Zusammenfassung

It is one thing for a patient to trust a physician with a handwritten record that is expected to stay in the doctor’s office. It’s quite another for the patient to consent to place their comprehensive electronic health record in a repository that may be open to researchers anywhere on the planet. The potentially great payoffs from (for example) being able to find a set of similar patients who have suffered from the same condition as oneself and to review their treatment choices and outcomes will likely be unavailable unless people can be persuaded that their individual data will be handled properly in such a system. Agreeing on an effective set of institutional controls (see Chapter 9) is an essential prerequisite, but equally important is the question of whether the agreed upon policies can be enforced by controls engineered into the system. Without sound technical enforcement, incidents of abuse, misuse, theft of data, and even invalid scientific conclusions based on undetectably altered data can be expected. While technical controls can limit the occurrence of such incidents substantially, some will inevitably occur. When they do, the ability of the system to support accountability will be crucial, so that abusers can be properly identified and penalized and systems can be appropriately reinforced or amended. Questions to ask about the engineered controls include: How are legitimate system users identified and authenticated? What mechanisms are employed to distinguish classes of users and to limit their actions to those authorized by the relevant policies? What mechanisms limit the authorities of system administrators? How is the system software installed, configured, and maintained? How are user and administrator actions logged? Can the logs be effectively monitored for policy violations? When policy violations are detected, what mechanisms can be used to identify violators and hold them to account?

https://doi.org/10.1017/CBO9781107590205.013