Information and Organization ( IF 5.7 ) Pub Date : 2023-02-14 , DOI: 10.1016/j.infoandorg.2023.100455 Chad Anderson , Richard Baskerville , Mala Kaul
Information privacy is increasingly important in our digitally connected world, particularly in healthcare, and privacy regulations are ramping up to promote appropriate privacy practices. As a digital platform that enables healthcare providers to exchange protected health information (PHI), a health information exchange (HIE) is governed by health information privacy regulations. The challenge for HIEs is to operate in a way that will maximize information exchange while maintaining compliance with regulations that may constrain the sharing of PHI. Regulations impose a measure of universality through compliance requirements, while being flexible to allow adaptation to the local context. However, our longitudinal case study into the privacy policies of an HIE, demonstrates that the journey of privacy ideas from their original formulation in regulations, to their ultimate enactment in an organizational setting, is accompanied by translations, such that the final implementation may vary extensively from its original form. Such variability often results in interpretations that differ from what the regulators intended. Consequently, translation guardrails are necessary to protect against problematic translations of regulatory ideas which could lead to compliance issues and loss of platform participation. Our findings offer two contributions. First, we contribute to the compliance literature by explaining how guardrails can balance the use of permission and obligation schemas which are necessary to translate regulations into effective organizational policies for the success of HIEs and other information exchange platforms. Second, we contribute to extending translation theory by explaining how pragmatic reasoning schemas function as the mechanism through which translation of regulations occurs.
中文翻译:
通过翻译护栏管理对隐私法规的遵守:健康信息交换案例研究
信息隐私在我们的数字连接世界中越来越重要,特别是在医疗保健领域,隐私法规正在逐步加强以促进适当的隐私实践。作为使医疗保健提供者能够交换受保护的健康信息 (PHI) 的数字平台,健康信息交换 (HIE) 受健康信息隐私法规的约束。HIE 面临的挑战是以一种最大化信息交换的方式运作,同时保持对可能限制 PHI 共享的法规的遵守。法规通过合规要求施加一定程度的普遍性,同时具有灵活性以适应当地情况。然而,我们对 HIE 隐私政策的纵向案例研究,证明了隐私理念从最初在法规中的制定到在组织环境中的最终实施的过程伴随着翻译,因此最终实施可能与其原始形式有很大不同。这种可变性通常会导致与监管机构意图不同的解释。因此,翻译护栏是必要的,以防止有问题的监管想法翻译,这可能导致合规问题和平台参与的损失。我们的发现提供了两个贡献。第一的,我们通过解释护栏如何平衡许可和义务模式的使用来为合规性文献做出贡献,这些模式对于将法规转化为有效的组织政策以实现 HIE 和其他信息交换平台的成功是必要的。其次,我们通过解释语用推理模式如何作为规则翻译发生的机制来为扩展翻译理论做出贡献。