Health Data Privacy Recommendations Balance Security, Accessibility - InformationWeek
Healthcare // Analytics
10:40 AM

Health Data Privacy Recommendations Balance Security, Accessibility

Advisers detail how health information exchanges should ensure safety and accuracy of patient medical information while still complying with meaningful use requirements.

Image Gallery: African Hospital Digitizes Medical Records
(click for larger image and for full photo gallery)
Collection, Use, and Disclosure Limitation -- Individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately.

Data Quality and Integrity -- Persons and entities should take reasonable steps to ensure that individually identifiable health information is complete, accurate, and up-to-date to the extent necessary for the person's or entity's intended purposes and has not been altered or destroyed in an unauthorized manner.

Safeguards -- Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.

Accountability -- These principles should be implemented, and adherence assured, through appropriate monitoring, and other means and methods should be in place to report and mitigate non-adherence and breaches.

The Tiger Team's letter specifically noted that its list didn't include policies around the concepts of remedies or redress, although it is arguably implicit in the principle of accountability. "As our work evolves toward a full complement of privacy policies and practices, it likely will be important to further spell out remedies as an added component of FIPs," the letter said.

The authors also recommend that third-party service organizations may not collect, use, or disclose personally identifiable health information for any purpose other than to provide the services specified in the contract with the data provider. These organizations should also retain a patient's health information only for as long as necessary to provide the functions specified in the contract with the data provider.

On the issue of accountability, the Tiger Team recommends that the responsibility for maintaining the privacy and security of a patient's record rests with the patient's providers.

Turning its attention to improvements in technology to better safeguard patient privacy, the letter stated that in a digital environment, robust privacy and security policies should be strengthened by innovative technological solutions that can better protect data.

"This includes requiring that electronic record systems adopt adequate security protections (like encryption, audit trails, and access controls), but it also extends to decisions about infrastructure and how health information exchange will occur. The Tiger Team's future work will also need to address the role of technology in protecting privacy and security," the authors said.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll