Information Ethics in Paperless Hospitals : Sapiah Binti Sulaiman, Rose Alinda Alias, Azizah Abd. Rahman

Paperless Hospitals

While paperless hospitals are being introduced in Malaysia and all over the globe, there is lack of a holistic code of ethics, specifically for handling massive computer-based information in these hospitals. Healthcare professionals such as medical practitioners and nurses in these paperless hospitals now need to have two codes of ethics to follow, namely, medical ethics and computer ethics. These medical professionals not only should handle patient’s information; at the same time they also have to be proficient in handling computerized systems to ensure the security of the information. However, at the moment, there are no written guidelines, which can be followed by the healthcare professionals in Malaysian paperless hospitals.

The use of computers in today’s business decisions has both revolutionized and benefited business. Yet, misuse of computers and unethical behaviour related to computer application systems have resulted in serious losses to business and society. Information technology (IT) provides organizations the opportunity to have almost instantaneous access to vast amounts of critical information about customers, competitors, employees, and suppliers. Unfortunately, recent incidents involving software piracy, computer viruses, data theft, system espionage and employee monitoring have emphasized the potential for unethical behaviour associated with the use of IT.

Medicine always aims to promote health, prevent and cure diseases. With the advancement of technology today, many innovative methods of cure are being introduced. However, several methods are rather controversial in nature i.e. assisted conception. Here medical ethics can play a role. Medical ethics is applied to keep track of what is right and what is wrong in different areas of healthcare.

Information Ethics in Healthcare in an e-age

There is a great need for some form of regulation concerning the collection, processing, storage and communication of medical data, including images such as x-rays and eye scan. There must be strict control over this sensitive information. Patients’ information can be used for any unethical purposes, such as insurance companies may use the information to ask the patients’ family to buy their insurance, and irresponsible people may humiliate the patient among their neighbors, office mates, relatives and friends.

Patients have a right to expect that information systems are secure and will not in any way violate their privacy. Hence the method must ensure that the confidentiality of the medical data or information is always preserved, particularly when it involves the movement of information from one location to another, electronically.

It is ethically inappropriate to carry on providing the services if the system fails to safeguard the confidentiality of the patient information that is of a sensitive nature. Disclosure of these information is a betrayal of trust.

Therefore measures must be taken to ensure that unauthorized interception can be prevented. Even if the transmitted information is intercepted, it shouldn’t be read. A comprehensive legal and ethical framework is necessary for the protection of the patients’ rights. In Malaysia, Ministry of Health (MOH) has a code of conduct for medical officers and nurses.

This code of conduct guides them to be good practitioners, while performing their duty. It includes guidelines on behaviours of medical practitioners with patients, visitors, and also among themselves.

Even in other countries, hospitals are focusing more on the patient’s care, but only part of the code of ethics focuses on the patient’s information handling. In fact, oaths and codes for medical practitioners vary from one country to another and even within countries, and they have many common features, including promises that physicians will consider the interests of their patients above their own, will not discriminate against patients on the basis of race, religion or other human rights grounds, will protect the confidentiality of patient information and will provide emergency care to anyone in need. But, sadly it still only focuses on the way they interact with patients directly, not through the computer system. Medical ethics in an ICT age is the need of the hour for every country, which has entered or about to enter the e-age.

Malaysian Paperless Hospital

The Malaysian Government is the major provider of healthcare for its people. Other important providers contributing to the health of the population in Malaysia include the private sector and non-government organizations (NGOs).

In the Seventh Malaysian Plan, it was stated that there will be 33 paperless public hospitals in Malaysia. There will be 8 hospitals using total hospital information system (THIS), while the other 25 smaller hospitals will use the hospital information system (HIS). But due to the economic crisis in 1998, those projects were put on hold, and were expected to be implemented during the Eighth Malaysian Plan.

However, until the early stage of the Ninth Malaysian Plan, only two hospitals are formally known as paperless hospitals, while implementation of other proposed hospitals are still on hold. Testing of the computerised systems have been given as reasons that contribute to this delay.

At the moment, these two hospitals do not have any code of ethics in handling patients’ computer-based information system. All healthcare professionals (the physicians, the IT department staff and the record department staff) only practice their own department’s policy or code of conduct. However, in order to make them understand more about the system they are using, it might be better if there is one universal standard code, which can be read and practiced by all healthcare professionals across the country.

