Kenneth G. Hartman bio photo

Kenneth G. Hartman

Security Consultant,  
Forensic Analyst & 
Certified SANS Instructor

Email Twitter GitHub

NOTE: This is cross-posted from the HIMSS Blog at

Here is latest installment from the HIMSS Privacy and Security Committee…called PSST!. Keep reading to learn more about the column and this month’s topic – Patient Trust by Kenneth G. Hartman, CISSP, CPHIMS, GSEC

The HIMSS Privacy and Security Committee chose the topic of Patient Trust as the “PSST” for the month of June to coordinate with the release of a new white paper titled Understanding the Role of Trust in the Protection of Privacy</em>. This latest addition to the HIMSS Privacy & Security Toolkit is the result of the P&S Committee’s desire to increase understanding of Privacy as a separate and distinct concept from Security.

Those of us who have worked in healthcare for any length of time routinely handle patient information. We are expected to be aware of all of the compliance requirements and organizational policies pertaining to the proper handling of protected health information. We are also busy and often short-handed, yet for the most part, we do our jobs well and protect the rights of our patients in the process.

This blog posting isn’t about:

  • what we need to know,
  • how we need to comply, or
  • what we should do differently.

Rather, it is an encouragement to pause for a moment and to think about “WHY.”

The aforementioned whitepaper delves into why it is important to understand that there is an important linkage between trust and privacy. In addition to discussing various privacy legislation enacted to preserve societal trust, the paper also delves into the more personal issues of vulnerability, fairness, and competence.

Without giving away the complete gist of the paper, let’s think about what trust has to do with what we do:

  • We are all patients, not just providers, payors, or healthcare IT professionals
  • We are much more than our medical records
  • We know that information can be taken out of context or potentially could just be plain wrong
  • We want control over our own lives, generally
  • We trust those that we know well and may lack trust in those that we do not know
  • We know that we have to let others help us sometimes, and this takes trust

As professionals who work in the field of healthcare, we have more insight into how “the system” works, so we will naturally be more trusting of it. However, different people will have different attitudes about trust, because we are all different and have had different life experiences.

Bruce Schneier, in his book Liars & Outliers – Enabling the Trust that Society Needs to Survive, writes the following:

In some ways, trust in society works like oxygen in the atmosphere. The more customers trust merchants, the easier commerce is. The more drivers trust other drivers, the smoother traffic flows. Trust gives people the confidence to deal with strangers: because they know that the strangers are likely to behave honestly, cooperatively, fairly, and sometimes even altruistically. The more trust is in the air, the healthier society is and the more it can thrive. Conversely, the less trust is in the air, the sicker society is and the more it has to contract. And if the amount of trust gets too low, society withers and dies.

Trust is earned by being trustworthy. A big part of that is to understand patients’ expectations regarding privacy and keeping the promises we make to protect that privacy.