System Security Functions: Patient Right to Privacy

• There must be no personal data record-keeping systems whose very existence is secret
• There must be a way for an individual to find our what information about him is in a record and how it is used.
• There must be a way for an individual to prevent information about him that was obtained for one purpose for being used or made available for other purposes without his consent.
• There must be a way for an individual to correct or amend a record of identifiable information about him.
• Any organization creating, maintaining, using,or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of data.