The general standards of ethical behavior and professionalism apply to all healthcare providers.  They are expected to adhere to ethical standards set by professional organizations based on a core set of ethical principles, as well as meet the legal requirements of their profession set forth by federal, state, and local governments. 

What Is Professionalism?

Professionalism refers to behaving in accordance with generally accepted ideas of appropriate conduct within a specific profession. For example, HIT professionals working with healthcare data systems, professionalism includes staying current with technological changes that affect how systems are used in healthcare. An example of professionalism in health informatics is becoming familiar with the ideas expressed in the ethical codes written by health informatics organizations. Another example is taking continuing education classes to maintain the skills necessary to perform work-related duties.

Sources of Ethics Standards

The ethical and professional standards of a profession in a healthcare field come from a variety of sources.

A diagram shows three boxes, labeled Professional Organizations, Federal Agencies, and Laws, pointing downward to a box labeled Ethics StandardsCC-BY by Vivian Todhunter/CAST.

Professional Organizations

Major sources of standards are the codes of ethics written by health informatics and HIT professional societies such as the following:

  • American Health Information Management Association (AHIMA): Members of this organization are involved with the management of health information, generally with clinical or public health data systems. [3]
  • American Medical Informatics Association (AMIA): This organization includes informatics professionals who are involved with the science of informatics as applied to biomedicine and health. [4]
  • International Medical Informatics Association (IMIA): This organization serves as a bridge organization to bring together other organizations that support the improvement of healthcare, bioscience, and medicine worldwide through the application of information science. [5]
  • Health Information and Management Systems Society (HIMSS): This organization is focused on providing leadership for the adoption and use of information technology and management systems for improving healthcare. [6]

Federal Agencies

Divisions of the federal government such as the Office of the National Coordinator for Health Information Technology (ONC) have added to the body of knowledge about appropriate practices and are sources of ethics and professional standards. [7]


A back-and-forth interaction takes place between the ethical ideals, professional standards, and legal requirements that apply to HIT professionals. The privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA) are part of a law but are also important sources of professional standards. The Health Information Technology for Economic and Clinical Health Act, or HITECH, widens the scope of privacy and security protections available under HIPAA and increases the potential legal liability for noncompliance. [2]

In addition, local, state, and federal laws set standards that may overlap, exceed, or even conflict with ethical duties.

did I get this

Four Ethical Duties of Health Informatics Professionals

The various professional organizations that set standards for how health informatics professionals perform their work have generated ethical standards, or duties, that can be summarized into four general categories. Although specific to health informatics professionals, the ethical duties apply equally well to other HIT professionals.

The four ethical duties of health informatics professionals are to

  1. Represent credentials accurately
  2. Protect patient privacy, including the related ideas of confidentiality and security
  3. Respect patients, employers, and coworkers
  4. Respond to unethical practices by others

1. Representing Credentials Accurately

One of the ethical duties in the AHIMA code of ethics is the obligation to accurately represent one’s credentials. Similarly, the IMIA code of ethics says, “Except in emergencies, health informatics professionals should only provide services in their areas of competence; however, they should always be honest and forthright about their education, experience or training.” [5] For example, informatics professionals should not pad their résumés by overstating their education, experience, or capabilities. They should not take on projects they are not qualified to perform—not even when, as often happens, employers or others expect them to be able to provide services outside the scope of their specialized training. In addition, they should correct any inaccuracies that may occur. These duties are owed to employers, patients, and the general public.

2. Protecting Privacy, Confidentiality, and Security

Both AHIMA and IMIA place privacy in the number one position on their lists of ethical duties for health informatics professionals. According to several codes of ethics, the principle of respect for privacy means that health informatics professionals must keep patients’ information both confidential and secure. Confidentiality requires that the informatics professional not improperly disclose information, and security requires that the professional take appropriate measures to protect the information from being inappropriately accessed by others.

In addition to protecting patient information, the duty to respect privacy includes an obligation to advocate for laws about protecting patients’ health information. It also includes a duty to promote the values of confidentiality and security to colleagues.

3. Respecting Patients, Employers, and Coworkers

The AHIMA code of ethics makes a strong statement about the duties owed to others. It states that a health informatics professional should “respect the inherent dignity and worth of every person.” [3]

The code provides guidelines to help clarify how this lofty ideal can be put into action. Its guidelines state that all people should be treated respectfully and equitably. The duty to respect the dignity and worth of each person includes many obligations to patients, coworkers, and employers.

Duties Owed to Patients

The duties of a health informatics professional to patients are based on the same four core ethical principles that apply to all healthcare professionals: respect for autonomy, beneficence, nonmaleficence, and justice. As stated in the IMIA code of ethics, the four general principles are defined as follows:

  • The principle of autonomy implies that all people have a fundamental right to self-determination. In the healthcare setting, respect for autonomy means that healthcare professionals must recognize that patients have the right to make their own treatment decisions based on their individual preferences and beliefs. Healthcare providers must not put excessive pressure on patients to make a particular choice or submit to treatments. The principle of respect for autonomy is the ethical basis for the concept of informed consent. Informed consent means that the patient knows, understands, and accepts the risks and benefits of treatment.
  • The principle of beneficence means that all people have a duty to advance the good of others as long as the nature of that good is in keeping with ethically defensible values. This principle simply means that healthcare providers should do things that benefit the patient. This includes both actions meant to prevent problems and actions to address problems the patient is already experiencing.The idea of beneficence is commonly recognized as one of the main purposes of healthcare. Beneficence is applied at the level of individuals and the level of populations. For example, giving antibiotics to a patient with pneumonia applies the principle of beneficence at the individual level. Giving elderly patients the opportunity to be vaccinated against pneumonia applies the principle at a population level.
  • The principle of nonmaleficence is the principle that all people have a duty to prevent harm to others insofar as they can do so without undue harm to themselves. Nonmaleficence is the expectation that healthcare professionals will not intentionally injure a patient. Medical students learn the famous saying that doctors should “first, do no harm.” There are two types of nonmaleficence acts: acts of commission and acts of omission. An example of an act of commission is giving a patient a drug for the sole purpose of harming the patient. Acts of omission might be less obvious. An example is intentionally withholding a drug from a patient who is expected to benefit from the drug.
  • The principle of justice is that all people are equal and have a right to be treated accordingly. Distributive justice is the idea that if resources are scarce, they will be allocated in a fair manner. How distributive justice should be implemented is controversial in our society. [5]