The Ambit and Role of Ethics

Here in this article, we focus on the information ethics in the paperless hospitals of Malaysia. While paperless hospitals are being introduced in Malaysia and all over the globe, there is lack of a holistic code of ethics, specifically for handling massive computer-based information in these hospitals. Healthcare professionals such as medical practitioners and nurses in these paperless hospitals now have two codes of ethics to follow, namely, medical ethics and computer ethics. These professionals not only handle patient’s information; at the same time they also have to be proficient in handling computerized systems to ensure the security of the information. However, at the moment, there are no written guidelines, which can be followed by the healthcare professionals in Malaysian paperless hospitals. They are usually only given verbal guidelines on ethics in the early stages of their training. Lessons on the computerized systems are usually given by senior staff in the wards.

As stated before, currently, there are two fully operational paperless hospitals in Malaysia. These hospitals fully rely on computer information systems to improve their operations efficiency. Here we describe the design of an ethical framework for healthcare professionals involved in handling computer-based information in these hospitals.

The design began with a draft framework of code of ethics for healthcare professionals, derived from a literature review on ethics related to them. The draft framework was incorporated in questionnaires, distributed randomly to healthcare professionals. The respondents were interviewed after completing the survey and many of their comments were directed to specific items in the survey. The research identified five major code of ethics, namely confidentiality, information protection, password management, computer usage and Internet usage. It is hoped that this ethical framework will guide healthcare professionals to act in an ethical manner, while using the medical information system in paperless hospitals. It is also important in their interactions with patients, colleagues and authorities, as well as in the conduct of medical research.

Ethics among hospitals’ staff is important in order to make sure the success of these healthcare institutions and to earn customers’ trust. Research shows that there have been cases of healthcare professionals facing ethical dilemma while handling their patients’ information. If these problems are not taken care of, the concerned hospitals can receive a bad reputation.

However, here it deserves a mention that ethics is not about rules but about ‘codes of conduct’. Ethics can be defined as the system of moral principles that have graduated to become standards for professional conduct. Ethics is about behaviour and about ways of thinking, especially in situations where our choice can affect the dignity and well being of others. Because ethical behaviour implies free choice, it cannot be captured or condensed in a rule. This involves the challenge in its implementation. It is impossible to force adherence to an ethical standard: the notion of coercion itself is foreign to it. But individually we can make a promise to abide by them.


Figure 1 shows how the research was being conducted. The research process consists of four phases. First, a comprehensive literature search was conducted to compile codes recommended by several organizations, as well as those suggested in various articles and publications. Then, those codes were compiled into a questionnaire form where respondents validated the codes by indicating whether it was accepted and can be applied in their working area. An exploratory study was conducted to ensure that the questionnaire was as clear as possible and would be able to measure what it was supposed to measure. Besides improving the questionnaire, the feedback and the data collected were used to provide some initial view of codes needed in the hospitals.

Second, hospitals using computer-based information system in handling their patients’ information were identified. The finalized questionnaire was distributed to the healthcare professionals in those hospitals. The research uses a Multiple Perspective Method by Linstone (1993) to get multiple views of the codes from three ‘lenses’- technical view, organization view, and personal view of ethics. There is personal ethics, technical ethics and organization ethics in an organization. But, there is no code that can be used by these three groups. So, the research combined all codes which can be practiced by these groups. Figure 2 (in page 36) will show the relationship between the ethics and the practitioners.

Final Code of Ethics Framework


A practitioner must�

1.ensure that ONLY authorized individuals have access to the patient’s information system.
2.maintain confidentiality of privileged information and use discretion in sharing information among the practitioners.
3.not disclose identifiable information about patient’s health status, medical condition, diagnosis, prognosis and treatment, and all other information of a personal kind, even after the patient has died. Exceptionally, the patient’s relatives may have a right of access to information that would inform them of their health risks.
4.not disclose information about a patient, except to other practitioners who are
involved with the given patient’s care.
5.not disseminate, or provide misleading patient’s information
6.ONLY disclose confidential information if the patient gives explicit consent, or if it is expressly required by law, provided that the requirement is authenticated.

