Mon, Nov 10, 2025
[Archive]
1- Assisstant Professor of medical Educational ,Department of e-Learning in Medical Sciences ,School of Medical Education and Learning Technologies,Shahid Beheshti University of Medical Sciences, Tehran, Iran , mirmoghtada@sbmu.ac.ir
Abstract: (15 Views)
The quick digital transformation of healthcare and medical education has made electronic health data, online learning platforms, and digital communication tools easier to get to than ever before. These improvements have made it easier for people to get an education, but they have also made it more likely that patient data will be shared without permission. Patient data is inherently sensitive in medical education, and unauthorized disclosure can significantly compromise the welfare of patients, the integrity of medical personnel, and the credibility of institutions [1]. Consequently, the protection of patient data has become a fundamental ethical and professional duty in medical education [2].
As more and more people use Electronic Health Records (EHRs) and online resources for learning and clinical training, it is even more important to protect patient privacy, keep data safe, and hold people accountable. Medical students and educators who have access to this information need clear instructions on how to use it responsibly. The Acceptable Use Policy (AUP) gives schools a set of rules for how to use information systems and data in the classroom [3]. AUP lists what users can and can't do, what they are responsible for, and what will happen if they break the rules, especially when it comes to sensitive patient data.
AUP helps keep data from getting out, stops people from using it in ways that aren't right, and helps people make ethical choices about patient privacy. An AUP might say, for example, that medical students can only look at EHRs with permission and supervision [4]. This policy is more than just a technical safeguard; it is also part of professional and ethical training for doctors. In a lot of places, the law sets the rules for global AUP principles. For example, the Health Insurance Portability and Accountability Act (HIPAA) in the United States stops people from getting to protected electronic health information in the wrong way by using protections like data minimization and required training [5].
But in Iran, there are still problems because there aren't enough national standards and hospitals don't do enough to manage risks. Problems like students getting into EHRs without permission and institutions not always following their own rules show that there are gaps in oversight [6, 7]. Iran needs detailed and localized AUP policies based on international data protection principles. This is different from the GDPR, which focuses on clear consent and data minimization, and South Africa's POPIA, which focuses on awareness and device control. New technologies like blockchain and artificial intelligence can help keep information private and stop it from being accidentally shared [6, 7].
To deal with these problems, medical schools should use AUP not just as a set of rules, but also as part of the curriculum. Teaching students about ethical responsibility when it comes to handling data from the very beginning of their education helps them remember it. This method creates professionals who are not only good at their jobs but also good at protecting patient privacy and information security.
As a result, it is advised that every medical university form a special committee to plan, develop, instruct, and oversee the application of AUP. A committee like this can guarantee that rules are applied correctly and in the right context. AUP is not just administrative; it is an ethical requirement in a world where digital technologies are being incorporated into medical education more and more.
As more and more people use Electronic Health Records (EHRs) and online resources for learning and clinical training, it is even more important to protect patient privacy, keep data safe, and hold people accountable. Medical students and educators who have access to this information need clear instructions on how to use it responsibly. The Acceptable Use Policy (AUP) gives schools a set of rules for how to use information systems and data in the classroom [3]. AUP lists what users can and can't do, what they are responsible for, and what will happen if they break the rules, especially when it comes to sensitive patient data.
AUP helps keep data from getting out, stops people from using it in ways that aren't right, and helps people make ethical choices about patient privacy. An AUP might say, for example, that medical students can only look at EHRs with permission and supervision [4]. This policy is more than just a technical safeguard; it is also part of professional and ethical training for doctors. In a lot of places, the law sets the rules for global AUP principles. For example, the Health Insurance Portability and Accountability Act (HIPAA) in the United States stops people from getting to protected electronic health information in the wrong way by using protections like data minimization and required training [5].
But in Iran, there are still problems because there aren't enough national standards and hospitals don't do enough to manage risks. Problems like students getting into EHRs without permission and institutions not always following their own rules show that there are gaps in oversight [6, 7]. Iran needs detailed and localized AUP policies based on international data protection principles. This is different from the GDPR, which focuses on clear consent and data minimization, and South Africa's POPIA, which focuses on awareness and device control. New technologies like blockchain and artificial intelligence can help keep information private and stop it from being accidentally shared [6, 7].
To deal with these problems, medical schools should use AUP not just as a set of rules, but also as part of the curriculum. Teaching students about ethical responsibility when it comes to handling data from the very beginning of their education helps them remember it. This method creates professionals who are not only good at their jobs but also good at protecting patient privacy and information security.
As a result, it is advised that every medical university form a special committee to plan, develop, instruct, and oversee the application of AUP. A committee like this can guarantee that rules are applied correctly and in the right context. AUP is not just administrative; it is an ethical requirement in a world where digital technologies are being incorporated into medical education more and more.
Keywords: Medical education, Acceptable Use Policy, health data, Patient privacy, Health Information, Professional Ethics, Data Protection
Send email to the article author
| Rights and permissions | |
 |
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