The AMIA code of ethics says that patients have the right to know about the existence of electronic records containing their personal medical data. It says informatics professionals should not mislead patients about how these data are used. They should truthfully answer all patient questions about their rights to review and revise their own medical data. In addition, informatics professionals should be helpful when a patient wishes to exercise those rights.

Informatics professionals should ensure that medical data are maintained in a secure, reliable, manner. Further, the code says that medical data should never be used for purposes “outside the stated purposes, goals, or intents of the organization responsible for these data.” In addition, the data of all patients should be treated with equal care, respect, and fairness. These are just a few examples of the duties owed to patients. [8]

Duties Owed to Employers

According to the IMIA code of ethics, among the general duties that informatics professionals owe to their employers are competence, diligence, integrity, and loyalty. In addition, health informatics professionals must ensure that all processes are performed to the highest possible standards and that all requirements and standards regarding security are met. The code also says that informatics professionals should have systems for reviewing their processes and practices to make sure they are current and effective.

Duties Owed to Coworkers

In many workplaces, informatics professionals work with doctors, nurses, and other healthcare providers who are their coworkers, not their employers. According to the IMIA code of ethics, healthcare providers have a right to depend on the technological skills of health informatics professionals to help them meet their own professional obligations to patients. Therefore, informatics professionals have an ethical duty to assist healthcare providers “insofar as this is compatible with the [health informatics professionals’] primary duty towards the subjects of the electronic records.” [5]

The code lists practical examples of these obligations. They include ensuring that healthcare providers have timely and secure access to usable, high-quality electronic records. [5]

4. Responding to Unethical Practices

According to the IMIA and AHIMA codes of ethics, it is not enough to simply refrain from unethical behavior. Health informatics professionals have ethical duties to discourage others from unethical behavior, to correct ethical problems when they occur, and to expose the unethical practices of others.


People who report unethical or illegal practices are sometimes called whistleblowers. The obligation to report unethical practices can result in some challenging situations. The duty to report a coworker’s unethical behavior can result in mental or emotional conflicts about difficult issues such as loyalty. It can result in retaliation, ranging from getting the cold shoulder from coworkers to loss of promotions or raises and even physical assault.

Many laws provide protection for people who report unethical practices. However, they apply only under certain circumstances, and proving retaliation may be difficult. [9]

Conflicts of Interest

Another aspect of professionalism is to avoid or report conflicts of interest. A conflict of interest arises when a person is faced with a situation in which a primary interest conflicts with a secondary motivation. Primary duties include ethical and legal requirements, such as the obligation to keep patient information private. Secondary motivations are personal interests such as the opportunity for financial gain.

  • A conflict of interest is a set of circumstances that creates a risk that professional judgment or actions regarding a primary interest will be unduly influenced by a secondary interest. [10]
A Friend Asks a Favor

Imagine a situation in which patients are supposed to receive medical appointments in the order in which their information was placed in a database. A close friend of the scheduling clerk is far down on the list and asks to be moved up to an earlier appointment. In this situation, the clerk’s primary duty is to treat all patients on the list fairly. However, the personal motivation of friendship provides a strong emotional pull in the direction of making an exception for the friend.

Any potential conflict of interest should be disclosed to appropriate parties. In this example, it might be appropriate for the clerk to disclose this conflict to a supervisor and assure the supervisor that the proper protocol will be observed.

did I get this


  1. Hoyt, R. E., and Ann, K. Y. (2014). Health Informatics: Practical Guide for Healthcare and Information Technology Professionals.Informatics Education. Raleigh, NC. Edition 6th.
  2. Health IT Workforce Curriculum, Version 3.0 (2012). Component 2, The Culture of Healthcare. Unit 8, Ethics and Professionalism. This material, Comp2_Unit8, was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000024.
  3. American Health Information Management Association (2011). American Health Information Management Association Code of Ethics.
  4. Hurdle, J. F., Adams, S., Brokel, J., Chang, B., Embi, P., Petersen, C., Terrazas, E., and Winkelstein, P. (2007). “A Code of Professional Ethical Conduct for AMIA.” Journal of the American Medical Informatics Association. Volume 14. Number 4. 391–393 Pages.
  5. International Medical Informatics Association (2011). The IMIA Code of Ethics for Health Information Professionals.
  6. Health Information and Management Systems Society (2014). Frequently Asked Questions.
  7. Office of the National Coordinator for Health Information Technology, US Department of Health and Human Services (2011). About ONC.
  8. American Medical Informatics Association (2010). Biomedical Informatics Core Competencies.
  9. Ethics Resource Center (2010). Blowing the Whistle on Workplace Misconduct.
  10. Institute of Medicine (2009). Conflict of Interest in Medical Research, Education, and Practice. National Academies Press. Washington, DC.