A new national privacy and security framework for HIT

The Office of the National Coordinator for Health Information Technology (ONCHIT) issued a paper Monday called The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The summary states that the framework creates a set of consistent principles to:

. .address the privacy and security challenges related to electronic
health information exchange through a network for all persons,
regardless of the legal framework that may apply to a particular
organization. The goal of this effort is to establish a policy
framework for electronic health information exchange that can help
guide the Nation’s adoption of health information technologies and help
improve the availability of health information and health care quality.
The principles have been designed to establish the roles of individuals
and the responsibilities of those who hold and exchange electronic
individually identifiable health information through a network.”

Along with the Nationwide Privacy and Security Framework the Department of Health and Human Services (HHS) has issued The Health IT Privacy and Security Toolkit. The Toolkit includes new HIPAA Privacy Rule guidance documents developed by the ONCHIT and the Office for Civil Rights (OCR) to help facilitate the electronic exchange of health information.

Of particular interest to many interested in PHRs will be the OCR’s guidance on Personal Health Records and the HIPAA Privacy Rule and the draft Draft Model Personal Health Record (PHR) Privacy Notice & Facts-At-A-Glance (the “Leavitt Label”).

The Toolkit provides information and guidance focused around these key areas:

  • Individual Access PrincipleIndividuals
    should be provided with a simple and timely means to access and obtain
    their individually identifiable health information in a readable form
    and format.
  • Correction PrincipleIndividuals
    should be provided with a timely means to dispute the accuracy or
    integrity of their individually identifiable health information, and to
    have erroneous information corrected or to have a dispute documented if
    their requests are denied.
  • Openness and Transparency PrincipleThere
    should be openness and transparency about policies, procedures, and
    technologies that directly affect individuals and/or their individually
    identifiable health information.
  • Individual Choice PrincipleIndividuals
    should be provided a reasonable opportunity and capability to make
    informed decisions about the collection, use, and disclosure of their
    individually identifiable health information.
  • Collection, Use, and Disclosure Limitation PrincipleIndividually
    identifiable health information should be collected, used, and/or
    disclosed only to the extent necessary to accomplish a specified
    purpose(s) and never to discriminate inappropriately.
  • Data Quality and Integrity PrinciplePersons
    and entities should take reasonable steps to ensure that individually
    identifiable health information is complete, accurate, and up-to-date
    to the extent necessary for the person’s or entity’s intended purposes
    and has not been altered or destroyed in an unauthorized manner.
  • Safeguards PrincipleIndividually
    identifiable health information should be protected with reasonable
    administrative, technical, and physical safeguards to ensure its
    confidentiality, integrity, and availability and to prevent
    unauthorized or inappropriate access, use, or disclosure.
  • Accountability PrincipleThese
    principles should be implemented, and adherence assured, through
    appropriate monitoring and other means and methods should be in place
    to report and mitigate non-adherence and breaches.

I have only made an initial pass though the information and guidance documents. There is a lot to read and digest over the holidays. Please post in the comments your thoughts on the new federal principles and guidelines.

Bob Coffield is a health care lawyer who writes the Health Care Law Blog, where this post first appeared.

Categories: Uncategorized

Tagged as: , ,

1 reply »

  1. Identity theft has brought great tensions to the corporate world causing many companieslosses each year. Everyone is scared of their personal information not leaked out tosome strangers. Not only offices but individuals at home should also purchase onefor safety.