US sets out privacy principles for EHRs

  • 7 January 2009

The US Department of Health and Human Services has published new privacy guidelines for electronic health records (EHRs), based on providing citizens with the ability to choose how far they want to share information.

The new guidelines set out eight principals, desigend to facilitate the adoption of electronic health records by providing a consistent approach to questions of privacy and defining the responsibilities of those who have access to them.

The principles address issues of patient access; correction of records; openness and transparency; patient choice; limitations to the collection, use, and disclosure of personal health information; data integrity; safeguards; and clear accountability arrangements.

In a December announcement, outgoing Health and Human Services Secretary Mike Leavitt said: “Finding the balance between increased access to information and privacy is very important. If we don’t have it, we won’t succeed.”

Leavitt added: “Consumers shouldn’t be in a position to have to accept privacy risks they don’t want. Each consumer should be able to choose products and services that best fit their health needs and privacy preferences.”

"Consumers need an easy-to-read, standard notice about how their personal health information is protected, confidence that those who misuse information will be held accountable, and the ability to choose the degree to which they want to participate in information sharing."

The eight principals published by HSS are:

  • Individual access – Consumers should be provided with a simple and timely means to access and obtain their personal health information in a readable form and format.
  • Correction – Consumers should be provided with a timely means to dispute the accuracy or integrity of their personal identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. Consumers also should be able to add to and amend personal health information in products controlled by them such as personal health records (PHRs).
  • Openness and transparency – Consumers should have information about the policies and practices related to the collection, use and disclosure of their personal information. In addition, consumers should have reasonable opportunities to review who has accessed their personal identifiable health information and to whom it has been disclosed.
  • Individual choice – Consumers should be empowered to make decisions about with whom, when, and how their personal health information is shared (or not shared).
  • Collection, use, and disclosure limitation – It is important to limit the collection, use and disclosure of personal health information to the extent necessary to accomplish a specified purpose. This should balance the public good of collecting and analyzing health care data with ensuring personal health information is secured, deidentified when appropriate, limited in scope and protected wherever possible.
  • Data integrity – Those who hold records must take reasonable steps to ensure that information is accurate and up-to-date and has not been altered or destroyed in an unauthorised manner. This principle is tightly linked to the correction principle. A process must exist in which, if consumers perceive a part of their record is inaccurate, they can notify their provider.
  • Safeguards – Personal identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
  • Accountability – Compliance with these principles is strongly encouraged so that Americans can realise the benefit of electronic health information exchange. Those who break rules and put consumers’ personal health information at risk must not be tolerated. Consumers need to be confident that violators will be held accountable.

In addition, the HSS Secretary announced several tools to help consumers and health information exchanges advance toward privacy protection and consumer access to their information. This might include a ‘label’, to allow consumers to quickly compare personal health record products.

President-elect Barack Obama has promised to invest in the development of electronic health records as part of his planned programme of public works to jump-start the US economy.

Link

HSS

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

This edition of Coffee Time Briefing includes the launch of 14 NIHR HealthTech Research Centres and a new AI-powered food diary app.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

This Coffee Time Briefing includes a call for countries to align health checks across borders through WHO’s Global Digital Health Certification Network.