Jump to content

Information Technology and Ethics/Privacy and Health Care

From Wikibooks, open books for an open world

Introduction

[edit | edit source]

Three significant ideas are regularly utilized in the assurance of healthcare data inside the United States medicinal services framework: classification, protection, and security. However, every one of these ideas has an alternate vital significance and one-of-a-kind job. The most important part of health care records is privacy. Healthcare records contain detailed information about the patient’s medical history to his data.[1]

The protection and security of patients’ healthcare data is a top need for patients and their families, medical insurance companies, and experts. Government laws require a significant number of people and associations that can handle healthcare data and can also provide security, ensuring the privacy of patients’ healthcare data regardless of whether it is put away on paper or electronically.

In the USA “HIPAA” rings a bell when medical records security is concerned, it is known as “The Health Insurance Portability and Accountability Act of 1996”. It was passed as the internet was becoming a larger presence in everyday life. It sought to enable the transfer of medical records from paper to electronic data.[2] HIPAA is responsible for privacy, security, and breach notifications about healthcare data. The HIPPA Privacy Rule gives rights regarding healthcare data, which was developed by the Department of Health and Human Services (HHS) to protect the confidentiality of personal health information. The HIPAA also allows patients to constraint how their healthcare data can be used, and the HIPPA Security Rule offers patients the freedom to choose and know how their medical records must be kept secure with authoritative, specialized, and physical protections. The patients must consent in order to disclose personal health information through a contract. The patients may have extra insurance and medical records rights under their state’s laws. There are likewise federal laws that secure health care records.[3]

Why Privacy in Healthcare is Important

[edit | edit source]

Health care research and security assurances both give significant advantages to society. Medical research is crucial to improving human health and medicinal services. Protecting patients engaged with the study and saving their privileges is a fundamental moral duty. Legislation is necessary for securing individual privacy to ensure the interests of people in providing their data for research. Patients must provide their medical data for further study; it can drastically speed up the research processes and will be very beneficial to society. Simultaneously, clinical research can profit people; for instance, it encourages access to new treatments, improved diagnostics, and increasingly compelling approaches to forestall disease.[4]

Without medical privacy, patients may avoid needed healthcare, and physicians may not enter important information into the patient's records.[5] Medical records contain sensitive information about every individual that could be used to negatively affect a person’s life. This includes fertility, abortions, substance/physical abuse, STDs, etc. Access to such information can damage a person’s reputation which can permanently affect their lives. Our medical records also contain mundane content such as height, weight, or if any bones were ever broken. Physicians need access to our complete medical records to provide an accurate diagnosis. Without an accurate diagnosis, patients may pay for an expensive treatment that was unnecessary or be given the incorrect medicine for a disease.

What Constitutes Privacy

[edit | edit source]

Securing data gathered with the consideration of the patient is a fundamental belief in social insurance. Protecting different structures is an essential key to trust. Enhanced privacy includes various angles, including personal space (physical security), individual information (enlightening protection), own decisions including social and strict affiliations (decisional protection), and personal associations with relatives (associational security).

Doctors must look to ensure privacy protection in all settings to the best degree conceivable and should:

  • (a) Minimize outsider interruption in health care records.
  • (b) Inform the patient if there has been a breach, which can affect the patient directly or indirectly.
  • (c) Be careful that singular patients may have exceptional worries about security in any of these zones.[6]

Protecting health care information can be broken down into three concepts:

  • Privacy: Protecting one’s privacy is essential and the patient has the right to keep their medical record confidential.[7]
  • Confidentiality: Selective control of sharing personal health information to a care provider or guardian under an agreement that limits what information may be released.[5]
  • Security: Policies and principles that help maintain the integrity and availability of information access.

Ways to Protect Healthcare Information

[edit | edit source]
  • (a) Ensure systems remain secure

As hackers have an assortment of techniques for breaking into medical service associations’ networks, healthcare IT divisions need to utilize a variety of devices to attempt to keep them out. In many cases, most firms spend a lot on edge security, for example, firewalls and antivirus programming.

