6. Ethics / Regulations / Governance

Question 1

what is an example of health care record compromise, and what happened

Answer 1

MedStar Health targeted by Ransomware

• delayed radiotherapy
• cancelled appointments
• prolonged drug usage past required dates
• prolonged processing of lab results

Question 2

what is an example of health identity theft & the results

Question 3

compare health identity theft with cc theft

Answer 3

• credit card fraud is a common occurence e.g. a new tv charged to someone else
• health identity theft example is undergoing surgery under someone else’s identity
• the difference is the time to notice (e.g. if Medicare is paying the bill, the patient won’t notice)
• costlier repercussions in hc
• hc is harder to identify
• cc is a single purchase, whereas hc can occur for a long time with no notice

Question 4

what is the value of assuming health identities

Answer 4

• uninsured people don’t need to pay as much for their treatment
• bills are charged to another person
• for countries without medicare, expensive drugs can be purchased for someone else

Question 5

what is data governance

Answer 5

a framework used to create & enforce policies regarding data

Question 6

who are some people involved in data governance

Answer 6

• governance council: high level decisions, policy creation
• custodian: responsible for safety of data, implement business rules
• steward: ensure fitness of data content & metadata & administer data policies and regulations
• user: follow policy, inform others when policies are more difficult

Question 7

what are the benefits of data governance

Answer 7

• data silos
• safe access
• monitoring
• consistency
• compliance e.g. HIPAA
• data protection against threats

Question 8

what are some other security threats

Answer 8

• manmade (fire, power outages)
• natural disasters
• software dependencies

Question 9

what is social engineering

Answer 9

tricking someone into revealing personal useful information including hacking one victim to assume identity and trick another victim

Question 10

what is pretexting

Answer 10

using an invented scenario to persuade victims to release info / perform an action

Question 11

what is phishing

Answer 11

luring unsuspecting interest with authentic looking emails

Question 12

what is pharming

Answer 12

hijacking of an official website’s address to lure users into entering information in a different DNS server for the fraudulent site

Question 13

what are the limitations of blockchain

Answer 13

• can only add, not delete
• mistakes are persisted (no reversal)
• possible to de-anonymise
• high energy consumption

Question 14

what is an ethical consideration of MHR

Answer 14

while we can do precision medicine, it’s compromise could have significant ramifications by revealing information about the entire population’s health conditions

but should we keep research closed off to this data when it can lead to improvements in clinical practice and personalisation of medicine

Question 14

what are the 3 pillars of medical devices/tech

Answer 14

• safety: expectation that users will be kept free from harm
• effectiveness: performance under real-world circumstances
• efficacy: performance under ideal & controlled circumstances

Question 15

what is ethics for

Answer 15

informing the decisions, storage and practice around health information

Question 16

what are the ethical concerns about innovations in data capture

Answer 16

• environment
• more data captured
• technology is more advanced e.g. camera can capture fingerprint if subject raises hand

Question 17

what are ethical categories

Answer 17

• privacy: people have the right to control it
• accuracy: people have the right to correct information
• property: people have right of ownership
• accessibility: people have the right to select who can access their information

Question 18

what is HREC

Answer 18

• human research ethics committee
• chair
• knowledge of areas of research
• current experience in prof. care
• community/pastoral role
• lawyer

Question 18

what is the minimum period to keep data in nsw health

Answer 18

7 years

Question 19

what else should be considered in ethical research

Answer 19

• the study participants, are they being treated ethically
• are specimens and records being treated ethically
• security of data

Question 20

examples of studies that don’t require ethical approval

Answer 20

• lab QA programs with no PII
• anonymous & voluntary patient satisfaction surveys
• statistical summaries of hospital activities

Question 21

what is the purpose of quality assurance audits & when do they require ethical concern

Answer 21

• quality improvement
• improvement of health care delivery

ethics required if:
- research involves direct approach to patients/staff
- consent required
- PII collected

Question 22

what is negligible risk

Answer 22

no foreseeable risk of harm or discomfort

Question 23

what are site-specific assessments

Answer 23

• part of the research governance process
• requires processes in place to ensure accountability, transparency, inclusiveness, equity & responsiveness

Question 24

what is an ethics code of conduct

Answer 24

collection of policies that is designed to guide decision making by members of the org. e.g.
- promote positive work env
- show honesty & integrity
- act professionally & ethically