In a letter to Dr. David Blumenthal, the Department of Health and Human Services' national coordinator for health information technology, several preliminary recommendations have been made that set the stage for healthcare delivery organizations to address privacy and security concerns when they electronically exchange patient health information to meet stage 1 meaningful use requirements.
The 19-page letter, dated August 19, was authored by members of the Privacy and Security Tiger Team, a workgroup that advises the HIT Policy Committee on privacy and security issues relating to patient data.
The letter recommends that the HIT Policy Committee adopt the guidelines set out in the Fair Information Practices (FIP), a set of codes established in 1973 to provide safeguards for personal privacy. The Tiger Team said healthcare providers and third-party service organizations should follow FIP codes as they implement health IT such as electronic health records (EHRs) that will be used to exchange patient information.
"This overarching set of principles, when taken together, constitute good data stewardship and form a foundation of public trust in the collection, access, use, and disclosure of personal information," the letter said.
The letter continued: "We used the formulation of FIPs endorsed by the HIT Policy Committee and adopted by [Office of the National Coordinator] in the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information."
The principles outlined are:
Individual Access -- Individuals should be provided with a simple and timely means to access and obtain their individually identifiable health information in a readable form and format.
Correction -- Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied.
Openness and Transparency -- There should be openness and transparency about policies, procedures, and technologies that directly affect individuals and/or their individually identifiable health information.
Individual Choice -- Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information. (This is commonly referred to as the individual's right to consent to identifiable health information exchange.)