  • (b) Train individuals for security

Regardless of any ill will, the staff members are mostly involved in data breaches because of carelessness. Subsequently, all the IT security programs are dependent upon staff training, including preparing on what does and doesn’t constitute a HIPAA infringement. Staff should be educated about phishing, social engineering, and other attacks that target representatives, and also choose a strong password.

  • (c) Secure remote systems

Most medical institutions are progressively depending on remote operating systems for their offices. Yet, sadly, those remote systems regularly present security concerns and vulnerabilities. Information can be taken by hacking into those systems. The association might depend on obsolete technology, for example, if medical institutions utilize the Wired Equivalent Privacy (WEP) security standard, hacking them will be relatively easy.

  • (d) Erase redundant information

The more information that is held by an association, the more there is for hackers to take. Medical institutions should remove data, which might not be required or useful. Moreover, it consumes more resources and time to routinely review the data and label it for the purpose of removal.

  • (e) Improve physical security controls

Even as electronic health records become progressively more common, the medical institution may keep a great deal of sensitive information on paper. Thus, suppliers must ensure entryways and file organizers are locked and secured, and cameras and other physical security controls are utilized. Moreover, associations should make sure IT hardware is secure by locking server rooms and using link locks or different gadgets to keep PC and workstations attached to office furniture.

  • (f) Incident Response plan

It is essential to get ready for the worst; there is very little probability that the associations can always foresee each conceivable IT security occurrence. That is the reason it’s essential to build up a game plan for when a breach occurs.[8]

Privacy Laws for Healthcare Data

[edit | edit source]

In the United States of America

[edit | edit source]

The Health Insurance Portability and Accountability Act of 1996

[edit | edit source]

The most notable and prominent healthcare law in the U.S. is HIPAA as introduced before. The Standards for Privacy of Individually Identifiable Health Information, or the Privacy Rule, were made to establish a national set of standards of the protection of specific health information.[9] HIPAA is also known as the Privacy Rule or the HIPAA Privacy Rule and was issued by the U.S. Department of Health and Human Services, or HHS, to put in place the requirement of the Health Insurance Portability and Accountability Act of 1996.[9]

The Privacy Rule will also allow a covered entity or organization to use health information for purposes of research without permission under certain circumstances where they can provide specific documentation.[9] The specific documentation must be obtained so that no significant and sensitive information is disclosed under the wrong hands or for the wrong purposes.  

Sharing data between hospitals and academic institutions can also promote more reliable research to be done. Confidence and trust can be increased in the conclusions of such research done by the sharing of data.[10] The Sync for Science collaboration is the most notable one in the United States which is between the National Institutes of Health (NIH), Harvard Medical School’s Department of Biomedical Informatics, the Office of the National Coordinator for Health IT (ONC), and Electronic Health Record (EHR) vendors.  

Genetic Information Nondiscrimination Act of 2008

[edit | edit source]

The Genetic Information Nondiscrimination Act of 2008, or GINA, was a federal act passed by Congress on May 21, 2008 to prevent discrimination based on genetic information relating to health insurance and employment.[11] Similar to the Americans with Disabilities Act, GINA prevents employers from discriminating against certain people on the basis of their genetic information. GINA will also prevent health insurance companies from doing the same to its consumers in providing health coverage.  

