localization and data sharing.","PeriodicalId":129773,"journal":{"name":"Sri Lanka Journal of Bio-medical Informatics","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sri Lanka Journal of Bio-medical Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4038/sljbmi.v10i3.8069","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Introduction: A large number of government health institutions in Sri Lanka are using Health Information Systems at present. However, there is no national-level health information security policy or privacy protection legislation in the country to regulate health information security and privacy. The objective of this study was to identify the current policies and acts related to health information security and privacy in Sri Lanka. Methods: A literature search was carried out in PubMed and google scholar databases. Grey literature is also included in the search, such as Health Ministry publications. Following keywords/ search terms were used: Information Security Policy in Sri Lanka, Information Security Act in Sri Lanka, Health Information Security, Health Data privacy. Results: There were no specific documents on health information security and privacy in Sri Lankan context. However, nine documents published by the ministry of health were related to health information. Except for the National Policy on health information, other documents have limited description on security-related areas such as data storage, information disclosure, patient privacy and patient consent. Data/Information Security, Client Privacy, Confidentiality and ethics were addressed with few strategies including fair information practices, Anonymity and Pseudo anonymity and empowering health care recipients in The National Policy on Health information. In addition, there are some general e-laws and policies related to electronic data which can be partially linked to information management in the health sector. Conclusions: Most of the available documents only briefly address security and privacy issues. However, when a legal value has been given to electronic information systems, it helps to restrict information misuse and promotes authorized use of personal health data. As there is no specific policy or acts to safeguard health information security and privacy there is an urgent requirement to develop policy documents and guidelines addressing issues like data ownership, data localization and data sharing.

查看原文本刊更多论文

斯里兰卡卫生信息安全文献综述

目前，斯里兰卡大量的政府卫生机构正在使用卫生信息系统。然而，国内没有国家级的卫生信息安全政策或隐私保护立法来规范卫生信息安全和隐私。本研究的目的是确定斯里兰卡目前与卫生信息安全和隐私有关的政策和行为。方法:在PubMed和google scholar数据库中进行文献检索。灰色文献也包括在搜索中，如卫生部出版物。使用了以下关键词/搜索词:斯里兰卡信息安全政策、斯里兰卡信息安全法、卫生信息安全、卫生数据隐私。结果:在斯里兰卡没有关于卫生信息安全和隐私的专门文件。但是，卫生部公布的九份文件与卫生信息有关。除《国家卫生信息政策》外，其他文件对数据存储、信息披露、患者隐私和患者同意等安全相关领域的描述有限。数据/信息安全、客户隐私、保密和道德问题在《国家卫生信息政策》中仅通过少数战略得到解决，包括公平信息做法、匿名和伪匿名以及增强保健接受者的权能。此外，还有一些与电子数据有关的一般电子法律和政策，这些法律和政策可以部分地与卫生部门的信息管理联系起来。结论:大多数可用的文档只简要地讨论了安全和隐私问题。然而，当赋予电子信息系统法律价值时，它有助于限制信息滥用并促进个人健康数据的授权使用。由于没有保障卫生信息安全和隐私的具体政策或行为，因此迫切需要制定政策文件和准则，解决数据所有权、数据本地化和数据共享等问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sri Lanka Journal of Bio-medical Informatics

自引率

0.00%

发文量