Healthcare // Analytics
10:40 AM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Health Data Privacy Recommendations Balance Security, Accessibility

Advisers detail how health information exchanges should ensure safety and accuracy of patient medical information while still complying with meaningful use requirements.

Image Gallery: African Hospital Digitizes Medical Records
(click for larger image and for full photo gallery)
Collection, Use, and Disclosure Limitation -- Individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately.

Data Quality and Integrity -- Persons and entities should take reasonable steps to ensure that individually identifiable health information is complete, accurate, and up-to-date to the extent necessary for the person's or entity's intended purposes and has not been altered or destroyed in an unauthorized manner.

Safeguards -- Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.

Accountability -- These principles should be implemented, and adherence assured, through appropriate monitoring, and other means and methods should be in place to report and mitigate non-adherence and breaches.

The Tiger Team's letter specifically noted that its list didn't include policies around the concepts of remedies or redress, although it is arguably implicit in the principle of accountability. "As our work evolves toward a full complement of privacy policies and practices, it likely will be important to further spell out remedies as an added component of FIPs," the letter said.

The authors also recommend that third-party service organizations may not collect, use, or disclose personally identifiable health information for any purpose other than to provide the services specified in the contract with the data provider. These organizations should also retain a patient's health information only for as long as necessary to provide the functions specified in the contract with the data provider.

On the issue of accountability, the Tiger Team recommends that the responsibility for maintaining the privacy and security of a patient's record rests with the patient's providers.

Turning its attention to improvements in technology to better safeguard patient privacy, the letter stated that in a digital environment, robust privacy and security policies should be strengthened by innovative technological solutions that can better protect data.

"This includes requiring that electronic record systems adopt adequate security protections (like encryption, audit trails, and access controls), but it also extends to decisions about infrastructure and how health information exchange will occur. The Tiger Team's future work will also need to address the role of technology in protecting privacy and security," the authors said.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.