Health Information Technology for Clinical and Economic Health Act of 2009

[edit | edit source]

The Health and Information Technology for Economic and Clinical Health (HITECH) Act was passed as a part of the American Recovery and Reinvestment Act of 2009 in February 17, 2009. The HITECH Act aimed to promote the use of health information technology and also strengthened HIPAA.[12] The HITECH Act changed the secretary of HHS authority to charge money penalties for HIPAA violations and increased the maximum amount that could be charged by the secretary.[13]

In Europe

[edit | edit source]

The General Data Protection Regulation or the GDPR was enacted on May 25, 2018 by the European Union for its member countries.[14] The GDPR regulates the privacy and security of citizen’s data to any company or organization that collects data of people in the European union.[14] The regulation covers principles of data protection, accountability, data security, when data is allowed to be processed, and more. The GDPR also covers health data  as a unique type of data and gives its own definition within the regulation.[15] Unique safeguards have also been made for health data in addition to the other privacy laws which still apply to the same data.[15]

In Africa

[edit | edit source]

The Data Policy Framework released by African Union on July 28, 2022 serves as a framework and blueprint for countries to use to maximize benefits from an economy driven by data as well as providing regulatory policies of data to protect people.[16] The framework also aims to improve digital trade and innovation across multiple countries in the union and help guide member countries on how to go through intricate regulatory problems.[17] The framework doesn’t have specific safeguards nor policies to protect health care data but does mention recommendations for countries to make on it.[16] It emphasized the importance of healthcare research and to make new definitions and safeguards for health care data within its recommendations for its member countries.  

In China

[edit | edit source]

The People’s Republic of China adopted the Personal Information Protection Law (PIPL) on August 20th, 2021.[18] It is similar to the European Union’s GDPR and was designed similarly to safeguard rights and privacy of its citizens with regulation of data processing, transferring, and collection.[19] Its principles include requiring explicit consent in data practices for processing and providing, requiring appointed people in organizations who are responsible for defending personal data, implementing security measures, and doing risk assessments. Many components of the PIPL align with the GDPR framework.

Major Privacy Breaches in Healthcare

[edit | edit source]

The measures outlined in the previous chapters have sometimes proven inadequate, either because they were not enforced properly, or their enforcement was not present at all. There have been severe data breaches that have resulted in massive lawsuits with multi-million-dollar settlements. One example is that of Anthem Blue Cross Blue Shield, who were attacked by Deep Panda, which is a Chinese hacker group. Their data systems were compromised due to a database administrator having their credentials leaked, possibly due to a phishing attack. The administrator was only noticed the attack to due to an unauthorized query being run with his credentials, which he just happened to notice.[20] The incident revealed a lack of training by Anthem to prepare their employees to avoid blatant or complicated phishing attempts and also revealed that Anthem was storing data in unencrypted form, although this would not have mattered because the hackers already had the administrator credentials. This breach resulted in personally identifiable information of 78.8 million patients being leaked, along with a hefty lawsuit settlement of around $115 million.[20]  

Memorial Healthcare in Florida had to pay $5.5 million to the Office for Civil Rights, after electronically protected records were accessed improperly by two individuals that used a former physician’s login credentials.[21] The investigation following the breach also revealed that Memorial Healthcare had failed to review and modify user access permissions.[21] This allowed former employees to gain access, which is incredibly dangerous and reckless, as they could be disgruntled or angry at their employers, due to unfair termination or other reasons.

The University of California, Los Angeles (UCLA) Health System became victim to an attack by hackers in 2015, the means used by the hackers have not yet been revealed. The attackers were able to copy the entire database, resulting in protected information of roughly 4.5 million individuals being compromised.[22] The information compromised consisted of data from as far back as 1990. Leaked information could be used by the attackers to steal identities and file fraudulent Medicare claims, potentially causing significant financial and psychological harm to patients and employees of the affected organization.

Information about the breach was not disclosed to the affected individuals for up to 10 weeks, against HIPPA regulations, which require notifications to be issued in 60 days. This resulted in a class-action lawsuit, which was eventually settled for $7.5 million.[23] A portion of the money, $5.5 million, was set aside for a fund to improve cyber defenses at the institution.[23] This incident shows the importance of timely disclosure, which would allow the affected individuals to ensure that their information was not used for the purpose of identity theft and credit fraud.

