As part of scaling-up HIV services, increasing emphasis is being placed on the collection of information to improve patient management and monitoring as well as programme or service monitoring and evaluation. Such data allow individuals to be tracked over time and between places, and enable the development of longitudinal patient-level information for clinical management.
Patient-level information becomes even more important when used for programme or service monitoring or evaluation. This will require information systems, whether paper-based or electronic, which ensure patient confidentiality yet allow relatively easy access to the information at both the individual and aggregate level. Implemented systems must also address issues of system availability.
Using health data of individuals for public health goals must be balanced against individuals’ rights to privacy and confidentiality, and should be based on human rights principles.
When developing approaches to protecting data, a distinction should be made between providing for the physical protection of data to guard against environmental threats, and the protection needed to guard against inappropriate use of sensitive information, whether due to inadvertent or deliberate activities.
Three interrelated concepts have an impact on the development and implementation of protection of sensitive data. These are privacy, confidentiality, and security. While interrelated, each is distinct and each is developed and implemented in a different manner.
Three interrelated concepts have an impact on the development and implementation of protection of sensitive data. These are privacy, confidentiality, and security. While interrelated, each is distinct and each is developed and implemented in a different manner.
Privacy is both a legal and an ethical concept. The legal concept refers to the legal protection that has been accorded to an individual to control both access to and use of personal information and provides the overall framework within which both confidentiality and security are implemented.
Confidentiality relates to the right of individuals to protection of their data during storage, transfer, and use, in order to prevent unauthorized disclosure of that information to third parties. Development of confidentiality policies and procedures should include discussion of the appropriate use and dissemination of health data with systematic consideration of ethical and legal issues as defined by privacy laws and regulations.
Security is a collection of technical approaches that address issues covering physical, electronic, and procedural aspects of protecting information collected as part of the scale-up of HIV services. It must address both protection of data from inadvertent or malicious inappropriate disclosure, and non-availability of data due to system failure and user errors.
Confidentiality relates to the right of individuals to protection of their data during storage, transfer, and use, in order to prevent unauthorized disclosure of that information to third parties. Development of confidentiality policies and procedures should include discussion of the appropriate use and dissemination of health data with systematic consideration of ethical and legal issues as defined by privacy laws and regulations.
Security is a collection of technical approaches that address issues covering physical, electronic, and procedural aspects of protecting information collected as part of the scale-up of HIV services. It must address both protection of data from inadvertent or malicious inappropriate disclosure, and non-availability of data due to system failure and user errors.
