Information protection encompasses privacy, confidentiality and security issues. These terms are often used interchangeably although there are some important distinctions.

Privacy refers to the right of a person to control who has access to their personal information and under what circumstances.

Confidentiality refers to a third party's obligation to ensure that only authorized users' have access to personal health information. In other words, confidentiality speaks to organizational responsibilities while privacy refers to individual rights.

Security is characterized as the preservation of the confidentiality, integrity, and availability of personal health information. Information security is achieved by putting into place relevant physical, technical, and organizational policies, procedures and measures.

Personal health information is defined as information, in any form, about an identifiable individual or group that relates to:

• an individual or group's health or health care history, including genetic information
• the provision of health care to the individual or group
• an individual or group's personal health identification number or other unique identifier