Privacy breaches in healthcare are extremely dangerous, they result in hefty penalties, lengthy investigations and identity theft for individuals affected. There is one silver lining however, which is intelligence gained as a consequence of the breach, allowing us to improve our methods, frameworks and policies.

Statistics

[edit | edit source]

Healthcare data breaches have been shown to have an increasing trend in the past 14 years.[24] 725 data breaches were reported to the Office of Civil Rights in 2023 which consisted of more than 133 million records being disclosed without permission or exposed.[24]

Healthcare Data Breaches Affecting 500 Individuals or More[24]

Healthcare breaches have also started to become more devastating and impactful. In 2023, 168 million records were exposed, breached, or stolen.[24] The biggest healthcare data breach that has ever been reported was in 2024, where 190 million records were leaked at Change Healthcare due to a ransomware attack.[25]

Individuals affected by healthcare security breaches[24]

The most common causes of healthcare data breaches have been because of hacking/IT incidents followed by unauthorized access/disclosure.[26] Unauthorized access/disclosure, loss/theft, and improper disposal have been reported disproportionately lower than hacking/IT incidents.

Possible Consequences of Stolen Healthcare Data

[edit | edit source]

Healthcare data of patients contain very highly sensitive and private information, which is seen as very lucrative to steal, making it one of the most targeted types of data for hackers. What makes healthcare data so valuable is its longevity since most people are unaware when it has been stolen or breached as compared to a stolen credit card.[27] Such data can contain dates of birth, demographic data, and social security numbers which can be used to commit identity theft.[28] Through identity theft, new credit cards and loans can be opened under the targeted victim’s name causing massive financial burden. It is also not uncommon to see healthcare data to be stolen and used to obtain prescription medications, healthcare devices, and obtain medical services and benefits that are expensive. Healthcare data can also be used to allow for impersonated tax returns to be filed for tax rebates. In some cases, data is altered such as blood type, medicine or allergies which can cause great harm or even death to the targeted victim.[27]

Ransomware is primarily used to steal medical data from a healthcare provider.[29] This type of malware will prevent companies or organizations from accessing data by encrypting and promising to decrypt it once they pay a ransom for it. Threats are made to the organization if they do not pay the ransom like leaking the data or never giving back the data. These tactics have been so successful to the point that many cyberattacks simply kidnap data without even encrypting the data because healthcare organizations feel obliged to pay for the ransom. Many healthcare organizations would rather pay, even if there is no real threat of data being exposed, due to the possible substantial damage to their reputations.[28]

Extortion or blackmail can also be done to the individual victims by cyber criminals or hackers. The victims will be contacted directly and are threatened with leaking personal information if they’re not paid a ransom fee for it.[30]

Healthcare data as mentioned before is highly valuable and can sell for over thousands of dollars on the dark web.[29] This online black market can be very profitable based off the selling of only healthcare data and medical records.

Compliance Strategies in Healthcare Privacy and Security

[edit | edit source]

Privacy Impact Assessment (PIA) Framework

[edit | edit source]

Privacy Impact Assessments (PIAs) are a systematic approach used within healthcare to review how patient data is stored and protected through organizational processes. PIAs differ from technical safeguards alone in that they offer a value-based approach of taking into account regulation requirements alongside the operational impact of privacy controls on clinical activity. PIAs can balance the requirements for strong information privacy with operational utility to support the delivery of care.[31] This is especially important in environments where extreme controls on privacy can potentially disrupt decision-making or slow treatment. It is only by carrying out a PIA correctly that the healthcare leaders are able to analyze risks not only from a compliance viewpoint but also from patient safety, availability of resources, and practicability of workflow viewpoints. Healthcare providers must navigate the challenge of protecting patient privacy while also ensuring timely and effective care delivery.[31] Park and has fellow researchers offer an early framework for understanding how organizations can strategically manage this balance between safeguarding information and sustaining operational efficiency.[31] Therefore, PIAs are being considered more and more as the critical compliance and decision-making tools of strategic relevance to modern health information systems.