II.Data Protection

A practitioner must

1.process patient’s information fairly and lawfully.
2.obtain patient’s information ONLY for official purposes such as for education and any medical work, with the permission from the person in charge.
3.keep and up to date the patient’s information.
4.prevent unauthorized creation, alteration, or destruction of patient’s information.
5.keep the patient’s information secure.
6.consider carefully the content to be entered into the computer system

III.Password Management

A practitioner must

1.have user-ID account and password to access the computer system.
2.memorise his/her user-ID account and password and not write down and leave it in a place, where unauthorized persons might discover them.
3.change the password whenever an unauthorized party has compromised
the system.
4.change the password regularly, at least once every four months, to avoid other people using it to access the computer system.
5.brief the importance of user-ID account and password to other staff, and the manner in which they are to be used and protected
6.keep his/her user-ID account and password confidential and not share it with
other staff.

IV. Computer Use

A practitioner must

1.not use the computer system for non-official purposes such as playing games, chatting, or sending an email which is not related to work.
2.make sure that the patient’s information system has been logged out, before leaving the computer
3.have access to ONLY specific patient’s information for specific purpose
4.not download any software into the system without permission
5.ONLY use or install licensed copyright protected materials in the system with the permission of the person in charge.
6.not copy any patient’s information from the computer system without permission.

V. Internet Use

A practitioner must

1.not use personal e-mail (such as TMNet and Jaring) for official matters unless with the permission of the person in charge.
2. ONLY surf or browse information through World Wide Web (WWW) that is related to his/her job.

In the figure, the physicians include the medical officer, medical assistant, nurses, and attendants. Here administrative include the staff in record department and the IT personnel are those who work in the IT department.

The Ethical Framework

The chart in page 35 represents the final code of ethics framework, which resulted from this study. The hospitals’ analysis of the data and information from the interviews resulted in the elimination of three codes. Several codes were combined because they addressed the same issues and were related to each other. The final outcome is a list of 26 codes that are essential to guide the ethical manner of handling patients’ computer-based information system. This code may assist other organizations to come out with their code of ethics in handling computer-based information in paperless hospitals.


Since Malaysia is moving towards paperless hospitals, this research endeavours to come out with an effective framework of code of ethics for practitioners, for handling patients’ information system. Linstone’s Multiple Perspective Method was used to analyse the code as it is useful for organizing a description, to aid in understanding of all points of views.

The ethical framework describes to the practitioners what is expected of them, whilst performing their duty. This way the role of the practitioner is clearly put in perspective. Patients can be confident that they will receive quality care and their rights will not be violated in anyway. Without such a framework, it will be difficult to determine the moral obligation of the practitioner towards the patient. The framework is to ensure that the quality of care is not compromised, and hence can facilitate to improve clinical effectiveness, which is one of the aims of any health authority.


Medical information is considered confidential because it is related to people’s life. No matter who are the patients, whether they are artists, ministers, or students, disclosure of sensitive health information can influence their lifestyles, and other people’s perceptions about them. That is why the ethical framework is very important in preventing the revealing of confidential medical information.

It is hoped that this proposed ethical framework can be used to let the practitioners act in a manner which recognize their responsibilities towards society. The framework also demands that the healthcare personnel display great professional ethics, and also entails that a mechanism exists to protect society from those healthcare personnel who do not, or cannot, live up to these responsibilities.


1. Dato’ Seri Dr. Mahathir Mohamed. “Malaysia-The Way Forward”. Paper presented at the Inaugural Meeting of the Malaysian Business Council on 28 February 1991.

2. Hayden Wetzel, Malaysia Country Commercial Guide FY 2003: Leading Sectors, html. Accessed January 16, 2006.

3. Dr. David Seth Preston and Uma Devi Kanagaratnam, University of East London,
Accessed February 28, 2006.

4. Code of Professional Conduct , 1971, Ministry of Health, Malaysia

5. Code of Conduct for Nurses, 1998, Ministry of Health, Malaysia

6. Medical Ethics Manual, 2005. World Medical Association (WMA)

7. Ethical Principles for Medical Research Involving Human Subjects, 2004. World Medical Association Declaration of Helsinki

8. John S. Ash, Paul N. Gorman, Mary Lavelle, and Jason Lyman. Multiple Perspective on Physician Order System.


Follow and connect with us on Facebook, Twitter, LinkedIn, Elets video