Medical Ethics of Maintaining Privacy and Security in Healthcare


Clinical data storage and its management have reached new dimensions with the introduction of AMA Code of Medical Ethics. This code provides directives as to how to collect medical data of a patient and how it must be stored and monitored for diverse uses. The clinical management of Electronic Medical Record (EMR) specifically protects the privacy of a patient and confidentiality of the records. In lieu of this it has become mandatory for a physician or a medical attendant to keep the records in a very controlled and authentic manner to avoid unlawful access and manipulation (Manning, 1997).

About confidentiality of the Medical Records

The American Medical Association stipulates that a physician must protect and handle the medical records of a patient with utmost confidentiality. The physician has to inform the patient about the availability of computerized medical databases before obtaining the consent of the patient for medical treatment. The records thus prepared must be kept aloof from unauthorized access and misuse (Manning, n.d.).

AMA policy guidelines

According to the AMA Policy on Computer Confidentiality all corrections made should be dated and stamped. This means, whenever a record is corrected the same shall be authenticated by the person who has made the correction by noting the exact date and time, and recording his or her name so that the records will serve the purpose of a proper legal document. Likewise, if any additions are made to the medical records the above procedure will be repeated as a mark of authentication. In case a suit is filed

and the court requires the records it becomes necessary to know the person responsible for the corrections made in the records. Additionally, the recorded date and time will act as an explanation by the physician why he/she had made the changes (AMA Code of Medical Ethics, 2003).

The presence of computerized databases which contains all the information relating to the medical history of a patient has to be communicated to him/her prior to the release of the records by the physician to the company which is bound to store the information (AMA Code of Medical Ethics, 2003).

The AMA policy on computer confidentiality stipulates that the computerized medical database has to be created online when approved computer programs require the inputs of medical information for its performance (AMA Code of Medical Ethics, 2003).

With regard to purging of inaccurate information and its completion the patient must be enlightened about it before it actually occurs. The information is communicated to the patient so that if required he/she can take hard copies of the records before the record is deleted from the system (AMA Code of Medical Ethics, 2003).

The erasure must verify the deletion of the medical records of a patient by conveying its details to the physician in writing (AMA Code of Medical Ethics, 2003).

All persons and associations, who have some kind of access to the computerized data bases of the medical records of a patient along with the degree of access allowed, should be exclusively acknowledged in advance (AMA Code of Medical Ethics, 2003).

The entry to the records maintained in a computer data base must be allowed only after observing the required security measures. It should have passwords,

encryption of information options as well as badges to records which can be scanned, and any other user recognition that may be required (AMA Code of Medical Ethics, 2003).

The distribution of secret medical data should be permitted only to those individuals or agencies that possess an authentic application for the data. If such permission occurs, care should be taken to give only the related portion of the data required to meet their specific purpose. Additionally, the parties who are allowed to possess the aforesaid data should be informed that they are not entitled to use this data for any other purpose other than they have mentioned (AMA Code of Medical Ethics, 2003).


As per the Committee of Maintaining Privacy and Security in Health Care the threats to privacy are: (1) Unintentional disclosures by the insiders (2) Misuse of the access privileges by the insiders (3) Using the access by the insiders to profit making (4) Forceful intrusion by others, and (5) Sabotaging the system by antisocial elements to meet their private ends. The present protective measures are introduced to safeguard the privacy of the patient and the medical data from unauthorized access to it. Therefore, it is very imperative for a physician to adhere to the instructions given in the AMA Code of Medical Ethics (Dudley, 2004).


AMA Code of Medical Ethics. (2003). Web.

Dudley, G. (2004). Electronic Records, Patient Confidentiality, and the Impact of HIPAA, Patient Safety & Quality Healthcare. Web.

Manning, L., William. (1997). Medical Records, Privacy & Confidentiality, Web.

Manning, L. W. (n.d.). The Health Law Resource, Privacy and Confidentiality in Clinical Data Management Systems: Why You Should Guard the Safe. 2010. Web.

Find out your order's cost