Staff Training and Awareness

[edit | edit source]

Staff training and sensitization are essential in preventing data breaches in healthcare organizations. While technical safeguards are necessary, human error is the leading cause of electronic health record (EHR) exposure. Research shows that over 70 percent of breached records from 2015 to 2020 were a result of unintentional human factors like negligence, carelessness, and susceptibility to phishing attacks.[32] These violations tend to occur when staff bypasses security protocols that are inconvenient to them or unconnected to patient care. Failure to properly train staff may lead to blatant information offenses, for example, transmitting protected health information (PHI) to an unintended recipient or publishing sensitive details to insecure sites. Then, the healthcare organizations are encouraged to provide systematic routine training programs that not only introduce HIPAA regulation but also utilize the tenets of behavioral science for the promotion of safe behavior. In line with a PricewaterhouseCoopers survey included in the study, 87 percent of healthcare staff have additional employee training as the largest means of improving cybersecurity hygiene. Through creating a culture of responsibility and awareness, organizations are able to remove unnecessary risk and support privacy compliance.

Encryption and Secure Communication

[edit | edit source]

The global adoption of telemedicine has also had a significant impact on healthcare practitioners' interaction with patients, particularly regarding secure messaging. Unlike traditional email, which does not have end-to-end encryption and is not HIPAA compliant by default, modern telemedicine platforms have secure messaging and video solutions integrated into electronic health records (EHRs). During the COVID-19 pandemic, the U.S. Department of Health & Human Services temporarily relaxed HIPAA enforcement to allow the use of consumer video communication tools, which facilitated rapid scaling of remote care.[33] At NYU Langone Health, urgent telemedicine visits rose by 683% in just over a month, supported by secure, integrated systems that allowed patients to check in, consult, and share biometric data through protected platforms.[33] Such solutions not only augmented care delivery but also maintained patient trust by adherence to data privacy laws. With video-based telemedicine becoming commonplace, secure messaging solutions will become a vital aspect of healthcare communication, both for clinical and for regulatory effectiveness.

[edit | edit source]
[edit | edit source]

Informed consent is a process in which a healthcare professional educates a patient about the risks, benefits, and alternatives of a given procedure, allowing the patient to voluntarily agree or decline. [34] In the context of research databases, informed consent means that researchers are ethically and/or legally justified in using participants' data only if the participants explicitly consented to their involvement. [35]

Implied consent is an agreement inferred from a person’s actions, gestures, or circumstances. For example, a patient rolling up their sleeve for a vaccination indicates implied consent for the healthcare provider to perform the injection. On digital platforms, implied consent often appears through statements like, "By continued use of this site, you agree to our privacy policy and terms of use."

[edit | edit source]

Kaye and their fellow researchers describe dynamic consent as an interface that "facilitates two-way communication to stimulate a more engaged, informed, and scientifically literate participant population where individuals can tailor and manage their own consent preferences." [36] Dynamic consent in healthcare often involves continuous, interactive consent processes often managed through digital patient portals. This approach allows users to grant or revoke consent continuously, adapting their preferences over time.

[edit | edit source]

Both informed and implied consent present ethical and legal challenges. Issues related to informed consent include determining who is capable of consenting (age, mental capacity, health status), as well as clarifying precisely what consent implies, especially when considering the complexities introduced by digital health technologies. As Kassam and colleagues highlight, "Understanding patient perspectives when implementing meaningful consent is critical to ensure that it meets their needs." [37] In the digital age, many users rarely read lengthy consent forms and instead quickly click "agree" to access digital services. The aforementioned researchers conducted a literature review of 75 studies on digital consent and found that only 33% of studies aimed to measure the actual comprehension of electronic consent forms. Although most participants (68 out of 75 studies) expressed willingness to provide digital consent, their willingness depended significantly on clearly understanding the information provided, specifically details regarding who can access their Protected Health Information (PHI), how it will be used, and the measures taken to ensure privacy. [37]

Effective digital consent requires making information accessible and understandable, potentially through translations, simplified language, or clearer breakdowns of terms and conditions. While dynamic consent systems present logistical challenges for maintaining and tracking consent status, they significantly enhance patient autonomy and privacy protection by allowing ongoing control and personalized management of consent preferences.

