Health-Care IT: 8 Privacy Principles

17 Dic Health-Care IT: 8 Privacy Principles

CRN, NY, By Chad Berndtson, December 16, 2008

The benefits of health-care IT are by now well-established, especially for digital patient records, a more facile exchange of information and the easier analysis of medical data. But technology’s role in both improving care and bringing down costs to make health-care delivery more efficient won’t come to fruition until the security piece is solved, said U.S. Secretary of Health and Human Services Michael Leavitt on Monday. In a keynote address to the Nationwide Health Information Network Forum in Washington, D.C., this week, Leavitt identified eight privacy principles—all of which must be addressed if the ideal of a national, interoperable digital health-care network is to be realized, he said. “Finding the balance between increased access to information and privacy is very important,” Leavitt said. “If we don’t have it, we won’t succeed. Consumers shouldn’t be in a position to have to accept privacy risks they don’t want. Each consumer should be able to choose products and services that best fit their health needs and privacy preferences.” Leavitt described the eight principles as the following: 1. Individual access, in that consumers should be provided with a simple and timely means to access and obtain their personal health information in a readable form and format. 2. Correction, in that consumers should be provided with a timely means to dispute the accuracy or integrity of their personal identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. Consumers should also be able to add to and amend personal health information in products controlled by them such as personal health records. 3. Openness and transparency, in that consumers should have information about the policies and practices related to the collection, use and disclosure of their personal information. 4. Individual choice, in that consumers should be empowered to make decisions about with whom, when, and how their personal health information is shared (or not shared). 5. Collection, use, and disclosure limitation, in that it is important to limit the collection, use and disclosure of personal health information to the extent necessary to accomplish a specified purpose. 6. Data integrity, that those who hold records must take reasonable steps to ensure that information is accurate and up-to-date and has not been altered or destroyed in an unauthorized manner. (Of course the Health Insurance Portability and Accountability Act—HIPAA—provides consumers that right, but this principle should be applied even where the information is not covered by the rule, Leavitt added.) 7. Safeguards, in that personal identifiable health information should be protected with reasonable administrative, technical and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use or disclosure. 8. Accountability, in that those who break rules and put consumers’ personal health information at risk must not be tolerated. Consumers need to be confident that violators will be held accountable. “Consumers need an easy-to-read, standard notice about how their personal health information is protected, confidence that those who misuse information will be held accountable and the ability to choose the degree to which they want to participate in information sharing,” Leavitt emphasized. In his keynote, Leavitt also introduced the “Leavitt Label”—a tool to help consumers quickly compare personal health record (PHR) products as they would nutritional information on food packages. As vendors such as Google, Microsoft and other industry giants wade into PHR debates with products such as Google Health and Microsoft HealthVault, it’s important for consumers to be able to assess benefits of each PHR and decide for themselves how their personal health information is to be managed in a digital environment.