Conclusion

[edit | edit source]

It is very clear from the above sections that most people want to protect their information; most of them want to live a very private life. There are a lot of data breaches that have happened in medical institutions, which leads patients to conceal information from doctors; as a consequence, they are unable to get a proper treatment for their illness. Protecting health care information is not just about protecting the information from hackers. Keeping medical information secret encourages patients to provide detailed information about their medical condition. Protecting health information will also help patients to come forward and offer their medical records for further research, which can increase the standard of care in hospitals. By using the recommendations provided in this article, a lot of attacks can be stopped from being successful. Patients want to provide their medical information, but due to a lack of privacy, they do not. If an exceptional level of privacy can be achieved in medical institutions, it can be very beneficial for the whole of humanity.

References

[edit | edit source]
  1. Health Information Privacy. Retrieved from https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
  2. Bodie, M. T. (2022). HIPPA. Cardozo L. Rev. De-Novo, 118.
  3. Health Information Policy and Laws Retrieved from https://www.healthit.gov/topic/health-information-privacy-law-and-policy
  4. Appari, A., & Johnson, M. E. Information Security, and Privacy in Healthcare.
  5. a b Rindfleisch, T. C. (1997). Privacy, Information Technology, and Health Care. Communications of the ACM, 40(8), 92-100.
  6. Health Information Privacy. Retrieved from https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
  7. George, J., & Bhila, T. (2019). Security, confidentiality and privacy in health of healthcare data. International Journal of Trend in Scientific Research and Development, 3(4), 2456-6470.
  8. Moore, I., Leason, S., Miller, S. C., & Hickson, G. B. Confidentiality and privacy in health care from the patient's perspective: does HIPAA help?
  9. a b c U.S Department of Health and Human Services. "Summary of the HIPAA Privacy Rule". hhs.gov. Retrieved April 28, 2025.{{cite web}}: CS1 maint: url-status (link)
  10. Hulsen, Tim (April 27, 2020). "Sharing Is Caring—Data Sharing Initiatives in Healthcare". International Journal of Environmental Research and Public Health. 17 (9): 3046. doi:10.3390/ijerph17093046. ISSN 1660-4601. PMC 7246891. PMID 32349396.
  11. "Genetic Information Nondiscrimination Act of 2008". eeoc.gov. Retrieved April 29, 2025.
  12. "HITECH Act Enforcement Interim Final Rule". hhs.gov. Retrieved April 29, 2025.{{cite web}}: CS1 maint: url-status (link)
  13. "HHS Strengthens HIPAA Enforcement". hhs.gov.
  14. a b Wolford, Ben. "What is GDPR, the EU's new data protection law?". Retrieved April 29, 2025.{{cite web}}: CS1 maint: url-status (link)
  15. a b "Health". European Data Protection Supervisor. Retrieved April 29, 2025.{{cite web}}: CS1 maint: url-status (link)
  16. a b "African Union (AU) Data Policy Framework". dig.watch. February 1, 2022. Retrieved April 29, 2025.{{cite web}}: CS1 maint: url-status (link)
  17. King'ori, Mercy (April 29, 2023). "The African Union's Data Policy Framework: Context, Key Takeaways, and Implications for Data Protection on the Continent". Future of Privacy Forum. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  18. "The PRC Personal Information Protection Law (Final): A Full Translation". China Briefing. August 24, 2021. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  19. "Cross-border health data transfer rules around the world". InCountry. February 6, 2024. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  20. a b Shankar, Nithya; Mohammed, Zareef (2020). "Surviving Data Breaches: A Multiple Case Study Analysis". Journal of Comparative International Management. 23 (1): 35–54. doi:10.7202/1071508ar. ISSN 1481-0468.
  21. a b Adler, Steve (February 17, 2017). "Record HIPAA Settlement Announced: $5.5 Million Paid by Memorial Healthcare System". HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  22. Adler, Steve (July 18, 2015). "UCLA Health System Hacked: 4.5 Million Patient Records Exposed". HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  23. a b Adler, Steve (March 22, 2019). "UCLA Health Settles Class Action Data Breach Lawsuit for $7.5 Million". HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  24. a b c d e Adler, Steve (April 17, 2025). "Healthcare Data Breach Statistics". The HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  25. Adler, Steve (April 16, 2025). "UnitedHealth Adopts Aggressive Approach to Recover Ransomware Attack Loans". HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  26. Adler, Steve (July 30, 2024). "H1, 2024 Healthcare Data Breach Report". HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  27. a b Zabel, Laurie. "The Value of Personal Medical Information: Protecting Against Data Breaches". naham.org. Retrieved April 27, 2025.
  28. a b Adler, Steve (November 2, 2023). "Editorial: Why Do Criminals Target Medical Records". HIPAA Journal. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  29. a b Trevino, Aranza (November 1, 2024). "Why Do Hackers Want Medical Records?". Keeper Security. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  30. Flairty, Anna (March 9, 2023). "What hackers really do with stolen patient data". Paubox. Retrieved April 27, 2025.{{cite web}}: CS1 maint: url-status (link)
  31. a b c Parks, Rachida F; Wigand, Rolf T; Lowry, Benjamin P (2023-11-02). "Balancing information privacy and operational utility in healthcare: proposing a privacy impact assessment (PIA) framework". European Journal of Information Systems. 32 (6): 1052–1069. doi:10.1080/0960085X.2022.2103044. ISSN 0960-085X.
  32. Yeo, Liu Hua; Banfield, James (2022). "Human Factors in Electronic Health Records Cybersecurity Breach: An Exploratory Analysis". Perspectives in Health Information Management. 19 (Spring): 1i. ISSN 1559-4122. PMC 9123525. PMID 35692854.
  33. a b Mann, Devin M; Chen, Ji; Chunara, Rumi; Testa, Paul A; Nov, Oded (2020-07-01). "COVID-19 transforms health care through telemedicine: Evidence from the field". Journal of the American Medical Informatics Association. 27 (7): 1132–1135. doi:10.1093/jamia/ocaa072. ISSN 1527-974X. PMC 7188161. PMID 32324855.
  34. Shah, Parth; Thornton, Imani; Kopitnik, Nancy L.; Hipskind, John E. (2025), "Informed Consent", StatPearls, Treasure Island (FL): StatPearls Publishing, PMID 28613577, retrieved 2025-04-29
  35. Holm, Søren; Madsen, Søren (2009-01-29), Corrigan, Oonagh; McMillan, John; Liddell, Kathleen; Richards, Martin (eds.), "Informed consent in medical research – a procedure stretched beyond breaking point?", The Limits of Consent: A socio-ethical approach to human subject research in medicine, Oxford University Press, p. 0, ISBN 978-0-19-923146-1, retrieved 2025-04-29
  36. Kaye, Jane; Whitley, Edgar A.; Lund, David; Morrison, Michael; Teare, Harriet; Melham, Karen (February 2015). "Dynamic consent: a patient interface for twenty-first century research networks". European Journal of Human Genetics. 23 (2): 141–146. doi:10.1038/ejhg.2014.71. ISSN 1476-5438.
  37. a b Kassam, Iman; Ilkina, Daria; Kemp, Jessica; Roble, Heba; Carter-Langford, Abigail; Shen, Nelson (2023-02-10). "Patient Perspectives and Preferences for Consent in the Digital Health Context: State-of-the-art Literature Review". Journal of Medical Internet Research. 25 (1): e42507. doi:10.2196/42507.